Professional Documents
Culture Documents
Chapter 5 - IT Security Chain and Disaster Recovery Plan-2
Chapter 5 - IT Security Chain and Disaster Recovery Plan-2
Penetration Testing is
▪ Vulnerability Assessment yung ita-try i-hack yung
▪ Penetration Testing system para malaman
▪ Network Intrusion Detection kung gaano ka-effective
System (NIDS) yung security.
Password Salt and Peppering
▪ Adding a “salt” or random
data to a password makes
common passwords less
common.
▪ A “pepper” is also a
random value attached to
the password, which is
helpful in slowing hackers
down.
Password Salt and Peppering
▪ For example ang gusto mong password is
“apple.”
▪ Syempre very common sya, madaling
mahulaan ng mga password cracking
software.
▪ To make it more secure, pwede mo syang
lagyan ng “salt” like gawin mo syang:
@ppl3
▪ Tapos pwede mo pa syang dagdagan ng
“pepper” like pwede mo syang lagyan ng
random number: @ppl39741
Virtual Private Network (VPN)
▪ An encrypted connection
over the Internet from a
device to a network.
▪ The encrypted connection
helps ensure that sensitive
data is safely transmitted.
Virtual Private Network (VPN)
▪ VPNs are great to masked yourself in the
internet.
▪ Some even use VPN as a disguise like when
gusto mong maaccess yung isang website
or app pero naka-block sya sa country mo
▪ Like when binlock ng India ang maraming
apps from China
▪ Just be careful lang dahil baka nirerecord
na ng VPN provider mo yung ilang
confidential information mo
Application Whitelisting
▪ Prevents unauthorized apps from
running on a computer
Firewalls
▪ Block unauthorized access to a
network or data interceptions
Honeypots
▪ Decoy databases that attract
hackers but do not house any
important information.
Application Whitelisting
▪ Example nito is when naka-block
ang mga social media, gaming,
and other leisure apps and
websites sa university or office
computers.
▪ Others naman is bawal ka mag-
install ng program para
maprotektahan yung computer
from malwares.
Antivirus Software
▪ A program or set of programs
that are designed to prevent,
search for, detect, and remove
software viruses, and other
malicious software.
Encryption
▪ Decoding data, in transit or at
rest, including end-to-end
encryption often used in
messaging apps and platforms
that only allows encrypted
messages to be read by sender
and receiver.
Malwares
▪ Short for malicious software
▪ Malware is any piece of
software that was written with
the intent of damaging devices,
stealing data, and generally
causing a mess. Malwares
Virus
▪ Infects files then replicates to
infect other files
▪ Can spread uncontrollably,
damaging a system’s core
functionality by deleting or
corrupting files. Examples of Malware
▪ Usually appear as an executable
file (.exe)
Worms
▪ Acts like a virus
▪ But viruses needed a “trigger”
to start infecting such as when a
person opens an exe file of a
virus
▪ Worms can self-replicate as soon
Examples of Malware
as they have breached the
system without a trigger
Trojans
▪ Disguises itself as legitimate
software or is hidden in
legitimate software that has
been tampered with.
▪ Acts unnoticeably and create
backdoors in your security to let Examples of Malware
other malware in.
Spyware
▪ Designed to spy on you
▪ Hides in the background
▪ Records what you do online,
including passwords, credit card
numbers, surfing habits, etc.
Examples of Malware
Ransomware
▪ Typically locks down your
computer and your files or a
website and threatens to erase
everything unless you pay a
ransom.
Examples of Malware
Adware
▪ Not always malicious in nature
▪ But aggressive advertising
software can destabilize your
security just to serve you ads
which can give other malware an
easy way in. Examples of Malware
▪ Plus pop-ups are really annoying.
Botnets
▪ Networks of infected computers
that are made to work together
under the control of an attacker
Examples of Malware
IT Disaster
Recovery Plan
IT Disaster Recovery Plan
▪ A critical process that can help
an organization survive and
recover in case of disaster –
whether a natural disaster,
accidental data loss, or
malicious cyberattack.
▪ The typical structure of this plan
is shown on the next pages.
What does the organization
aims to achieve?
▪ Target Recovery Time
▪ Maximum downtime
allowed for each critical
system Goals
▪ Maximum amount of
acceptable data loss
Who is responsible for
executing the plan?
Personnel
List hardware and
software assets, their
criticality, and whether
they are leased, owned, IT inventory
or used a service
How and where (exactly on
which devices and in which
folders) each data resource Backup
is backed up, and how to Procedures
recover from backup.
Emergency response to
minimize damages, last-
minute backups, mitigation, Recovery
and eradication (for Procedures
cybersecurity threats).
▪ A robust plan should
include a hot disaster
recovery site – an
alternative data center in a
remote location that has all
critical systems, with data
Recovery
replicated or frequently Sites
backed up to them.
▪ Operations can be switched
over to the hot site when
disaster strikes.
Procedures for recovering from
complete systems loss to full
operations Restoration