Thursday, October 4, 2012

Week 1 Graded submission, part 3

This question requires a little background. Adagia Telecom is a fictional company that on the launch day of a much hyped value-add web service they had severe network problems and the launch fully flopped. Server logs looked at after the fact suggest a DDoS attack.

Topic – How would compliance have prevented the attack against Adagia Telecom? Should Adagia report this attack to law enforcement? Why or Why not? If the crime is reported, what challenges might law enforcement have in finding the perpetrator and prosecuting the case?

As the initial question of the topic is vague and relies on a prior understanding of compliance, I am first going to address what it is. According to page 22 in UMUC, compliance centers around having a solid set of administrative controls regulating process and defining who has specific responsibilities related to said controls. Relevant to the Adagia situation are the controls of solid training and procedures and responsibilities of risk determination and the creation of appropriate procedures.

Successful effective compliance in instances of the stated examples could have helped reduce or even eliminate the impact that the alleged distributed denial of service (DDoS) caused. With appropriate levels of training about system defense and scalability, the system administrators could have identified the beginning of the incoming DDoS and reacted effectively. Proper training and established procedures in preparation for this contingency could have possibly resulted in the administrators engaging is successful congestion control and packet filtering. (Xiang, 2006, p 560) Such preparation and creation of the requisite procedures are not possible if the system’s risks were not effectively identified, though.

Adagia should notify the FBI and share their logs, if for no other reason than to provide law enforcement visibility into the fact that the attack occurred. Criminal DDoS attacks typically consist of an attacker controlling large numbers of compromised computers, with those systems being the ones actually communicating with the victim. This indirection, especially combined with intentional anonymizing actions the attack may use like proxies, means that an after the fact investigation is unlikely to lead back to the source attacker. Even if law enforcement is able to locate the system, there could be significant legal roadblocks before prosecution, like jurisdiction issues and an inability to connect the attacking system with the attacking user.

Matthew

UMUC (2010). Human Aspects in Cybersecurity: Ethics, Legal Issues, and Psychology. Retrieved 26 September 2012 from: http://tychousa9.umuc.edu/CSEC620/1102/csec620_01/assets/csec620_01.pdf

Xiang Y., Zhou W., (2006) "Protecting web applications from DDoS attacks by an active distributed defense system", International Journal of Web Information Systems, Vol. 2 Iss: 1, pp.37 - 44 Retrieved 26 September 2012 from: http://research.mercubuana.ac.id/proceeding/iiWAS2004(586-595).pdf

No comments:

Post a Comment