Lecture 10 - Case - IPremier

Lecture 10 The iPremier Company: Denial of Service Attack

Synopsis • Successful hih!en" retailer shut "o#n $y a "istri$ute" "enial of service %DDoS& attack #hich occurs for '( minutes • C)* +o$ Turley coor"inatin from afar  • Some lea"ers helpful, others not so helpful

Case *vervie# • .a"e!up case $ase" on real events that have happene" in various companies • Consi"ers the manaement perspective of a DDoS attack • These are not common, $ut can $e sinificant

hat is a DoS attack • an"shake $et#een communicatin computers • Can $e "efen"e" if all from one reconi3e" source • Distri$ute" DoS more "ifficult to "efen" aainst

hat is a fire#all • Com$ination of har"#are an" soft#are to prevent unauthori3e" access to company4s internal computer resources • iPremier 5not a real fire#all4 •  Attack vs intrusion

Crisis manaement • 7ormal human responses

• hat is at stake

• hat principles shoul" $e follo#e"

o# "i" iPremier "o • 8ecommen"ations  9 +efore  9 Durin  9 After 

;uestions, +reak, Presentation

=ollo# up info •  A fe# hours later, iPremier announce" pu$licly that they have $een victim of DD*S attack  9 '( minutes, mi""le of niht  9 =e# customers inconvenience"  9 oul" revisit alrea"y soli" computer security

• 7o conclusive evi"ence that intru"ers ha" tampere" #ith pro"uction computer e>uipment • ?=inerprint@ on files ha" not $een kept up to "ate, so impossi$le to kno# etent of $reach

Security measures institute" • • • • • • • • • • •

8estart all pro"uction computer e>uipment se>uentially #ithout interruptin service to customers =ile!$y!file eamination of every file on every pro"uction computer lookin for evi"ence of missin "ata +ean stu"y of ho# ?"iital sinature technoloy@ miht $e use" to assure that files on pro"uction computers #ere the same files initially installe" there Bpe"ite" proect aime" at movin to a more mo"ern hostin facility .o"erni3e" computin infrastructure to inclu"e more sophisticate" fire#all )mplemente" secure shell access so that pro"uction computin e>uipment coul" $e mo"ifie" an" manae" from off site  A""e" "isk space to ena$le more loin, lea"in to $etter information if this happene" aain Traine" more staff in use of monitorin soft#are, an" e"ucate" a$out security threats Create" inci"ent!response team, practice" simulate" attack +ean eecutive search for chief security officer  )nstitute" >uarterly thir"!party security au"its

=ollo# up info • oanne 8ipley recommen"s "isconnectin all pro"uction computers an" re$uil" from scratch  9 Bstimate 2/ 9 -6 hours to complete  9 Documentation there, $ut thins can o #ron

• eate" "e$ate over this suestion  9 ?only #ay to $e sure@  9 ?irresponsi$le to customers to "o this@ 9 hurt satisfaction  9 7o evi"ence of compromise

Thouhts • =ollo# 8ipley4s suestion • hat shoul" $e "isclose"

T#o #eeks laterE • Call from =+)  9 Competitor .arketTop has $een su$ect to a DDoS attack  9 Source of attack is #ithin iPremier 

• 7o# #hat  9 Shut "o#n all  9 Leal )ssues  9 Cre"it Car" )nfo coul" have $een stolenE