Tuesday, May 5, 2020
Cybercrime and Information Systems Controls- myassignmenthelp
Question: Discuss about theCybercrime and Information Systems Controlsfor iPremier. Answer: Introduction The report aimed to study a case of DoS attack incident occurred in iPremier organization during January 2009. iPremier is successful web-based high-end retailer organization; during 2009, the organization was shut down by Distributed Denial of Service (DDoS) attack. However, series of event occurred before, during and after the cyber attack; the case study clearly stated all of them. In short, Jack Samuelson, CEO appointed Bob Turley as CIO; Joanne Ripley was Tech Team leader, Leon Ledbetter worked as tech specialist and Leon detected the attack. Bob Turley was distant from iPremier headquarters; so he took follow-up of everything over phone calls. Joanne Ripley reached data center for taking preventive actions on her own; without any precautions considered. CEO, Jack Samuelson took authority for taking corrective actions against DDoS attack; he was distant from the incident too. Apparently, all measures in iPremier failed to stop the DDoS attack; they had to wait until the attack s tops and security breach occurred. In this report, the researchers have provided critical evaluation of iPremier management activities related to information security. The critical evaluation is followed with COBIT security control objectives. Certain justifications were discussed about whether security was foremost priority for iPremier or not. Furthermore, three measures are mentioned in the report that is taken so that DoS attack can be prevented. However, these actions were obvious failure from preventing the attack from happening. The CIO thought about pulling off cord, shutting off power thing. As per realistic thinking, shutting off power and pulling out cords could lead to loss of log files. Therefore, log data recovery will be minimal for clients and higher authority. Some internal controls are mentioned in later sections so that iPremier can detect, prevent and correct their operations in cyber security. For iPremier case study, some measures were available that could be adopted for preventing the cyber attack. Data center monitoring: CIO Bob Turley asked Leon Ledbetter for calling data center professionals to look into obvious hacked incident. iPremier retailer organization had recruited 24/7 monitoring professionals for performing investigations, daily assessments, and network monitoring activities. However, Joanne Ripley reached the datacenter at QData and came to know that datacenter professional was at vacation in Aruba. For the time being, the web server was rebooted; however, source of attack was unknown and attack was not stopped. Joanne Ripley tried to shut down the traffic from attacking addresses; but the attackers spawned zombies. Every time Joanne tried to shut down traffic from single attackers address; shut down zombie triggers attack from ten other sites and the attack continued. Emergency procedures: Bob Turley mentioned about emergency procedures; whether it can be adopted for stopping the attack. Joanne Ripley served the information that the organization had two binders; both are out of date. Physical measures: Bob Turley thought of pulling off plugs, disconnect communication links, power cards; shutting off the power to stop credit card being stolen. Their network engineer had protested; it will ruin everything. Tim answered that this will cause loss of logging data. There will be huge public disclosure issues as well. On the contrary, detailed logging is disabled in servers and hence, log preservation is irrelevant. Since, detailed logging consumes more disk space; finance managers were not willing to pay for additional disk spaces. However, if additional disk spaces were available and detailed logging was enabled; then detailed log data was stored. The iPremier authority could have this particular attack evidence based on technical details and timestamps mentioned in log files. However, to protect smaller log files, Tim asked Bob Turley not to take any physical measures whatsoever. If iPremier retailer organization requires to in-source their data center, they should consider some preventive, detection and corrective measures as internal control. The internal controls are mentioned as following: Detect DoS Attack: The iPremier runs their own server and therefore, they are able to identify when they are under attack. Therefore, the server end, IT professional end should have proper information about DoS attacks and they IT departments should have emergency procedures installed in system. It is recommended that DoS attack should be detected at from very first minute the website is hacked; otherwise, the sensitive information could be stolen. Sooner the attack is detected; the sooner network professionals can start taking preventive measures. Prevent at Network Perimeter: Few technical measures exist that can be considered for partial mitigation of attack effects. Especially when the attack started; in first few minutes, some technical measures can be considered in simple way. For instance, CIO, tech specialist, tech team leader can take certain actions as: Provide limit on bandwidth over router for controlling the web server being overwhelmed Add necessary filters to pass router for dropping network packets that are sent from obvious attack source Provide timeout with half-open connections immediately Drop spoofed or distorted network packets Set lower UDP, SYN, and ICMP flood drop thresholds However, some software and analytics tools should be implemented in the server end. ISP and network hosting should be null routed in order to bypass the infected network packets from genuine routers. Create DoS playbook: The best corrective measure is to create DoS playbook in the organization. DoS attack playbook should document every details of steps that should be followed for pre-planned response in case of attack. Playbook should include a fit out plan with all contact person names and contact number, addresses mentioned. Bibliography Anwar, S., Mohamad Zain, J., Zolkipli, M. F., Inayat, Z., Khan, S., Anthony, B., Chang, V. (2017). From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions.Algorithms,10(2), 39. Bartariya, S., Rastogi, A. (2016). Security in wireless sensor networks: Attacks and solutions.environment,5(3). Chlela, M., Mascarella, D., Joos, G., Kassouf, M. (2017). Fallback Control for Isochronous Energy Storage Systems in Autonomous Microgrids Under Denial-of-Service Cyber-Attacks.IEEE Transactions on Smart Grid. Khan, R., Maynard, P., McLaughlin, K., Laverty, D., Sezer, S. (2016, August). Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid. InICS-CSR. Kumar, U., Pandey, S. K. (2016, August). Dynamic Model on DDoS Attack in Computer Network. InProceedings of the International Conference on Informatics and Analytics(p. 11). ACM. Somani, G., Gaur, M. S., Sanghi, D., Conti, M., Rajarajan, M. (2016). DDoS victim service containment to minimize the internal collateral damages in cloud computing.Computers Electrical Engineering. Wu, Y., Wei, Z., Weng, J., Li, X., Deng, R. H. (2017). Resonance Attacks on Load Frequency Control of Smart Grids.IEEE Transactions on Smart Grid.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.