1. What is a denial of service attack?

Denial of service (DOS) attack is an attempt to make a piece of hardware like a

machine or network resource unavailable to its intended users. This attack is
performed by sending out a flood of information packets that gridlocks the networks
resources, rendering them unavailable. Wikipedia provides the following information
about the federal governing of the crime:
Denial-of-service attacks are considered violations of the Internet Architecture
Board's Internet proper use policy, and also violate the acceptable use policies of
virtually all Internet service providers. They also commonly constitute violations of
the laws of individual nations. (Wikipedia, 2015)
How well did iPremier perform during the seventy-five minute attack? If you
were Bob Turley, what, if anything, might you have done differently during
the crisis?
IPremier was unprepared for the 75 minutes attack. This might have come due to
too much faith in the Qdata's abilities to control these situation and lack of vision with
regards to any threats. IPremier had contracted with Qdata, an Internet hosting
business that provided them with most of their computer equipment and internet
connection. Qdata was not viewed as an industry leader and was selected because it
was located close to iPremier's corporate headquarters. However, despite being
unprepared, I do believe iPremier did perform well enough during the 75 minutes
attack; the situation was handled professionally by all parties involved. Yet, even
though they handled the matter professionally, there is a point that the CIO didnt
handle too well. He is responsible for whatever happens to the company's reputation,
be it good or bad. At the moment they were not sure if their systems had been intruded
or if there was some sort of distributed DOS attack. This was because there was not a
crisis management strategy in place. Evidently, the company also did not have
equipment such as proper firewall to help subdue the problem. If the attack had not
ended as soon as it did, and coupled with a possible intrusion, the consequences on
iPremier would have been much more severe.
If I was Bob Turley I would have ordered the system to be fully shut down even if it
meant losing the data that would help the company figure out what had happened. If
the website was hacked, it means customers information such as credit cards and
social security numbers would have been compromised. I believe shutting it down
would have been the safer move in managing the potential risk. Dealing with the
stolen data and expense of the fallout of peoples personal information leaking is far
more detrimental to the company than losing information about how the DOS occurred.
2. What information about these events should iPremier share with its
customers and the public? Justify your answer.
I am not sure that a disaster such as this intrusion should be regarded as public
relations unless peoples identities were stolen. If it is shared, I believe they may have
to share more information about what further steps to secure the infrastructure are
planned and are taken to prevent it from happening again. These steps include
integrating a well formulated framework for security management. If shared with the
public, rehearsing the response is crucial to communicate the proper information to
ensure the public can still trust iPremier. Well thought and planned out response (precrises), to major incidents makes managers more confident and effective during real
crises. Even if the incident occurs in a different form from which was practiced, practice
makes a crisis situation more familiar and better prepares managers to improvise
solutions. This point could be applied to question 4 as well.

3. In the aftermath of the attack, what would you be worried about? What
actions would you recommend?
In the shadow of the attack I would be worried about another DOS. However, what
would be more detrimental is if the attack took place at a high traffic time of the day
rather than 4:00 am when it is not as productive or where network traffic on the
website is not at a peak. In the aftermath, managers of iPremiers infrastructure will
need to rebuild parts of it. In order to restore the infrastructure to it pre-incident
moment, they will be required to erase and rebuild everything. If configuration and
procedures have been carefully documented in advance, recovery can happen
immediately. If not this could be a cumbersome and lengthy endeavor.
I recommend that actions will need to be taken to investigate to understand what
exactly happened during the attack. This will reveal the actions that need to be taken
to prevent this from happening in the future. Most importantly, the company owes its
clients and business partners detailed information about what happened so that all
involved can determine the consequences of the attack. In crises management and in
formulating actions after a crisis, it is important to communicate with all parties
involved. I would then recommend moving forward with integrating crisis incident
procedures and a well formulated security management framework for protecting the
company in the future.
4. Now that the attack has ended, what can iPremier do to prepare for another
such attack? Recommend a plan that will help iPremier avoid another such
incident.
Risk management is necessary. I stated in question 2 the importance of having a crises
plan in place in case a breech may occur is extremely important. This crises plan
needs to have well documented emergency procedures. A pre-crisis plan of practices
in place makes incidents more manageable. The following plan needs to include:
sound infrastructure design, careful documentation, disciplined execution of operating
procedures, and an established crisis management plan. A sound infrastructure design
is infrastructure that has been designed with a contingency of sound recoverability and
tolerance for failures. By this design the losses associated with a Dos or a breech are
more likely to be contained and easier to manage. IPremier will need to find a better
internet service provider if Qdata fails to update its infrastructure and technology.
Careful Documentation ensures that crisis management is precise with the most
important critical details; reliable, accurate, and careful documentation saves time,
costs, and increases confidence when dealing with a crisis. Proper documentation
maintains a baseline of knowledge about infrastructure configurations. Disciplined
execution of operating procedures is only as good as a plan and can only be followed if
it is documented well. These procedures, when executed properly make the diagnosis
of problems more effective. Scheduled infrastructure audits uncover lurking problems
or vulnerabilities and must be performed often. Finally, established crisis management
procedures are procedures for managing incidents. They effectively guide the
diagnosis of problems, help managers decision-making efforts more efficient, and
specify who should be involved in problem-solving activities.