Free Essay

The Ipremier Company (a): Denial of Service Attack

In:

Submitted By Noon25
Words 1713
Pages 7
Case Analysis

The iPremier Company (A): Denial of service Attack
Case 2—2

MIS 606- Management Information Systems

4 December 2012

Summary of the problem

The case presents a specific problem that has taken place in iPremier, a Seattle based company that was founded in 1996 by two students from Swathmore College and had become one of a few success web-based commerce, selling luxury, rare, and vintage goods over the Internet. It was exactly on January 12, 2007, when iPremier Web servers were brought to a standstill. The Web site of the company was locked up; neither employees nor customers can access the site due to a distrusted denial-of-service (DDoS) hacker attack. At that time, the company CIO, Bob Turley, who was recently hired, was out of the town on a mission, and that made the situation even worse. The problem was soon spread reaching the CEO! The shocking finding was the outdated emergency procedures. Eventually after 75 minutes the problem was solved and the main champion in my opinion was luck! Unstructured actions were taken to overcome this attack. The corrective action was taken but still iPremier will need to come up with preventive action for similar situations because this might threaten its existence.

The technology

The case discussed different technologies: distributed denial of service (DDoS) attack, firewall, and information security mainly in case of crisis. DDoS is a type of web attack that seeks to disrupt the normal function of the targeted computer network. This is any type of attack that attempts to make the affected computer resource unavailable to its users (Sticklnad,2010).
[pic]

Source: Sticklnad, 2010

A SYN flood was also discussed, it is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. The last one is a script kiddie in which a person uses existing scripts, code, or other tools illicitly to gain entry to a computer system or network, without understanding the way the tools function or the way the system or network is designed. (Mifflin,2006) or skiddie, also skid, script bunny, script kitty, are individuals who use scripts or programs developed by others to attack computer systems and networks and deface websites. This may include those who do so with a poor understanding of programming or computer networks. (Wikipedia.com).
The team used Microsoft word to analyze the case.

Available information

The whole case covered the stages of the hacking the Website of iPremier and actions that have been taken. Following information were available: - CIO, Bob Turley, who was hired three months ago only was out of the town on a mission and he was coordinating with the team on phone but still the situation was not handled in the best possible way. - iPremier was victim of DDoS attack for 75 minutes on January 12, 2007.
The attack started at 4:31 AM and solved at 5:46 AM and only few customers disrupted - .
.
- iPremier did not have experience or equipments to deal with such attack. - The emergency procedures were outdated and not communicated to the company leading to random actions to overcome the crisis. - Qdata ( hosted most of iPremier’s computer equipment and provided connectivity to the Internet) had outdated technology and a large turnover of staff. - The company was focusing on growth and profits, which made them reluctant to acquire modern facilities. - iPremier had the initiative to move to modern technical facilities, but focusing on growth and profits, cost of these facilities, fear of risk, and the personal commitment to the owner of Qdata kept them reluctant to such movement. - Qdata hosted most of iPremier’s computer equipment and provided connectivity to the Internet. iPremier continued with Qdata although it was battered by the contraction of the internet bubble. - Practicing incident response was deprioritized in the company; simply no one had time for it. - The problem escalation was not controlled efficiently and everyone started spreading it. - iPremier did not use detailed logging software that might give them evidence of what was going wrong during the attack and who attacked them. -

A pre analysis of the case

There are many facts to be considered when analyzing such case. It is important to consider the following: - DDoS attack is made by hackers in order to achieve specific purposes. DDoS attack could happen to any company that does not have enough actions to secure information. - It is not accepted that emergency procedures are not communicated throughout the company and not updated. Information security is the responsibility of everyone. It is expected that every employee knows what to do in these situations. - In case of large and well-known companies, the impact of attack exceeds the efforts to fix and deal with the attack. The most important of all, is the impact on customers and then sales and profits. - To deal with such DoS attack, there are many things needed such as up-to-date equipment, supportive leaders, perfect procedures, and clear distribution of duties and responsibilities. - Proper Firewall is needed to prevent DoS any attack. But firewall alone is not enough as there should be a complete system for protection.

The analysis

Analysis of the situation could be done by using different models and concepts. SWOT analysis is used for this case study. Looking at strengths, iPremier is a well-recognized company that operates in the market since 1996. The leader of the company is well qualified. Employees have the ability to communicate easily with their manager at any time and because of this advantage, the problem was solved immediately. The company copes with technological development and utilizes Internet in commerce. Additional strengths were strong management team, balance approach between profitability and growth ,customer focus approach, strong reward and compensation system, discipline and professionalism working environment, and competitive advantage in software development. In spite of these strengths, there are many weaknesses. Not only that there is inadequate firewall, but also emergency procedure were outdated and not communicated. The company did not acquire up-dated equipment and facilities related to information systems and protection. For opportunities, the company could enhance its security procedures and could face any attacks. In addition, it could acquire periodic audit to manage its operations including crisis management. By this way, the company could lead its market by using e-commerce and then could generate more profits and market share. Finally by looking at threats, the attack will badly affect the company's image and might affect its profits and market share. The attack could take place again. At the same time, hackers may develop new methods of attacking.

The solution/recommendations

There are many recommendations to solve the problem. iPremier needs to:
Before incidents occur

- Develop its information security system by itself. By this way, iPremier will develop procedures to guarantee security of information and managing information crisis. This will consume cost, time and effort but eventually will help iPremier to be ready for any new attack. Besides, in-house technology will enable iPremier to build its own systems that are customized to meet its needs and purposes. - If iPremier does not want to build its in-house technology, it can then outsource this activity to a well known, professional and specialized company. This alternative guarantees that iPremier will get secure system developed by specialized information security system but the risks of outsourcing could be the high costs and the expose of confidential information of iPremier to others. - iPremier needs to invest more in IT to enlarge its market share in addition to its needs to develop procedures of information security. This can be done by outsourcing some aspects of information security and doing some aspects in house. As we all know the lag measure of IT, IT profits will show after years form acquiring them. - iPremier needs to protect its data base and make backup in different locations. - Enhance its public relations to rebuild customer confidence and trust in the company. - iPremier needs to document all its procedures and configurations to deal with crises more comfortably. - Develop a Crisis Management Team that includes experienced managers and talented employees, hire chief security officer, and try to practice simulated attacks. - Educate all employees at all levels about security threats and train them to use monitoring software. - They should go for another company other than Qdata

During an incident:
Avoid psychological traps such as groupthink when the CIO focused in reaching the decision (by pulling the plug without knowing the root of the problem) rather than making the right decision.

After an incident: - Examine each file on every computer to be sure that there is no missing data and all files are as they originally installed.

- Rebuild the parts of infrastructure that caused the problem to be sure that its pre-incident state is restored.

Lesson learned

Many lessons are learned from this case: - Different attacks could happen to any company that does not have enough actions to secure information. Therefore, companies should be ready for such attacks. - There should be strong standard operating procedures in case of emergencies. - Information security is the responsibility of everyone, so employees should be trained on how to face crisis. - Periodic audit plan must be in place to ensure efficient operations - Focusing mainly on growth and profit is not the right path to follow. - Avoid cutting costs linked to security of customers’ information - Companies have to acquire up-to-date equipment to lower the risk of crisis - Companies must have a clear matrix for distribution of duties and responsibilities. - Top management support is essential to manage crisis. - Open communications between the managers and employees are essential to manage crisis. - Security should be part of the strategy. - Every company should have crisis management team to overcome the crisis. - Large companies should have qualified PR to handle customers concerns properly. - Remove any personal commitment in business.

References

▪ Jonathan Strickland. "How Zombie Computers Work" howstuffworks. n.p., 2010. Web. 30 Nov 2012.

Sticklnad, J. 2010 How Zombie Computers Work. Retrieved on November 1, 2012 from: http://computer.howstuffworks.com/zombie-computer3.htm"script kiddie." High Definition: A-Z Guide to Personal Technology. Boston: Houghton Mifflin, 2006. Credo Reference. Web. 30 November 2012.

Similar Documents

Premium Essay

Case Analysis: the Ipremier Company - Denial of Service Attack

...Analysis: The iPremier Company - Denial of Service Attack Matthew M. Lambert Introduction: The e-commerce landscape is littered with the remnants of companies that didn’t survive the meteoric dot com boom and subsequent bust that began in the late 1990s. iPremiere Company, however, was the exception to the rule. Created by two college students in 1996, the web-based company had solidified its business position as a top online retailer of high-end, luxury goods with $32 million in sales and $2.1 million in profit for 2006. Consumers bought directly from iPremiere using credit cards, which were then stored on the company’s servers. In 2007, computer hackers launched a Denial of Service (DoS) attack on iPremiere’s website, temporarily shutting down the website and taunting iPremiere with emails. The possibility of hackers breaching its security firewall is extremely troubling because it puts customer financial information at risk and the loss of this public trust would be disastrous for iPremiere. The purpose of this paper is to assess why iPremiere was vulnerable to attack, examine their approach to both IT risk management and crisis communications and offer recommendations that foster customer trust and company profitability in the future. SWOT Analysis A brief SWOT analysis shows that iPremier’s strengths include good placement in the e-commerce marketplace and a highly experienced and productive team of managers and software developers dedicated to meeting company expectations...

Words: 1167 - Pages: 5

Premium Essay

Ipremier Case Study

...Question 1 The employees at iPremier all performed well except for Bob Turley, CIO. In this case, even having one employee not perform well, meant that the company overall performed poorly. The overnight or third shift had an immediate response to the attack by taking the initiative to call the CIO at 4:30 am to inform him about the malicious incident and to drive down to the data center because no one on the Qdata phone was being helpful. Bob Turley should have pulled the plug much sooner. He had been working at iPremier for nearly three months and should have been aware of the company’s limited hacker defense capabilities. That awareness would have meant that iPremier was very vulnerable to anything beyond the most basic cyber-attacks. There was suspicion that the hackers could be stealing credit card information, yet he left the system up and running. The plug was only pulled after the legal counsel advised him to do so. Every second waiting to pull the plug could have been more and more damaging to the company, customers, and employees. A worst case scenario must be assumed in such a vulnerable situation. Another mishap was when Bob told an employee not to call the police because it could hurt the stock price. The stock price should not have been Bob’s most pressing concern considering law enforcement has resources available to assist iPremier in identifying or defending against the attack. There was also precious time wasted by waiting for his boss to call before Bob...

Words: 663 - Pages: 3

Premium Essay

Ipremier

...THE iPREMIER COMPANY (A): Denial of Service Attack By Robert Austin November 19, 2003 DPDN Brian Dyrud Jennifer Paterson Paul Davidson Lindsay Neal BACKGROUND: iPremier, a Seattle based company, was founded in 1994 by two students from Swathmore College. iPremier had become one of the only success stories of web-based commerce, selling luxury, rare, and vintage goods over the Internet. Most of iPremier’s goods sell for under $200 and the customer buys the products online with his or her credit card. iPremier’s competitive advantage is their flexible return policies which allows the customer to thoroughly check out the product and make a decision to keep the product or return it. The majority of iPremier customers are high end and credit limits are not a problem, which also adds to the competitive advantage of utilizing their entire customer base. During 1999 the company reached a profit of $2.1 million on sales of $32 million. Sales had increased by 50% during the last three years and they were in an upward trend. iPremier’s stock nearly tripled after the company’s Initial Public Offering in 1998 and had continued to grow since the IPO, and eventually the stock tripled again. iPremier was one of the few companies to survive the technical stock recession of 2000. Management at iPremier consisted of young people who had been with the company from the start and a group of experienced managers that were brought in over time as the company grew. IPremier’s...

Words: 3910 - Pages: 16

Premium Essay

Ipremier Case Study

...iPremier Case Study Abstract In Seattle, Washington in 1996 two students at Swarthmore College, start iPremier Company, which is a web-based commerce. The company sells luxury, rare and vintage goods over the internet. The selling range of the items is between 50- a couple of hundred. Since everything is done, online credit cards are used for purchases. One of the advantage of iPremier is the flexible return policies, it gives the customer an opportunity to decide if they want the products or not. iPremier Company iPremier is one of the top retail business that sell the luxury items, profiting $2.1 million on sales $32millions in 2006. Since then sale has grown over 20% annually. There was a decrease, but everything works itself out. Upper management describes working at iPremier as intense. .Qdata is the company that host iPremier computer equipment and provided connectivity to the internet (Austin and Murray, 2007). Although Qdata offers monitoring of website for customer and network operation, they had not invested in advanced technology and was not able to keep staff. During 75-minute attack how well did they iPremier perform. What would you have done differently if you was Bob Turley Bob Turley is new Chief Information Officer and is currently in New York on business. AT 4.31 am he received a call, from the network been hack and wired email received with just the word “Ha”. The site was a DoS attack coming from about 30 locations...

Words: 967 - Pages: 4

Premium Essay

Ipremier

...The iPremier Company: Denial of Service Attack 1. In your opinion, how well did iPremier perform during the 75 minute attack? It is clear that iPremier was not prepared for any sort of cyber attack, and their subpar performance during the 75 minutes was a clear representation of their operational deficiencies, lack of preparedness, and lack of leadership. This led to a complete disregard of any formal procedures and caused many involved to fall for common psychological traps. On page 281, Applegate lists four key emotional obstacles that must be overcome during an incident: 1) Emotional responses, including confusion, denial, fear, and panic, 2) Wishful thinking and groupthink, 3) Political maneuvering, diving for cover, and ducking responsibility, and 4) Leaping to conclusions and blindness to evidence that contradicts current beliefs. From the very beginning of the incident, there was confusion and panic with the people involved. However, amongst the panic, everyone did a decent job of prioritizing the safety of the customer’s information. Without a formal plan, it obviously took longer to diagnose the problem and to determine solutions, but Bob Turley did a good job of keeping everyone focused on the customers. However, he did not offer much support to Joanne Ripley, the one person who was actively trying to identify and fix the problem. For example, Turley didn’t even acknowledge the issue with Qdata when Ripley brought it to his attention during their first conversation...

Words: 1850 - Pages: 8

Premium Essay

Ipremier Case

...Introduction The iPremier Company was founded in 1996 by two students at Swarthmore College and grew to become the second largest web-based retail business selling luxury, rare, and vintage goods. The company's customer base was high-end, with most of the products priced between fifty and a few hundred dollars and a small number of items priced in the thousands of dollars. Its return policy was flexible, which gave customers the opportunity to examine products before deciding whether to keep them. The company went public in 1998, and its stock price experienced rapid growth throughout 1998 and 1999. The stock price was hit hard during the DotCom Crash of 2000, but, unlike many of its competitors in the business-to-consumer segment, the company was able to survive by streamlining and focusing its business to achieve profitability. In January 2007, iPremier experienced a denial of service ("DoS") attack, which prevented access to the website and the internal web server. It was unclear at the time whether this was a DoS attack, or something deliberate. Though the attack appeared to be harmless in the end, the incident brought to light the fact that iPremier was ill-equipped to deal with breaches of network security. The incident highlighted three major shortcomings of the company's existing network security infrastructure: (1) a third party was responsible for the company's internal network security, (2) iPremier's information technology was outdated, and (3) iPremier's standards...

Words: 2896 - Pages: 12

Premium Essay

Ipremier

...Ipremier Denial Of Service Case 1. Premier was unprepared for the 75 minutes attack. This might have come due to too much faith in the Qdata’s abilities to control these situation and lack of vision with regards to any threats. Every ones reaction was that of panic because there were no crisis management strategy or disaster plans in place. As the communication lines got crossed and broke down, the sense of panic at iPremier grew higher with no defined plan on how to get out of it. 2. We would have had a teleconference with all the Technical Executives to discuss their risk assessment measures, then we would also included the Qdata key point of contact on the issue at hand to discuss possible recovery plan for this situation. The legal advisor will be asked to listen in on this conversation so he can better understand the situation and provide legal advice for the plan. 3. Despite the sense of professionalism maintained by Turley and Ripley it was clear that the company has no procedures in place to deal with infrastructure risk at any level. Needless to say that if this or any similar attack occurred during high traffic time the consequences might be excessive to the infrastructure, business and the reputation of the company. It was clear in the case that Jack hired Bob to create and implement proper policies and procedures for the infrastructure risk management. To do this, iPremier has to assess all known threats to the infrastructure risk matrix...

Words: 287 - Pages: 2

Premium Essay

Brief on Advanced Operations

...Brief 1. Advance Operations * 90 % behavior and 10% what you know, that’s why the teacher tells us that in businesses, machines are very easy to learn inside out but when the people comes in the picture is when we have a problem. Behavior has a massive content in respect to success. * A sense of leadership combined with strong authority causes people to lift their spirit up and wakes up a sense of fellowship. * In Shackleton’s time there wasn't a lot of knowledge on those technologies being used. That combined with the pressure of the countries competing with each other to discover places around the world. * These competition kind of resembles todays fight in the automobile industry.Efficient use of time , as explained and used in operations is a very important way to find improvement. * Gravity waves: These waves are generated in a fluid medium or at the interface between two media when the force of gravity. An example of such an interface is that between the atmosphere and the ocean, which gives rise to wind waves. * Examples of leadership in Shackleton’s: He Invented the power bar ( found the right logistics for food), as a leader you have to seek informal contact at times which is more important at times that formal contact. * As a leader you can never extinguish HOPE . Is a vital element to lift up the spirit. * Competitiveness in...

Words: 10653 - Pages: 43

Premium Essay

Blalcal

...provides an enterprise-wide perspective on the management of information technologies (IT), software applications and the operational processes they support, and the data and knowledge that inform business processes and decisions. The course focuses on how IT professionals and non-technical managers work together to ensure that applications and data are aligned with organizational strategy and business processes. The cases and readings examine how companies in various industries use IT to serve customers well, manage operations efficiently, coordinate with business partners, and make better business decisions. A key theme -- IT as a double-edged sword -- reflects a central challenge: how to maximize the strategic benefits of investments in hardware and software, while minimizing accompanying technical and business risks. The course places equal weight on technical and managerial skills. Our primary objective is to help students prepare to be effective contributors to IT initiatives in partnership with IT professionals, including external service providers here and abroad. Course Learning Objectives: · Understand how information systems – comprised of hardware, software, databases and knowledge repositories, networks and people -- support intra- and inter-organizational transaction processing,...

Words: 7908 - Pages: 32

Free Essay

Paper

...TEXAS STATE UNIVERSITY McCoy College of Business Administration Department of CIS & QM – Spring 2015 CIS 5318 – Information Technology in Digital Economy Monday/Wednesday 6:30 – 9:15 pm Instructor: Dr. Vivek Shah Office: McCoy 457 Office hours: Wen: 4:30 – 6:00 (Round Rock Campus); TTH: 3:30 to 4:30; M: 4:30 to 6:00 (San Marcos Campus) or by appointment Phone: 512.245.2049 (My office) 512.245.2291 (Dept. office) 512.413.5419 (Cell) Email: vs01@txstate.edu COURSE DESCRIPTION This course is directly concerned with the management issues surrounding information and telecommunications systems. It presents the ingredients of management knowledge necessary for success in the management of information technology. This course views information technology from the perspective of managers at several levels--from the CEO to the first line manager. It provides frameworks and management principles that current or aspiring managers can employ to cope with the challenges inherent in the implementation of rapidly advancing technology. The course presents fundamental knowledge essential to managing an information technology successfully within a larger organization. It considers strategic and operational issues, the significance of rapidly advancing technology, and human and organizational issues related to technology introduction and use. The course describes management systems and models of successful behavior that capitalize on opportunities...

Words: 4760 - Pages: 20