Академический Документы
Профессиональный Документы
Культура Документы
iPremier Company
A HARVARD BUSINESS SCHOOL CASE
Summary of iPremier
Founded in 1996 One of a few web-commerce success stories Sells luxury, rare, and vintage goods online INTERNET RELIABILITY IS CRITICAL!! Fiscal Year 2006 Prots were $2.1 million Sales of $32 million
Ignore the problem, it will go away Implement Disaster Recovery Plan Other, Oh, do we have a plan?
Agenda
Technical Information Firewalls Hackers, Viruses, Worms Attack on iPremier Key Terms and iPremier Network Management and Key Employees Aftermath of Attack Disaster Recovery
A rewall provides a single point of defense between two networks it protects one network from the other Firewalls are frequently used to prevent unauthorized users from accessing private networks connected to the Internet (~5 min.)
Hackers
Hackers
People who break into a computer system and inform the company that they have done so. They are often either concerned employees or security professionals who are paid to nd vulnerabilities. A security professional invited by Microsoft to nd vulnerabilities in Windows. A person who breaks into a computer system with the purpose of inicting damage or stealing data. An amateur who tries to illegally gain access to a computer system using programs (scripts) that others have written.
A computer attack is any malicious activity directed at a computer system or the services it provides
Types of Attacks
Virus Use of system by unauthorized individual Denial of service (DoS) Probing of a system to gather information Physical attack of computer hardware
Computer Viruses
Virus: a segment of self-replicating code planted illegally in a computer program, often to damage or shut down a system or network.
A virus that worms its way through either the computers memory or a disk and alters data that it accesses. Worms burrow through and between networks. A virus that attaches itself to seemingly innocent programs. It does not necessarily replicate, but it opens doors so that an attacker can enter undetected at a later date. A virus that is activated or triggered after or during a certain event. This virus usually lies in wait until a specic action is undertaken.
QData
Key Terms
Colo
QDatas hosting facility close to ofce
iPremier Network
iPremier: Culture
Mix of talented young people Intense work environment Balanced approach to growth and protability Whatever it takes
4:31 AM: Leon Ledbetter reports the website is locked up, customer support is receiving calls and support has been getting ha emails. 5:27 AM: Joanne Ripley realized shortly after she reached a Qdata console that iPremier was the recipient of a SYN ood from multiple sites that was directed at the router that runs the rewall.
iPremiers Choices
Every time Joanne tried to shut off the attacking IP address it would automatically trigger attack from two other zombie sites The emails stopped at 5:46 AM Computer security experts consulted after the attack suggested that the denial of service attack could have been a misdirection tactic, to avert attention from hacking
iPremier instituted several security measures after the DoS attack: Restarted all production equipment File-by-le examination Plan to move to more modern hosting facility Created an incident-response team
Aftermath
Two weeks after iPremier was attacked, the Company received a call from an FBI special agent in Washington, D.C. Over the previous two hours the Companys largest competitor, MarketTop, was experiencing a denial of service attack. The attack was being conducted from inside iPremiers production computing instillation.
1.
Open Options
Resistance MarketTop attack could be the full extent of crime Could be seen as the destruction of evidence
2.
Open Options
3.
Open Options
Two Opinions CIO, Bob Turley, wanted to disclose what might have happened. Senior Finance Staff Member, Linda Kliewer, offered a different point of view.
Legal Aspect Public Relations Impact on Stock Price Customer Privacy Network Security
The End.
What implications do you see for: a. Social Media companies b. Companies using social media systems