On January 12th, 2007 at 4:31am, Bob Turley, CIO of the iPremier Company, received a panicked phone call from his IT operations staff. Their external facing website was “locked up” and could not be accessed by anyone, including their customers. iPremier is a web-based business that generates revenue through solely processing online orders. While the web server was down, the company could not accept any new orders or allow their customers to view their products. An inadequately third-party managed and configured router/firewall allowed hackers to execute a DOS (Denial of Service) attack on iPremier. I recommend purchasing a new firewall solution that will be managed and configured by the Company’s IT staff internally. This …show more content…
This DOS attack prevented iPremier from selling products, and letting customers view products, on their website. This is the sole presence of the business, and when the website is down, the company cannot generate revenue. All responsible parties and managers were quickly involved and attempted to mitigate negative consequences to the company. There appeared to be a slight disconnect between the legal and functional leadership advice across the board. The website was only down for a little over an hour and iPremier states there was no substantial impact to the business at this time.
Problem and Alternatives
This denial of service attack occurred due to inadequate firewall configuration and management. This problem was further amplified by the fact that the firewall service was hosted by a third-party vendor, Qdata. iPremier recognized staffing and general IT knowledge and management issues with Qdata in the past, but chose not to act upon their discoveries. iPremier did not have any active monitoring of the firewall and only knew there was a series business operating issue only when the web server was fully unreachable and unresponsive. One solution is for iPremier to purchase their own firewall where they can apply the proper configuration to prevent further attacks. This level of management will also provide them with advantages where they could fully monitor the device and to setup alarms indicating when there is a potential issue.