Embed Size (px)
Citation preview
Distribute.IT – A Case Study
Background
• Formed 2002 as a startup• Web Services provider
− Domain name registrar
− Web/Server Hosting
− SSL Products
− SMS messaging• ~10% Market Share - .au domain names• Offices in Melbourne & Jakarta• 30+ Employees• 200,000+ domain name clients• 30,000+ hosting clients• 8-10 million SMS messages per annum• 3,000+ Resellers• Profitable, growing, cash flow positive business
Initial Breach
Fri. 3/6 4/6
Fri.10/6
BreachDetected
Network Lockdown
5/6 6/6 7/6 8/6 9/6
CustomerFallout
Compliance
Reconfigure Entire Network
June 3 – June 10, 2011
Major BreachJune 11 – June 23, 2011
Sat. 11/6 12/6 13/6 14/6 15/6 16/6 17/6 18/6 19/6 20/6 21/6 22/6 23/6
~ 4:30 pm ‘Major’
Incident
~ 5:30 pm Shutdown
entire network
Network Rebuild
Major BreachJune 11 – June 23, 2011
Sat. 11/6 12/6 13/6 14/6 15/6 16/6 17/6 18/6 19/6 20/6 21/6 22/6 23/6
~ 4:30 pm ‘Major’
Incident
~ 5:30 pm Shutdown
entire network
Network Rebuild
ClientComms
Social Media
Compliance
auDA nzDNC ICANN
AFP
First Servers come back online
Approx. 96% of servers online
AnalysisStaff Loss
AFP Meetings
Customer Loss
Board Meeting
Media
Complete Assessmen
t
Board Meeting
Solvency? Insurance
Compliance
Governing Body Support (auDA, etc)
Social Media
Media
Government
Media
Announcement Re: 4 servers
Liquidator Meetings
Staff Loss
Privacy Commissioner
Banks
Accreditations
Damage Mitigation
Sale of Assets to Netregistry
Lessons Learnt
• Cyber Security is not just an IT issue
• Security is a Process – not a static position
• Governance and Risk (Information Security Management)
Questions?
DISCLAIMER OF LIABILITY
While every effort is made to provide accurate and complete information, CQR Consulting Pty Ltd and/or Distribute.IT Pty Ltd and/or the presenters do not warrant or represent that the information in this presentation is free from errors or omissions or is suitable for your intended use. The information provided in this presentation may not be suitable for your specific situation or needs and should not be relied upon by you in substitution of you obtaining independent expert advice. Subject to any terms implied by law and which cannot be excluded, CQR Consulting Pty Ltd accepts no responsibility for any loss, damage, cost or expense (whether direct or indirect) incurred by you as a result of any error, omission or misrepresentation in information in this presentation. All information in this presentation is subject to change without notice. Reproduction (in whole or in part) of this presentation only with the prior written consent of the author(s).
![e-registrar ระบบทะเบียนออนไลน์ · [ e-registrar ] Help desk & Info Internet. . SSL. ระบบความปลอดภัยข้อมูล](https://img.pdfslide.us/doc/110x75/5fca501927c1c04bef55cfce/e-registrar-aaaaaaaaaaaaaaaaaaoe-e-registrar.jpg)
