Friday, April 17, 2020

The Ipremier Company Denial of Serivice Attack. Case Analysis Essay Example Essay Example

The Ipremier Company: Denial of Serivice Attack. Case Analysis Essay Example Paper The Ipremier Company: Denial of Serivice Attack. Case Analysis Essay Introduction The iPremier Compant (A): Denial of Service Attack Summary of the case: iPremier, a Seattle based company, was founded in 1996 by two students from Swathmore College. iPremier had become one of a few success web-based commerce, selling luxury, rare, and vintage goods over the Internet. Most of iPremier’s goods sell between fifty and a few hundred dollars, and the customer buys the products online with his or her credit card. iPremier’s competitive advantage is their flexible return policies which allows the customer to thoroughly check out the product and make a decision to keep the product or return it. The majority of iPremier customers are high end, and credit limits are not a problem. iPremier had contracted with Qdata, an Internet hosting business. Qdata provided iPremier with most of their computer equipment and connectivity to the Internet. Qdata was not an industry leader and was selected because it was located close to iPremier’s company headquarters and had been serving iPremier throughout the course of its new and developing business. Qdata did provide basic floor space, power, connectivity, environmental control, and physical security, and offered some high-level management services such as monitoring of web sites for customers and Internet security services such as firewall protection. On January 12, 2007, iPremier Web servers were brought to a standstill. A denial-of-service (DoS) attack had occurred. Hackers launched the attack on iPremier. Luckily for iPremier, this was only a denial-of service attack, possibly launched by a script-kiddie, or even a competitor trying to disrupt service. The Ipremier Company: Denial of Serivice Attack. Case Analysis Essay Body Paragraphs The attack could have been a lot worse. iPremier’s customers pay for their purchases with credit cards, and they keep a data base containing all credit card information on their customers. The credit card database is. However, it leaves them vulnerable to an attack by hackers. If a hacker had obtained total access to their system customer credit card numbers could have been in jeopardy. As the events unfold, iPremier managers discover problems with their plans for responding to crises and struggle to understand and control the situation. 1. How well did this company perform during the attack? The company did not perform as well as they should have been able to. There were multiple areas where problems arose, such as the technical architecture of the IT system, relying only on the 3rd party, Qdata, to monitor their IT infrastructure, keeping out of date manuals, and not maintaining their emergency procedures. However, some people trying to fix the attack did an adequate job con sidering the problems the company had. Joanne and Leon Ledbetter did everything in their power to restore the website and protect the customer data, which even included running red lights. Leon was so new that he didn’t know exactly what to do. Training for an emergency would have proven useful. The CIO, Bob Turley, knew of the emergency protocol and out of date manuals, but never did anything to alleviate these problems. This put the company in a significant disadvantage, and created a bigger problem than what was necessary. Faced with this problem, Turley was able to facilitate direction for the company as best as he could, which ended with the security breach stopping. Even after the attack, when the company did not know whether the customer information, which included credit card information, the company had no intention to announce the security breach to the public. This can be detrimental to the company if customers became impacted because of this issue. This is probabl y an unethical response to this event, and further shows how bad the company performed during this crisis. 2. What should they have done differently, before or during the event? One of their main problems was relying solely on Qdata to monitor their IT infrastructure. It sounds like Qdata was not keeping up to date with their investments in technology and adequate personnel. When Joanne was at Qdata, she made it sound as if the staff was uneducated and only allowed her limited access to resolve the situation. Their Website monitoring system and Internet security services did little to nothing to help resolve the situation. Another problem was iPremier neglecting to update their facilities and equipment because they wanted to focus more on expanding the company. This is a risky move because as the company grows the IT infrastructure needs to row to keep up with the greater risks a failure could cause. iPremier was not prepared for an attack; they could not even find their binder full of procedures in case of an emergency such as this one. They also had turned off their ability to log detailed information in case of an attack and Joanne believed that their firewall had not been set up properly. For this reason, they have no idea for why the attack had stopped. In some instances it may have appeared that they had panicked a little too much. They almost notified the police of the incident. They would have been a very hasty and unnecessary move. As far as I know, the police would have not been able to do anything to help the situation and at the same time the press would have access to the story. This would have hurt iPremier’s public relations and upset their executives and BOD. Their panic may also have caused an accident. Joanne was driving fast and running red lights. Again, if she got into an accident and the press got hold of why the accident occurred, there would have been a negative press release about the company. 3. What should they do in the after math of the event? Premier learned the hard way with this web’s attack that they needed to find a more effective outsourcing client. iPremier needs to realize the importance of security, especially in the e-commerce world where there is unlimited access through the Internet to valuable customer information. Security needs to be the top priority of any e-commercial company. They should make some changes to effectively solve their security problem. First of all, their existing contract with Qdata needs to be renegotiated. This will allow employees at iPremier to act as consultants for Qdata and help them upgrade their existing system. The consulting time will be an added cost, however it is far less expensive to consult rather than hiring another outsourcing client. Second of all, iPremier need to separate its web server from its critical system; this will help to eliminate access to important information by a hacker. No system is totally safe from an attack but the separation of systems will help to deter amateur hackers. Beside, iPremier needs to develop a plan of attack if they undergo a DoS again. By doing so, they can have a strategy to implement before, during, and after a denial-of-service. If their plan is effective the system then down time ill be decreased, and vital information will be secure again in a timely manner. Also when an attack occurs iPremier needs to have an expert to call to effectively walk top-level executives through the process of getting their system up and running. Finally iPremier’s current firewall needs to be updated with the addition security for example filter or sniffer, to successfully inhibit information packets that will initiate a DoS attack. 4. What, if anything, should they say to customers, investors, and the public about what has happened? iPremier’s made had no plan to announce the attack to customers. This may be a costly mistake. Because iPremier does not know the extent of the attack, or what was targeted, they do not know the extent of the risk to their customer. Officials of the company feel that making the attack public could risk their reputation from a public relations standpoint. However, not informing customers of the attack could be more costly. iPremier must quickly determine how they are going to approach this problem from an IT standpoint: will they hire another firm to research or will they work with Qdata to investigate the event? Next, iPremier should make a public announcement concerning the potential risk of compromised customer credit cards. Premier should also announce that their plan to remedy this problem and inform customers of how they will keep customer information safe in the future. Finally, iPremier should make a statement to reflect that they made every attempt to notify the public immediately after the attack to prevent any potential fraud to occur on customer credit cards. A similar event occurred with major retailer, TJ Maxx, several years a go. TJ Maxx did not discover the information leak for several months, and did not inform the public for some time after that. Not only did this create a public relations nightmare for TJ Maxx, there were also legal ramifications to their decisions. iPremier is correct in assuming they may lose customers in this process. However, the alternative approach, to remain silent, could prove more detrimental. Many customers will appreciate the honesty and the opportunity to close compromised credit cards immediately. On the other hand, if iPremier takes no action, and customer cards are compromised, they will face strong customer dissatisfaction and potential legal ramifications as well. We will write a custom essay sample on The Ipremier Company: Denial of Serivice Attack. Case Analysis Essay Example specifically for you for only $16.38 $13.9/page Order now We will write a custom essay sample on The Ipremier Company: Denial of Serivice Attack. Case Analysis Essay Example specifically for you FOR ONLY $16.38 $13.9/page Hire Writer We will write a custom essay sample on The Ipremier Company: Denial of Serivice Attack. Case Analysis Essay Example specifically for you FOR ONLY $16.38 $13.9/page Hire Writer

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.