Presentation is loading. Please wait.

Presentation is loading. Please wait.

The iPremier Company: Denial of Service Attack

Published byAleesha Flynn Modified over 5 years ago

Similar presentations

Presentation on theme: "The iPremier Company: Denial of Service Attack"— Presentation transcript:

1 The iPremier Company: Denial of Service Attack
Lecture 10 The iPremier Company: Denial of Service Attack

2 Synopsis Successful high-end retailer shut down by a distributed denial of service (DDoS) attack which occurs for 75 minutes CIO Bob Turley coordinating from afar Some leaders helpful, others not so helpful

3 Case Overview Made-up case based on real events that have happened in various companies Considers the management perspective of a DDoS attack These are not common, but can be significant

4 What is a DoS attack? Handshake between communicating computers
Can be defended if all from one recognized source Distributed DoS more difficult to defend against

5 What is a firewall? Combination of hardware and software to prevent unauthorized access to company’s internal computer resources iPremier ‘not a real firewall’ Attack vs intrusion

6 Crisis management Normal human responses? What is at stake?
What principles should be followed?

7 How did iPremier do? Recommendations Before During After

8 Follow up info A few hours later, iPremier announced publicly that they have been victim of DDOS attack 75 minutes, middle of night Few customers inconvenienced Would revisit already solid computer security No conclusive evidence that intruders had tampered with production computer equipment “Fingerprint” on files had not been kept up to date, so impossible to know extent of breach

9 Security measures instituted
Restart all production computer equipment sequentially without interrupting service to customers File-by-file examination of every file on every production computer looking for evidence of missing data Began study of how “digital signature technology” might be used to assure that files on production computers were the same files initially installed there Expedited project aimed at moving to a more modern hosting facility Modernized computing infrastructure to include more sophisticated firewall Implemented secure shell access so that production computing equipment could be modified and managed from off site Added disk space to enable more logging, leading to better information if this happened again Trained more staff in use of monitoring software, and educated about security threats Created incident-response team, practiced simulated attack Began executive search for chief security officer Instituted quarterly third-party security audits

10 Follow up info Joanne Ripley recommends disconnecting all production computers and rebuild from scratch Estimate 24 – 36 hours to complete Documentation there, but things can go wrong Heated debate over this suggestion “only way to be sure” “irresponsible to customers to do this” – hurt satisfaction No evidence of compromise

11 Thoughts Follow Ripley’s suggestion? What should be disclosed

12 Two weeks later… Call from FBI Now what?
Competitor MarketTop has been subject to a DDoS attack Source of attack is within iPremier Now what? Shut down all? Legal Issues Credit Card Info could have been stolen…

Download ppt "The iPremier Company: Denial of Service Attack"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Page 1 Organize for Success IST Organization Design January, 2013 MALCOLM BERNSTEIN CONSULTING.

Page 1 Organize for Success IST Organization Design January, 2013 MALCOLM BERNSTEIN CONSULTING.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
iPremier(A) Denial of Service Attack – Case Study Presentation

iPremier(A) Denial of Service Attack – Case Study Presentation
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
Organisational policies

Organisational policies
Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House.

Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House.
The iPremier Company, Inc.

The iPremier Company, Inc.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
The iPremier Company: Denial of Service Attack

The iPremier Company: Denial of Service Attack
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network security policy: best practices

Network security policy: best practices
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Similar presentations

Ads by Google