COMPUTER NETWORKING SECURITY

Date: 16/10/2022
Name: SRN: Section
SAI PRANATHI SEPURI PES2UG20CS297 E

Assignment – iPremier case study 

1. How well did the iPremier Company perform during the seventy-five-
minute attack? If you were Bob Turley, what might you have done
differently during the attack?

Ans. Dos (Denial of Service) attack is a situation meant to shut down a

machine, network or server making it inaccessible for customers and
intended users.

 In this case, The iPremier Company tried to react to the situation

(DDos attack) as quickly as possible but due to their poor
preparation, outdated Business Continuity Plan(BCP), Incident
Response Plan and Disaster Recovery Plan, the process of taking
action had slowed down.

 There was no proper communication between the team,

employees and the higher officials and no attempt to solve
together or pool knowledge/experience regarding the same.

 There was no chain of command. The higher officials were more

interested in the business losses that will be incurred due to the
ddos attack potential brand damage to it instead of decreasing the
sophistication of the threat prevailing.

 Bob Turley, the new CIO was not really the best in acting under
pressure. Even though he was responsible for the people,
 processes, and technology of the company, for most of the part,
he seemed quite unfamiliar with the company and ultimately
relied on his counterparts in taking decisions.

If I was Bob Turley

 The first and foremost thing I would do is contact the service

provider (Qdata) and inform them about the breaching into
firewall, order them to de-functionalize the website immediately
to prevent customer information from being stolen.

 Creating a conference call to make the situation be know to all the

important company officials and come up with a proper action
plan along with legal procedures that must be taken

 Increase the security of the website along with real-time

monitoring and backup to control and analyse the situation if
escalated.

 Check for other attacks even though the website is hit by DDos
attack. The DDos attack can work as a diversion for other attacks.
Data theft could happen simultaneously when all eyes are on the
SYN floods and website crash.

2. The iPremier Company CEO, Jack Samuelson, had already expressed to

Bob Turley his concern that the company might eventually suffer from
a “deficit in operating procedures.” Were the company’s operating
procedures deficient in responding to this attack? What additional
procedures might have been in place to better handle the attack?

Ans-
 The company’s operating procedures were deficit in responding to
the attack. There was a lot of confusion among the teams and
incapability prevailing with respect to tackling the situation.

 One of the main reasons to the hasty procedures is the lack of

revised and upgraded emergency procedure and their knowledge
 on it. The only one which they had was also not to be found and
took quite a bit of time for Joanne to access it from the data
centre.

 Effective communication among employees will help them be

well versed with situation and procedures to respond to such
attacks better. In this case the qdata monitoring staff were quite
incompetent.

 They team was unsure about the nature, status of the attack.

 It is high time they address and confront the unsatisfactory

services from q data and switch to a better internet hosting
company with proper disaster recovery plan and quick reacting
team.

 Formation of a backup plan to carry on the services, and track the

hacker without shutting them down but at the same not escalate
the issue.

 Taking help from technical team or key IT personnel or having an

external audit team with hands on experience on such attacks
might prove to be more useful.

 One thing that could prove useful is to document every single step
and action with details.

 The team could come up with a temporary unavailable page to

deal with customers and intended users.

 Check for illegal logins and unusual activities in the system to trace
information related to the attack.

 Call for additional help if required and establish contact with law
enforcement agencies for further legal procedures.
3. Now that the attack has ended, what can the iPremier Company do to
prepare for another such attack? 

 The first step that should be taken is to document every action

taken and requested throughout the 75 mins and keep it prepared
for future.

 Train the technical team with every detail about the infrastructure
as well as the Business continuity to choose right course of action
during an attack.

 Try to trace the hacker or the one behind the attack to ensure that
no misuse of customer’s credit card or personal information has
been done and take strict actions for the same.

 Change the internet hosting services to a more reliable and

reputed one.

 Enhance the security and firewalls of the website to a more

sophisticated one. All it takes for the attacker is to find one
loophole to cause an attack.

 Hire independent security team for frequent audits and to identify

vulnerabilities of current systems.

 Conduct a thorough examination on each and every file on the

system to check if any malware has been instilled.

 Practice response to simulated attacks to be prepared for real

time one.

 Ensure real time monitoring with proper details takes place all day
long. Block application level DDos attacks. These are generally in a
cautious manner and are difficult to be detected.

 Always check your logs. A dramatic increase of traffic ratio is a red

flag for an attack so it is better to give the team a head start to
ready for the attack about to take place
 4. In the aftermath of the attack, what would you be worried about?
What actions would you recommend? 

 In the aftermath I would be worried about the customer information and

ensure that no misuse has been done. If yes, then follow legal
procedures to sue them.

 Other biggest concerns would be the business loss and the stock price.
Steady decrease of stocks may decrease the company’s market
capitalization and its market value.

 This one attack can expose the company to data breaches, loss of
customers and other potential losses. It could be proved as a great
advantage for the competitors.

 Instilling better firewalls and enhancing security, coming up with more

creative business and marketing ideas, assuring the customers of the
plan might help build back their reputation among the users.

 The ransom costs, customer churn and time to mitigation are downsides
of the attack.

 Another major thing I would be worried if I was in the place of Bob

Turley is the situation that happened two weeks after the attack.
MarketTop experiencing DDos attack with the source being iPremier’s
production computing installation. A lawsuit against the company might
bring unwanted and negative attention to both companies.

References-

Austin, R. D., Leibrock, L., Murray, A., & Harvard University. Graduate School of Business
Administration. (2001). The IPremier Company (A): Denial of Service Attack.