The Ipremier Company

The iPremier Company Denial of Service ack-ack1. Company overviewThe iPremier is clear-based Commerce Company and established in 1996 by 2 founder students from Swarthmore College. The play along is one of the top two retail problemes in online trans legal action which selling from vintage goods and to the luxury item. Its well knows that during fiscal socio-economic class 2006, iPremier has grabbed profit $2. 1 millions with sales of $32 million from their high-end customer.The follow has as well recorded with growth by 20% annu each(prenominal)y for the last third years consecutive sales whereas back in late 1998, the ships social clubs history of stock price had nearly tripled, oddly when the euphoria of the 1999, which the market is rose to tripling, prices. Its mean the company has strong cash position. The more or less interesting strategic is flexibility return policies which to allow customer to good examine the products before deciding whether to keep them.2. M anagement and cultureThe management at the company is build-up from the mix of talented youngster who been loyal from long date period and experiences managers who had been gradually recruited as the company grew. The recruiter team has focused on well-educated good background with knowhow in business surroundings especially business professionals with reputations for high public presentation. All employees entrust subject to quarterly performance appraisal that tied directly to the compensation. Its competitive environments work, whereby unsuccessful managers impart not last long.Company has tiredized on its governing value in terms of discipline, professionalism, commitment to delivering results and partnership for achieving profits. iPremier orientation towards doing whatever it takes to get projects do on schedule, which is especially related with customer satisfaction orientation by providing benefit. Its essential in company to develop the competitiveness environment i n order to compete the MarketTop as major competitor. Therefore the R&D team should more creative to be advance by developing the related computer software require for the program to attract customer.3. iPremier IT skilful ArchitectureIn general, iPremier has engaged Q-data for collocation facility where net datas allow for store in outsource system. The collocation facilities are sometime called lucre Data centralize or simply hosting facilities. Q-data as partner depart provide floor space, redundant power supplies, and high-speed connectivity to the Internet, environmental reign and physical security. All these recognized as Network Operation Center for websites basis. Figure-1, sh let the iPremier IT technical architecture system that include of firewall system to protect a local network and the computers that could be a feature of against unauthorized entryway. pic Figure-1, iPremier IT proficient Architecture4. Case of Hacked January 12, 2007iPremier system has hack ed by unkn protest intruder sending e-mail in every second with message ha and locked the website that caused iPremier customer dopet access. Its the origin time iPremier through Q-data attack by unauthorized people. The chronology as follow 0430 am, as the approximately the first email received in Q-data mailbox system and continued in every second, that could said ha.. ha.. ha.. a from anonymous source. Leon Ledbetter as the rising performance staff was suggested by Joanne Ripley, technical operation team leader, should report and snitch an catch call to the iPremier new CIO, Bob Turley on which being apart from the HQ and just arrived in New York to meet with Wall driveway analysis. Bob Turley has give suggestion to check the emergency procedure in motion and make call operation staff in Q-data since he understood that iPremier has the right to get better service of monitoring 24/7. 439 am, the consolidation period to handle the case with some suggestion from other iPrem ier senior high level management much(prenominal) as seeking the business operation standard (emergency procedure and business continuity plan), IT help desk, re kick the bucketing the web server, pull the plug (physically disconnect to the converse line) and approach on DoS system that it maybe potentially targeted by hacker. 0527 am, restoration system period by trial and demerit approach on SYNCHRONIZED body that related with the DoS system as the following(a) step.There was something happened in SYN-ACT system which looks like SYN flood from multiple sites directed at the routers that runs the firewall services. SYN-ACT is the Web server communication whereas each conversation begins with a season of handshake fundamental interaction. The computer system will initiate to send reading to synchronize in the web server. The contacted Web server responds with a synchronized acknowledge or SYN-ACT Theoretically, SYN flood is an attack on a Web server intended to make it think a very larger number of conversations that are being initiated in rapid succession.Because each interaction seems real traffic to the Web site whereas the Web server will automatically expands resources dealing with each one. By flooding the site, an attacker terminate effectively paralyze the Web server by trying to start too many conversations with it. 0546 am, systems back to natural, the attack just stop without any action to be done. It seems DoS denial of service attack. The Web site is running, and customer who visits iPremier website wouldnt know anything since the hacked was stopped by own self.5. Answer the questionsQ-1 How well did this company perform during this attack? In general, iPremier seems not well prepare when hack has happened although the business operation standard i. e. emergency procedure and business continuity plan in ordered except mis shopping centred due to in seemly filing. There are a couple of(prenominal) items highlighted from the case o No c risis management strategy which means at that place is no emergency procedure in motion being do for business continuity plan whereby the circulating(prenominal) business operation standard is not in proper binder and out of date from the current use of technology No disaster recovery plans in place o Too much reliance on outsourcing o never practice incident reaction o External factor that indirectly stir to company Q-2 What should they have done differently, before or during the termination? Before o iPremier should have chosen a better Internet Hosting business with better firewalls (software and hardware) be accessible 24/7, have their own technical support, keep logs of cores, do regular system updates and backups. Standard operational Procedures (SOP) in case of DoS attacks (as well as other technical problems), and have emergency response team ready to execute it as soon as possible. PR SOP for every crisis scenarios, and the PR team should have prepared statements re ady within the first couple of hours o Engaged the help of foreign Tiger Team to test its systems and external audit company to do a security audit During the event o Follow suggestion by Joanne Ripley to disconnect all doing computers and rebuild from scratch.They have documentations for that, minimal risk of something going wrong o Attempts to place a spyware/malware inside the companys systems through a thorough check on all files in the system o Release a prepared statement to all stakeholders. Information stream on the companys drive to restore service to normal should be constant o Keep records of companys effort to overcome the threats and find any other unusual activities in the systems, which will be useful for post-mortem o iPremier should alert and get help from applicable government activity o The aim of this effort is twofold Firstly, to defeat the threats to the companys systems as comprehensively as possible Secondly, to alert the authorities that the company is currently under attack by unknown attacker(s), and the company is not liable for any illegal activities that might have come up from the companys computers while the company is under attack Q-3 What should they do in the aftermath of the event? iPremier as virtual business company (Web-based Commerce) should do correction action plan with the following area reserve accurate, reliable info about the status of the event o File-by-file scrutinyEvidence of missing dataBegin study of how digital signature technology might be used to assure that files on production computers were the same files initially installed thereRestart all production computer equipment sequentially without interrupting service to customersImplement secure shell access so that production computing equipment could be modified and managed from off sitePracticing mistaken attack by nominated task force incident response teamDefine the security requirements for the system, and then begin a process of reworking its security architecture accordinglyGet infrastructure up and running quickly by lease sophisticate firewall, upgrade and up-to-date OS as well as protective covering PolicyEstablish secure encrypted tunnel through Virtual Private Line Q-4 What, if anything, should they articulate to customers, investors, and the public about what has happen?In Information Technology and System business that ethic in information society is important which affect to the responsibility, accountability and liability of the company, especially where the Company has public registered. Its thereof iPremier senior high level management has done the right action to disclose the incident to avoid panic investor, legal action and minify the customer impact. 6. Conclusion Revisit and update the Standard Operation figure and Business Continuity Plan as Company strategy to nurse in core business as Web-retailer supplier o on a regular basis revisit and upgrade the server security system hardware and softwa re o Avoid dependency on single source provider for data storage and server security system o Providing proper and sufficient disk space for back-up data o Upgrade with the new security system.