The Ipremier Company

The iPremier Company Denial of Service Attack1. Company overviewThe iPremier is Web-based Commerce Company and established in 1996 by two founder students from Swarthmore College. The company is one of the top two retail businesses in online consummation which selling from vintage goods and to the luxury item. Its closely knows that during fiscal year 2006, iPremier has grabbed profit $2. 1 millions with sales of $32 million from their high-end customer.The company has also recorded with growth by 20% annually for the last tether years consecutive sales whereas back in late 1998, the companys history of line of reasoning price had nearly tripled, especially when the euphoria of the 1999, which the market is rose to tripling, prices. Its mean the company has strong silver position. The most interesting strategic is flexibility return policies which to allow customer to thoroughly examine the products sooner deciding whether to keep them.2. Management and cultureThe management at the company is build-up from the mix of talented youngster who been doglike from long time period and experiences managers who had been gradually recruited as the company grew. The recruiter team has focused on lettered technical background with knowhow in business environment especially business professionals with reputations for high performance. All employees adhere out subject to quarterly performance appraisal that tied directly to the compensation. Its competitive environments work, whereby unsuccessful managers result not last long.Company has standardized on its governing value in terms of discipline, professionalism, commitment to delivering results and partnership for achieving profits. iPremier orientation towards doing whatever it takes to get projects done on schedule, which is especially related with customer satisf sue orientation by providing benefit. Its essential in company to develop the competitiveness environment in arrange to compete the MarketTop as m ajor competitor. Therefore the R&D team should more creative to be advance by developing the related software require for the program to attract customer.3. iPremier IT Technical ArchitectureIn general, iPremier has busy Q-data for collocation facility where Internet datas pull up stakes store in out blood line scheme. The collocation facilities are sometime called Internet Data Center or simply hosting facilities. Q-data as partner will provide floor space, redundant power supplies, and high-speed connectivity to the Internet, environmental control and physical security. All these recognized as Network Operation Center for websites basis. Figure-1, sh experience the iPremier IT technical computer architecture arranging that include of firewall system to cheer a local network and the computers that could be a feature of against illegitimate access. pic Figure-1, iPremier IT Technical Architecture4. Case of Hacked January 12, 2007iPremier system has hacked by unknown intruder sending email in every second with message ha and locked the website that caused iPremier customer cant access. Its the first time iPremier through Q-data good time by unauthorized people. The chronology as follow 0430 am, as the approximately the first email received in Q-data letter box system and continued in every second, that could said ha.. ha.. ha.. a from anonymous source. Leon Ledbetter as the immature mathematical process staff was suggested by Joanne Ripley, technical consummation team leader, should report and bind an emergency call to the iPremier new CIO, Bob Turley on which being away from the HQ and just arrived in New York to meet with smother Street analysis. Bob Turley has give mesmerism to check the emergency routine in motion and make call operation staff in Q-data since he understood that iPremier has the right to get better run of monitoring 24/7. 439 am, the consolidation period to handle the case with fewer suggestion from other iPremier senior hi gh level management such as seeking the business operation standard (emergency procedure and business continuity excogitate), IT help desk, restarting the Web legion, pull the plug (physically disconnect to the conference line) and approach on body politic system that it maybe potentially targeted by hacker. 0527 am, restoration system period by trial and error approach on SYNCHRONIZEDSystem that related with the DoS system as the next step.There was something happened in SYN-ACT system which looks like SYN flood from multiple sites directed at the routers that runs the firewall dish ups. SYN-ACT is the Web host communication whereas all(prenominal) conversation begins with a sequence of handshake interaction. The computer system will initiate to send information to synchronize in the web server. The contacted Web server responds with a synchronized confess or SYN-ACT Theoretically, SYN flood is an attack on a Web server intended to make it bet a very large number of conv ersations that are being initiated in rapid succession.Because each interaction seems real traffic to the Web site whereas the Web server will automatically expands resources dealing with each one. By flooding the site, an attacker can effectively paralyze the Web server by try to start too many conversations with it. 0546 am, systems back to normal, the attack just stop without any action to be done. It seems DoS denial of service attack. The Web site is running, and customer who visits iPremier website wouldnt know anything since the hacked was stopped by own self.5. Answer the questionsQ-1 How well did this company perform during this attack? In general, iPremier seems not well prepare when hack has happened although the business operation standard i. e. emergency procedure and business continuity plan in ordered but misplaced due to in proper filing. There are few items highlighted from the case o No crisis management strategy which means there is no emergency procedure in moti on being set for business continuity plan whereby the current business operation standard is not in proper binder and out of date from the current use of technology No disaster recovery plans in place o Too much reliance on outsourcing o Never practice incident response o External factor that indirectly prompt to company Q-2 What should they have done differently, before or during the case? Before o iPremier should have chosen a better Internet Hosting business with better firewalls (software and hardware) be accessible 24/7, have their own technical support, keep logs of events, do regular system updates and backups. Standard Operating Procedures (SOP) in case of DoS attacks (as well as other technical problems), and have emergency response team ready to run away it as soon as possible. PR SOP for every crisis scenarios, and the PR team should have lively statements ready within the first couple of hours o Engaged the help of external Tiger police squad to test its systems a nd external audit company to do a security audit During the event o Follow suggestion by Joanne Ripley to disconnect all production computers and rebuild from scratch.They have documentations for that, minimal risk of something going wrong o Attempts to place a spyware/malware inside the companys systems through a thorough check on all files in the system o Release a ready statement to all stakeholders. Information flow on the companys effort to restore service to normal should be constant o Keep records of companys effort to overcome the threats and take care any other unusual activities in the systems, which will be useful for post-mortem o iPremier should alert and get help from relevant authorities o The aim of this effort is twofold Firstly, to defeat the threats to the companys systems as comprehensively as possible Secondly, to alert the authorities that the company is currently under attack by unknown attacker(s), and the company is not liable for any illegal activities t hat might have flow from the companys computers while the company is under attack Q-3 What should they do in the aftermath of the event? iPremier as virtual business company (Web-based Commerce) should do correction action plan with the following plain Provide accurate, reliable info about the status of the event o File-by-file examinationEvidence of absentminded dataBegin study of how digital signature technology might be used to assure that files on production computers were the resembling files initially installed thereRestart all production computer equipment sequentially without interrupting service to customersImplement secure shell access so that production computing equipment could be modified and managed from off sitePracticing simulated attack by nominated chore force incident response teamDefine the security requirements for the system, and then begin a process of reworking its security architecture accordinglyGet infrastructure up and running quickly by lease sophis ticated firewall, upgrade and up-to-date OS as well as Security PolicyEstablish secure encrypted tunnel through Virtual Private business Q-4 What, if anything, should they say to customers, investors, and the worldly concern about what has happen?In Information Technology and System business that moral principle in information society is important which affect to the responsibility, accountability and liability of the company, especially where the Company has public registered. Its therefore iPremier senior high level management has done the right action to find out the incident to avoid panic investor, legal action and minimize the customer impact. 6. Conclusion Revisit and update the Standard Operation Plan and Business Continuity Plan as Company strategy to draw in core business as Web-retailer provider o Regularly revisit and upgrade the server security system hardware and software o Avoid dependency on single source provider for data storage and server security system o P roviding proper and sufficient discus space for back-up data o Upgrade with the new security system.