The Denial of Service Attack Case

Summary

Denial of Service Attack (DoS) is an attack on a computer system with an aim of stopping service delivery to the intended recipient. It is a malicious effort by a rogue person to prevent internet access completely or to make it function inefficiently. A common way of denial of service attack involves saturation of the target computer system with many external interrupts requesting the system’s attention. In such a case the computer processor transfers its control from the routine programs and starts responding to the flooding requests consequently rendering itself unavailable for the routine traffic. If it responds to its routine traffics, then the response is too slow (Dana, 2006).

Denial of service attack may involve consumption of disk space and the internet bandwidth, misconfiguration of the network routing system, disruption of network components such as routers, repeaters and hubs and communication obstruction.

According to Austin et al. (2007), denial of service attack manifests themselves through the following symptoms; crashing of the computer operating system, slow network performance, unavailability of some internet websites or total inability to access any site and flooding of spam mails.

During the seventy-five minute attack, the iPremier company’s performance in terms of service delivery to its customers was slightly affected since some customers had tried accessing the company’s website to no avail. It was inconvenient to these customers since they could not access the needed information at that time. However, depending on the time duration it took for the attack to clear itself, it was easier for iPremier to convince the inconvenienced customers that it was a routine maintenance interrupt by the internet service provider that occasionally happens during such hours of the night when most of the company’s customers are not using the service outlet channel. The stock value was not affected because the attack took place during the night when most of the company’s customers were asleep and lasted only for a short time (Xiang & Zhou, 2006).

If I were Bob Turley I could have taken the following measures during the attack: Firstly, to look for an internet access point around and try to access the website of iPremier so as to personally gain knowledge of the effect of the attack. Secondly, I could have located the contacts of iPremier’s internet service provider, that is Qdata and “colo” and called them to request them to try to identify the origin of the spam and filter them from reaching iPremier’s firewall with the help of those above them in the protocol of internet service provision. Upon failure to fix the attack, I could have then requested them to shut down iPremier’s Portal so as to prevent any suspicious effects of the attack on the credit cards. Thirdly, I could have taken a legal course by calling the FBI to inform them of the attack so that in case of any damage after the attack, they may help iPremier to pursue the attacker. Lastly, I could then call all the company managers to inform them of the steps I have undertaken to safeguard the interests of the company as a matter of urgency (Manion et al., 2001).

What to worry about after the denial of service attack and the recommendations

After the attack, I would worry about the attacker, the intention of the attack, and the effects of the attack on the company’s business and the vulnerability of the company to such an attack in the future.

To prevent future occurrence of denial of service attacks I would make the following recommendations for iPremier:

  1. The installation and use of communication packet filters by Qdata and iPremier.
    A packet filter is a network device that selectively passes or blocks specific data packets as they go through the communication network interface. It permits only data packets that meet the security requirements of the networks and block the rest. This will help prevent packets of data from suspicious IP addresses from reaching the company’s service portal. Packet filtering provides some security measures against denial of service attacks.
  2. Installation of up-to-date computer securities such as virus scanners and firewall systems.
    According to Austin et al. (2007), a firewall is a software and hardware combination of a computer system designed to block unauthorized access to a computer or a database server. It filters all the data packets leaving and entering an intranet portal and blocks those that fall short of the security requirements of that portal. The firewall and anti-virus should be constantly updated and routine scanning of the system performed to keep off the security threats from the company’s computers (Tsui, 2001).
  3. Installation of network sensor monitors by Qdata.
    These are internet security devices that perform internet traffic scanning and send information to the various servers or computers to determine their health status. This helps to prevent such computers from becoming either victims or sources of denial of service attacks (Jacobsen, 2004). Internet scanners can detect malware on the network and route their origin. This is helpful in the identification of an attacker in case it happens so that legal pursuit can be taken.
  4. Establishment of a detailed contingency measure.
    This involves laying down the procedure to be followed in time of denial of service attack. It establishes the contact person in the iPremier and internet service provision protocol who should be contacted in time of the attack for a quick solution, alternative communication channels to be used in time of the attack, instructions for action to be taken and the storage of materials needed during the attack for data rescue like magnetic tapes (Hange, 2010).
  5. Restriction of access permissions to computers and database servers.
    iPremier should categorize access rights to the computer network system for basic access and for administrative purposes. This will protect the database against alterations and misconfiguration by the non-technical company staff. Restriction of administrative rights to technical personnel offers some level of security against entry of some malicious programs like worms and viruses that may crash the system. This is essential when there is a need to install application software. In this case, such undertakings should be restricted to administrative rights. This prevents the installation of non-authentic programs which may have been packaged with network malware that cannot be identified by non-technical staff.
  6. Blocking of active websites that are not authentic to the company’s usage.
    Some of the sites on the internet are potential grounds for internet hackers and rogue programmers. Denial of service attackers may upload some malware programs on some internet links and configure them in such a way that they automatically install themselves in the computer upon clicking on such links. Blocking all the sites that are irrelevant to the company’s service provision will help reduce the risks of exposure to attacks.

Internet service provision infrastructure

Architecture Infrastructure
Qdata facility It comprises The internet router, Ethernet switch, DNS servers and the Network management
The internet router links Qdata network to a global or public network. The Ethernet switch is used to inter-link the network segments like the Domain Name System (DNS) Server which translates human memorable domain into Internet Protocol (IP) addresses. Network management comprises activities that guarantee the availability of network connectivity.
iPremier company cage It comprises Web server cluster, router firewall, Web accelerator, Ethernet switches, SMTP/PCP server, Network management and database server.
A webserver cluster is an interconnection of several servers managed from one point.
Web accelerator reduces internet web access. Router firewall is a security feature against malware. SMTP/PCP server is a mail transfer protocol that allows the access of information from the database server.

References

Austin, R. D., Leibrock, L., & Murray, A. (2001). The iPremier Company. (A): Denial of Service Attack. Boston, MA: Harvard Business School.

Dana, H. (2006). DOS Attacks – Denial of Service Attacks: The Complete Guide to DOS attacks. Web.

Hange, M. (2010). Recommendations for the Protection against Distributed Denial-of-Service Attacks on the Internet: Federal Office for Information Security (BSI) publication. Web.

Jacobsen, O. J. (2004). A quarterly technical publication for internet and intranet professionals. The internet protocol journal, 7 (4), 13-36.

Manion, A., Pesante, L., Weaver, G. M., & Thomas, R. (2001). Managing the Threat of Denial-of-Service Attacks. Web.

Tsui, K. (2001). Tutorial-Virus (Malicious Agents). Alberta: University of Calgary publication.

Xiang, Y., & Zhou, P. (2006). Protecting web applications from DDoS attacks by an active distributed defense system. International Journal of Web Information Systems, 2 (1), 37- 44.