English homework help 43. I want a full summery for this article it’s due in 24 hours from now.. its types in word documents the long is one and half pages The iPremier Company (A): Denial of Service Attack January 12, 2007, 4:31 AM Somewhere a telephone was chirping. Bob Turley, CIO of the iPremier Company, turned beneath the bed sheets, wishing the sound would go away. Lifting his head, he tried to make sense of his surroundings. Where was he? The Westin in Times Square. New York City. Thats right. He was there to meet with Wall Street analysts. Hed gotten in late. By the time his head had hit the pillow it was nearly 1:30 AM. Now the digital display on the nearby clock made no sense. Who would be calling at this hour? Why would the hotel operator put a call through? He reached for the phone at his bedside and held it to his ear. Dial tone. Huh? The chirping was coming from his cell phone. Hanging up the hotel phone, he staggered out of bed, located the cell phone and flipped it open. This is Bob Turley. Mr. Turley? There was panic in the voice at the other end of the line. Im sorry to wake you, Joanne told me to call you. Who is this? Its Leon. Leon Ledbetter. Im in Ops. We met last week. Im new. I mean, I was new, last month. Why are you calling me at 4:30 in the morning, Leon? Im really sorry about that Mr. Turley, but Joanne said No, I mean whats wrong? Why are you calling? 9-601-114 601-114 The iPremier Company (A): Denial of Service Attack Its our website, sir. Its locked up. Ive tried accessing it from three different computers and nothings happening. Our customers cant access it either; the help desk is getting calls. Whats causing it? Joanne thinksif we could onlywell, someone might have hacked us. Someone else might be controlling our site. Support has been getting these e-mailswe thought it was just the web server, but I cant access anything over there. Joanne is on her way to the colo.1 She said to call you. These weird e-mails, theyre coming in about one per second. What do the e-mails say? They say ha. Ha? Yes, sir. Each one of them has one word in the subject line, ha. Its like ha, ha, ha, ha. Coming from an anonymous source. Thats why were thinking. When you say they might have hacked uscould they be stealing customer information? Credit cards? Well, I guess no firewall2Joanne saysactually were using a firewall service we purchase from the colo, so. Can you call someone at the colo? We pay for monitoring 24/7, dont we? Joanne is calling them. Im pretty sure. Is there anything you want me to do? Have we set our emergency procedures in motion? Joanne says we have a binder, but I cant find it. I dont think Ive ever seen it. Im new Yes, I got that. Does Joanne have her cell? Yes sir, shes on her way to the colo. I just talked to her. Call me back if anything else happens. Yes sir. Turley stood up, realizing only then that he had been sitting on the floor. His eyes were bleary but adrenaline was now cranking in his bloodstream. Steadying himself against a chair, he felt a wave of nausea. This was no way to wake up. He made his way to the bathroom and splashed water on his face. This trip to New York was an important assignment for someone who had been with the company such a short time. It demonstrated the confidence CEO Jack Samuelson had in him as the new CIO. For a moment Turley savored the memory of the meeting in which Samuelson had told him he would be the one to go to 1 Colo is short for colocation facility, where Internet companies often house their vital computing hardware. Colocation facilities are sometimes called Internet Data Centers or simply hosting facilities. They provide floor space, redundant power supplies, high-speed connectivity to the Internet, and a variety of other services to their customers. 2 A firewall is a combination hardware/software platform that is designed to protect a local network and the computers that reside on it against unauthorized access. 2 The iPremier Company (A): Denial of Service Attack 601-114 New York. As that memory passed another emerged, this one from an earlier session with the CEO. Samuelson was worried that the company might eventually suffer from a deficit in operating procedures. Make it one of your top priorities, he had said. We need to run things professionally. Ive hired you to take us to the next level. Looking himself over in the mirror, seeing his hair tussled and face wet, Turley lodged a protest with no one in particular: Ive barely been here three months. The iPremier Company Founded in 1996 by two students at Swarthmore College, the iPremier Company had evolved into one of the few success stories of web-based commerce. From its humble beginnings, it had risen to become one of the top two retail businesses selling luxury, rare, and vintage goods on the web. Based in Seattle, Washington, the firm had grown and held off incursions into its space from a number of well-funded challengers. For the fiscal year 2006, profits were $2.1 million on sales of $32 million. Sales had grown at more than 20% annually for the last three years, and profits, though thin somewhat variable, had an overall favorable trend. Immediately following its Initial Public Offering in late 1998, the companys stock price had nearly tripled. It had continued up from there amid the euphoria of the 1999 markets, eventually tripling again. A follow-on offering had left the company in a strong cash position. During the NASDAQ bloodbath of 2000, the stock had fallen dramatically but had eventually stabilized and even climbed again, although not to pre-2000 levels. Since then, the company had held its own, recovering from a difficult period by streamlining and focusing its business to achieve profitability when others couldnt. Eventually the company began to grow again, though more slowly than before. In the treacherous business-to-consumer (B2C) segment, iPremier was one of a very few survivors. Most of the companys products were priced between fifty and a few hundred dollars, but there were a small number of items priced in the thousands of dollars. Customers paid for items online using their credit cards. The company had flexible return policies, which were intended to allow customers to thoroughly examine products before deciding whether to keep them. The iPremier customer base was high-endso much so that credit limits on charge cards were rarely an issue, even for the highest-priced products. Management and Culture The management team at iPremier was a mix of talented young people who had been with the company for a long time and more experienced managers who had been gradually hired as the firm grew. Recruitment had focused on well-educated technical and business professionals with reputations for high performance. Getting hired into a senior management position required excelling in an intense series of three-on-one interviews. The CEO interviewed every prospective manager at the director level and above. The reward, for those who made the grade, was base compensation above the average of managers at similar firms, and variable compensation that could be a significant multiple of the base. All employees were subject to quarterly performance reviews that were tied directly to their compensation. Unsuccessful managers did not last long. Most managers at iPremier described the environment as intense. The company stated its governing values in terms of discipline, professionalism, commitment to delivering results, and partnership for achieving profits. Unlike many Internet companies, iPremier had taken a balanced approach to growth and profitability, although growth had tended to rule the day. Throughout the 3 601-114 The iPremier Company (A): Denial of Service Attack company, there was a strong orientation toward doing whatever it takes to get projects done on schedule, especially when it came to system features that would benefit customers. The software development team was proud of its record of consistently launching new features and programs a few months ahead of a major competitor, MarketTop. Value statements aside, it was well understood by senior managers that their compensation and future prospects with the company depended on executing to plan. Managers pursued the numbers with obsessive zeal. Technical Architecture The company had historically tended to outsource management of its technical architecture and had a long-standing relationship with Qdata, a company that hosted most of iPremiers computer equipment and provided connectivity to the Internet. Qdata was an early entrant into the Internet hosting and colocation business, but it had been battered by the contraction of the Internet bubble and lost any prospect of market leadership. The facility was close to the corporate offices of iPremier; some felt there was little else to recommend it. Qdata was a steady provider of basic floor space, power, connectivity, environmental control, and physical security, and it offered some higher-level management services, such as monitoring of websites for customers at its network operations Center (NOC) and some Internet security services (such as the firewall service used by iPremier). But Qdata had not been quick to invest in advanced technology and had experienced difficulty in retaining staff. The iPremier Company had a long-standing initiative aimed at eventually moving its computing to another facility, but several factors had conspired to keep this from happening. First, and most significant, iPremier had been very busy growing, protecting its profits, and delivering new features to benefit customers; hence the move to a better facility had never quite made it to the top of the priority list. Second, the cost of more modern facilities was considerably highertwo to three times as expensive on a per-square-foot basis. The computers at iPremier occupied a great deal of space, so a move to another facility would have increased costs enough to affect the slender but increasing profit trend the company was eager to maintain. Third, there was a perceptionnot necessarily supported by fact, according to the operations staffthat a move might risk service interruption to customers. The operations staff maintained that with appropriate modernization of the computing infrastructure, growth could be accomplished by adding installations in other facilities, rather than by expanding floor space in the existing facility. The work of planning how this might be carried out had never been done, however. Finally, one of the founders of iPremier felt a personal commitment to the owners of Qdata because the latter company had been willing to renegotiate their contract at a particularly difficult time in iPremiers early days. Exhibit 1 provides a diagram of iPremiers technical architecture. 4:39 AM Turley situated himself at the desk in his hotel room and began paging through the digital phonebook on his cell phone. Before he could find the number for Joanne Ripleyhis technical operations team leaderthe phone began to chirp. The incoming call was from Ripley. Hello, Joanne. How are you this morning? A cautious laugh came from the other end of the circuit. About the same as you, Im guessing. I assume Leon reached you. 4 The iPremier Company (A): Denial of Service Attack 601-114 He did, but he doesnt know anything. Whats going on? I dont know much either, yet. Im in the car, on my way to the colo. Cant you do something from home? Wellno. Leon cant access any of the boxes behind the firewall via the line at the office,3 so something is screwy with our connectivity to the colo. Sounds like a problem outside the perimeter of our architecture. I called Qdata, but they assured me theres no problem with connectivity into or out of the building. Theyre looking into it further, but their night shift is on duty. I dont know where they get those bozos. I havent talked to anyone yet who knows what hes doing. How long till you get there? Im driving fast and running red lights. I ought to be there in five minutes. How long after that until we are back up and running? That depends on whats wrong. Ill try restarting the web server as soon as I get there, but if someone has hacked us, or if theres some kind of attack going on, that might not do it. Did Leon tell you about the e-mails? The ha, ha e-mails? Yeah. Makes it sound like something deliberate. Id have to agree with that. No chance its a simple DoS attack? I doubt its a simple DoS attack; weve got software thats deals with those. Can we track the e-mails? Not soon enough. Theyre coming through an anonymizer thats probably in Europe or Asia. If were lucky well find out sometime in the next 18 months who sent them. Then well discover theyre originating from some DSL-connected PC in Podunk, Idaho, and that the Joe Schmo who owns it has no idea that its been compromised by hackers. Any chance theyre stealing credit cards? Theres really no way of knowing without more info. Should we pull the plug? Physically disconnect the communications lines? We could. But if we start pulling cables out of the wall it may take us a while to put things back together. Right now most of our customers are asleep. Joanne, dont we have emergency procedures for times like this, a binder or something at least? I dont think Ive seen it but it comes up when people mention our business continuity plan. When I mentioned it to Leon, he seemed to have no idea what I was talking about. 3 The hosting facility where the production computer equipment was housed was connected to the iPremier Companys offices via a leased communication line. This line would ordinarily permit people at the office to connect to production computers without traversing the public Internet. 5 601-114 The iPremier Company (A): Denial of Service Attack Weve got a binder, said Ripley. Ive got a copy with me. Keep it in my car. Theres one at the office too, even if Leon cant find it. But to be honest, wellits out of date. Lots of people on the call lists dont work here anymore. I dont think we can trust the cell phone numbers and I know some of the technology has changed since it was written. Weve talked about practicing incident response but weve never made time for it. Hmm. So whats the plan when you reach the colo? Whoops. There was a pause while Ripley negotiated a traffic obstacle. Sorry. Let me restart the web server and see what happens. Maybe we can get out of this without too much customer impact. Turley thought about it for a moment. Okay. But if you see something that makes you think credit cards are being stolen, I want to know that immediately. We may have to take drastic action. Understood. Ill call you back as soon as I know anything. Good. One more thing: Who else knows this is going on? I havent called anyone else. Leon might have. Ill call him and call you right back. Thanks. Turley flipped his cell closed then picked up the hotel phone. After a series of transfers, he found someone who would bring coffee to his room, despite the odd hour. Never before had he so desperately wanted coffee. Just as he replaced the hotel phone his cell rang again. Damn. It was Warren Spangler, VP of business development. Turley remembered vaguely that Leon Ledbetter had come into the organization via a recommendation by Spangler. They were old high school buddies or something. Ledbetter had almost certainly called Spangler. Hi, Warren, said Turley, flipping the phone open. Hi, Bob. I hear weve got some kind of incident going on. Whats the story? Somethings definitely going on, but were not sure what yet. Were trying to minimize customer impact. Fortunately for us its the middle of the night. Wow. So is it just a technical problem or is somebody actually doing it to us? Turley was eager to call the chief technology officer (CTO), so he didnt really have time for this discussion. But he didnt want to be abrupt. He was still getting to know his colleagues. We dont know. Look, Ive got to Leon said something about e-mails Yes, there are suspicious e-mails coming in so it could be someone doing it. Oh, man. I bet the stock takes a hit tomorrow. Just when I was going to exercise some options. Shouldnt we call the police? Sure, why dont you see what you can do there, thatd be a big help. Look, Ive got to 6 The iPremier Company (A): Denial of Service Attack 601-114 Seattle police? Do we know where the e-mails are coming from? Maybe we should call the FBI? No. Wait. If we call the police, the press might hear about this from them. Whoa. Then our stock would really take a hit. Ive really got to go, Warren. Sure thing. Ill start thinking about PR. And Ill work with Leon on this end. We got you covered here, bro. Keep the faith. Will do, Warren. Thanks. Turley ended that call and began searching through his cell phones memory to find the number for Tim Mandel, the companys CTO. He and Mandel had already cemented a great working relationship. Turley wanted his opinion. Just as Turley was about to initiate the call, though, another call came in from Ripley. Turley flipped the phone open and said: Leon called Spangler, I know. Anything else? Ah, no. Thats it for now. Bye. Turley dialed Mandel. At first the call switched over to voicemail, but he retried immediately. This time Mandel answered sleepily. It took five full minutes to wake Mandel and tell him what was happening. So what do you think, should we just pull the plug? Turley asked. I wouldnt. You might lose some logging data that would help us figure out what happened. Whatever we do, we want to preserve evidence of what has happened or else we may never know exactly. Im not sure thats the most important thing to me right now, knowing exactly what is happening. I suggest you change your mind about that. If you dont know what happened this time, it can happen again. Worse than that, if you dont know what happened, you wont know what, if anything, you need to disclose publicly. Turley thought about that for a moment. What if they halted the attack but he could not be sure of the danger, if any, to customer information? What would the company need to say publicly? It was too much to sort out on the fly. Mandel was saying something else. Come to think of it, Bob, preserving the logs is irrelevant because Im pretty sure detailed logging is not enabled. Detailed logging takes up a lot of disk space on the server. To run at higher logging levels we would have to add significantly to our storage arrays and Ive never been able to convince the finance guys that the expenditure was necessary. Plus detailed logging adds a performance penalty of about 20%, impacts the customer experience; nobodys been game for that. So we arent going to have evidence of what happened anyway. Therell be some, but not as much as well want. Another call was coming in. Hold on, Tim. Turley kicked the phone over to the waiting call. It was Peter Stewart, the companys legal counsel. What was he doing awake? 7 601-114 The iPremier Company (A): Denial of Service Attack This is Turley. Hey, Bob, its Pete. Pull the plug, Bob. Shut off the power, pull the cords out of their sockets, everything. We cant risk having credit cards stolen. Spangler call you? Huh? No, Jack. Samuelson. He called me three minutes ago, said hackers had control of our web site. Told me in no uncertain terms to call you and provide a legal perspective. Thats just what he said: provide a legal perspective. So the CEO was awake. The result, no doubt, of Spanglers helping from that end. Stewart continued to speak legalese at him for what seemed like an eternity. By this time, Turley was incapable of paying attention to him. Thanks for your thoughts, Pete. Ive got to go, Ive got Tim on the other line. Okay. For the record, though, I say pull the plug. Ill let Jack know you and I spoke. Thanks, Pete. Turley switched back over to the call with Mandel. Spanglers got bloody everybody awake, including Jack. I recommend you get dressed and head into the office, my friend. Is Joanne on this? Yes, shes at the colo by now. Turleys phone rang. Got a call coming in from her now. He switched the phone. Whats up Joanne? Well Im at Qdata, she said in an angry voice, and they wont let me into the NOC. Theres no one here who knows anything about the network monitoring software and thats what I need to use to see the traffic coming into our site. The Qdata guy who can do it is vacationing in Aruba. I tried rebooting the web server, but weve still got a problem. My current theory is an attack directed at our firewall, but to be sure Ive got to see the packets coming in, and the firewall is their equipment. You got an escalation contact to get these dudes off their butts? Im in New York, Joanne. Ive got no Qdata contact information with me. But let me see what I can do. Okay. Ill keep working it from this end. The security guard doesnt look too fierce. I think I could take him. Do what you can. Turley hung up. He noticed that Mandel had disconnected also. For a moment Turley sat back in the chair, not sure what to do next. There was a knock at the door. Coffee. Good news, for a change. 8 The iPremier Company (A): Denial of Service Attack 601-114 5:27 AM He had just taken his first sip of hot coffee when he got the call hed been dreading. It was from Jack Samuelson, the CEO. Hi Jack. Bob. Exciting morning? More than I like it. Are we working a plan? Yes, sir. Not everything is going according to plan, but we are working a plan. Is there anything I can do? Actually, Jack, there is. Call someone senior at Qdata and tell them we need their full and immediate support. Theyre giving Joanne the runaround about access to their NOC. Ill do that right now, Bob. Thanks, Jack. Bob, the stock is probably going to be impacted and well have to put a solid PR face on this, but thats not your concern right now. You focus on getting us back up and running. Understand? I do. The call ended. It had gone better than Turley had feared. He avoided the temptation to analyze Samuelsons every word for clues to his innermost thoughts. Instead, he dialed Joanne. Hi, Bob, she said, sounding mildly cheerful. They let me in. Im sitting in front of the console right now. It looks like a SYN flood4 from multiple sites directed at the router5 that runs our firewall service. So it is DoS attack, just not a simple one. By the way, this is not a proper firewall, Bob; we need to work on something better. Fine, but what can we do right now? Well, looks like the attack is coming from about 30 sites. If the guys here will let me, Im going to start shutting down traffic from those IP addresses.6 Samuelson is waking up the senior guys at Qdata. If the night shift gives you any trouble, tell them its going to be raining executives really soon. 4 Each conversation with a web server begins with a sequence of handshake interactions. The initiating computer first sends a SYNCHRONIZE or SYN. The contacted web server responds with a SYNCHRONIZE-ACKNOWLEDGE or SYN-ACK. The initiating computer then completes the handshake with an ACKNOWLEDGE or ACK. A SYN flood is an attack on a web server intended to make it think a very large number of conversations are being initiated in rapid succession. Because each interaction looks like real traffic to the website, the web server expends resources dealing with each one. By flooding the site, an attacker can effectively paralyze the web server by trying to start too many conversations with it. 5 As the name suggests, a router is a hardware platform that routes traffic across internal networks and the Internet. 6 An IP address corresponds to a particular machine located somewhere on the Internet. 9 7. 601-114 The iPremier Company (A): Denial of Service Attack Samuelson, huh? So everybodys up for our little party. Okay, Im going to try shutting off traffic from the attacking IP addresses. Ill have to set the phone down for a minute. There was a pause of a couple of minutes. Turley heard some muffled conversation in the background, then several exclamations. Ripley came back on the line. Damn it, Bob, theyre spawning zombies. Its Dawn of the Dead out there. Youre going to have to translate that one for me, Ripley. Every time we shut down traffic from an IP address, the zombie weve shut off automatically triggers attacks from two other sites. Ill try it a few more times, but right now it looks like thats just going to make things worse. If its a denial of service attack, they havent hacked us, right? It means its not an intrusion. They havent gained entry to our system. So credit cards and customer data are safe. Can we say that? Theres nothing that makes a DoS attack and an intrusion mutually exclusive. And targeting the firewall strikes me as a fairly sophisticated tactic. Im not so sure these are script kiddies7, Bob. It was not the comforting answer he had hoped for, but it would have to do for the time being. Ill let you get back to it. Call me with an update when there is something to tell.” Turley hung up and thought about whether to call Samuelson and what to tell him. He could say that it was a DoS attack. He could say that the attack, by itself, was not evidence that customer information was at risk. But Turley wanted to think some more before he went on record. Hed talk to Tim, see what he thought. For a moment, everything was quiet. He put the cell phone down and poured another cup of coffee. Pacing across the room, he picked up the TV remote and hit the on button. A movie appeared, an old Hitchcock film. An airplane was strafing Cary Grant. He muted the sound then walked to the window and pulled the curtain aside. There was a red glow in the sky to the east. His cell phone rang. He went and picked it up. It was Ripley. It stopped, she said excitedly. The attack is over. What did you do? Nothing. It just stopped. The attack just stopped at 5:46 AM. Sowhat do we do now? The website is running. A customer who visits our site now wouldnt know anything had ever been wrong. We can resume business as usual. Business as usual? Actually, Id recommend that we give everything a proper going-over after an attack like this. We really ought to do a thorough audit. Ive been thinking about how they targeted the firewall, and I dont think it sounds like script kiddies. 7 Script kiddies are relatively unsophisticated hackers who use automated routinesscriptswritten by other more sophisticated hackers. These scripts are available to anyone willing to spend a little time searching for them on the Internet. 10 The iPremier Company (A): Denial of Service Attack 601-114 Sit down when you get a chance and write me an e-mail that summarizes what you think we should do. Tell me how whatever you recommend will impact on customers, if at all. Ive got to figure out what to tell Samuelson.