Lecture 10SynopsisCase OverviewWhat is a DoS attack?What is a firewall?Crisis managementHow did iPremier do?Questions, Break, PresentationFollow up infoSecurity measures institutedSlide 11ThoughtsTwo weeks later…Lecture 10The iPremier Company:Denial of Service Attack2Synopsis•Successful high-end retailer shut down by a distributed denial of service (DDoS) attack which occurs for 75 minutes•CIO Bob Turley coordinating from afar•Some leaders helpful, others not so helpful3Case Overview•Made-up case based on real events that have happened in various companies•Considers the management perspective of a DDoS attack•These are not common, but can be significant4What is a DoS attack?•Handshake between communicating computers•Can be defended if all from one recognized source•Distributed DoS more difficult to defend against5What is a firewall?•Combination of hardware and software to prevent unauthorized access to company’s internal computer resources•iPremier ‘not a real firewall’•Attack vs intrusion6Crisis management•Normal human responses?•What is at stake?•What principles should be followed?7How did iPremier do?•Recommendations –Before–During–After8Questions, Break, Presentation9Follow up info•A few hours later, iPremier announced publicly that they have been victim of DDOS attack–75 minutes, middle of night–Few customers inconvenienced–Would revisit already solid computer security•No conclusive evidence that intruders had tampered with production computer equipment•“Fingerprint” on files had not been kept up to date, so impossible to know extent of breach10Security measures instituted•Restart all production computer equipment sequentially without interrupting service to customers•File-by-file examination of every file on every production computer looking for evidence of missing data•Began study of how “digital signature technology” might be used to assure that files on production computers were the same files initially installed there•Expedited project aimed at moving to a more modern hosting facility•Modernized computing infrastructure to include more sophisticated firewall•Implemented secure shell access so that production computing equipment could be modified and managed from off site•Added disk space to enable more logging, leading to better information if this happened again•Trained more staff in use of monitoring software, and educated about security threats•Created incident-response team, practiced simulated attack•Began executive search for chief security officer•Instituted quarterly third-party security audits11Follow up info•Joanne Ripley recommends disconnecting all production computers and rebuild from scratch–Estimate 24 – 36 hours to complete–Documentation there, but things can go wrong•Heated debate over this suggestion–“only way to be sure”–“irresponsible to customers to do this” – hurt satisfaction–No evidence of compromise12Thoughts•Follow Ripley’s suggestion?•What should be disclosed13Two weeks later…•Call from FBI–Competitor MarketTop has been subject to a DDoS attack–Source of attack is within iPremier•Now what?–Shut down all?–Legal Issues–Credit Card Info could have been
View Full Document