Unit 7 Task 1 - P1 Explain the impact of different types of threat on an organisation/M1 Discuss information security Potential threats - Malicious damage: Internal: This is where threats occur from within the business/network which can be very harmful. There are many threats that can happen internally for example Human error and damaging important system files. Whenever someone is using a PC, they must be aware of these type of internal threats as if they don’t, they are more likely to occur. Something like damaged files and operating system can happen because of a system issue like a memory leak from the hard drive but can also occur from a user doing something they shouldn’t or just from people who don’t understand what they are doing. An example of someone causing harm to a system would be if the user was to delete files without knowing the importance of the files. This could lead to files that are integral to the functionality of the PC to be deleted like ‘system32’. This is a huge problem as if this was to happen within a business it could affect them badly as important information could be at risk all down to human error. This is especially important for an organisation like a bank as they need to be very secure due to all the important information they have on customers. External: This is where instead of threats originating from within the business/network is instead threats coming from an external source like the internet. There is a huge amount of malicious software over the internet for example viruses, worms and trojans that can infect a network if the right precautions are not followed. One of the most popular forms of external damage is through hacking. This is a very popular method of causing damage and harm to a system as it allows the ‘hacker’ to penetrate a system and network externally which means they are able to do it from any location as long as they have what they need. Hacking can harbour many different threats from
Transcript
Unit 7
Task 1 - P1 Explain the impact of different types of threat on an organisation/M1 Discuss information security
Potential threats -
Malicious damage:
Internal: This is where threats occur from within the business/network which can be very harmful. There are many threats that can happen internally for example Human error and damaging important system files. Whenever someone is using a PC, they must be aware of these type of internal threats as if they don’t, they are more likely to occur. Something like damaged files and operating system can happen because of a system issue like a memory leak from the hard drive but can also occur from a user doing something they shouldn’t or just from people who don’t understand what they are doing. An example of someone causing harm to a system would be if the user was to delete files without knowing the importance of the files. This could lead to files that are integral to the functionality of the PC to be deleted like ‘system32’. This is a huge problem as if this was to happen within a business it could affect them badly as important information could be at risk all down to human error. This is especially important for an organisation like a bank as they need to be very secure due to all the important information they have on customers.
External: This is where instead of threats originating from within the business/network is instead threats coming from an external source like the internet. There is a huge amount of malicious software over the internet for example viruses, worms and trojans that can infect a network if the right precautions are not followed. One of the most popular forms of external damage is through hacking. This is a very popular method of causing damage and harm to a system as it allows the ‘hacker’ to penetrate a system and network externally which means they are able to do it from any location as long as they have what they need. Hacking can harbour many different threats from damaging files, stealing information as well as many other things. External threats are a much bigger issue than internal due to the fact that if someone was to hack into, for example a banks network, they will have access to a huge amount of private information like customers details as well as things like pin numbers. If this was to happen it will cause the bank a lot of problems as they have jeopardised the security of people’s information that was promised to be kept secure.
Access causing damage: One example of a malicious piece of software that when installed onto a system or network can cause many different problems is a virus. A virus is
split into 3 types, virus, worm and trojan which can do many different things and have many different purposes for example if a virus was to infect a PC that virus could do many harmful things to that PC like delete specific files on that PC or could even completely kill the PC. A virus is a type of malicious software that when executed is able to replicate itself by modifying other computer programs and insert its own code. Something like a virus is considered a huge threat to most businesses due to how dependant they are on their systems. A virus within a businesses system will cause many problems as it could cause the PC’s they use to not work the way they should, could delete valuable information and data or even completely destroy they system they are so reliant on.
Another type of malicious software that gains access to a system to cause harm is known as malware. This is quite similar to a virus but can instead be used to look at personal information that is stored on that infected system. This type of personal information includes passwords and account information like your login details to your online banking as well as private files. Something like this is even more problematic within a business as if malware was to infect a business’s system all their private information that shouldn’t be available to others is no longer secure.
Access without damage: These have a similar purpose compared to a trojan where these methods are used to try and extract personal information from people or in an effort to get something without the person knowing. However, the main difference between this and something like a trojan is that they will not directly cause harm or damage to a system or a network. Some of these methods include Identity theft, Hacking, Phishing and piggybacking.
Identity theft is a type of malicious damage but doesn’t cause harm to a system or network. Identity theft is where someone deliberately uses someone else’s identity which is usually used as a method for financial gain as well as many other things in the other persons name. This isn’t only used for personal gain but can also be used in a way that can cause problems for the person who had their identity stolen.
Hacking is where someone is gaining unauthorised access to data and information that is stored within a system or computer. When people are hacking, they usually look for files and information containing personal details such as someone’s passwords as well as their bank details. This is so that they can for example sell that information on to others or even use the information for themselves like using someone’s bank information to buy things with.
Phishing is where someone sends an email which trick people into thinking they are from legitimate companies in order to trick individuals into giving out personal information like passwords and credit card numbers. This is a very common thing to happen and many people do fall for it. One way to tell if an email you have received is legitimate is by checking the email address of the person who sent it. This is a trick that works most commonly on old people or people who don’t know much about the internet and its dangers.
Piggybacking is where a person uses someone else’s restricted communications channel by continuing the session the previous person has already established. This is a problem as it means certain people are able to gain access to places and information, they usually shouldn’t have access to. There are many ways this can be stopped which is by making sure you log out of your session before leaving the workstation or at least by locking the workstation so that you need re-authentication before continuing.
All of these methods of threats that don’t actually cause harm to the system are all still as threatening as the software’s that do cause harm. This is because all of these methods above are used to gain information that shouldn’t be seen by anyone. If any of these where to happen within a business, there would be a huge problem as it means someone could have gained access to sensitive information. This isn’t good as it something like an information leak can really damage a company’s reputation due to people not trusting in the business to keep their private information private.
Threats related to e-commerce:
Website defacement: This is where someone will cause harm to a website by changing things like the information on the website as well as the whole appearance and functionality of a website. People do this by breaking into a webserver where they then replace the hosted website with their own version of the website. Once they have access to the webserver the person who gained access to it can do anything they like with the site. This is essentially graffiti but someone doing it on a website for everyone to view. This can have a huge effect on businesses especially ones that are only online as the website is the only way for customers to use the businesses services. Website defacement will ruin a businesses reputation as it will make people believe that they are not secure. Not only that but people who view the website can get incorrect information from it if it has been tampered with.
Control of access to data via online suppliers: It is very important that a business to keep check on who has access to what data on the system as they are able to see who exactly has viewed specific data as well as how many people have. They are also able to use this to decide who they want to have access to specific data on the system and who they don’t. they can control the access to data by setting rules like only being able to access certain information for a limited amount of time. If these rules aren’t followed the business can be greatly affected as it means everyone connected to the system will be able to view any information, they want even information that should be private. This is especially important when working with third party suppliers as the business would want to limit the amount of data the supplier can see. If the business doesn’t control the access of data, then this hired third party would be able to view not only the data they required in the first place but also data like passwords and usernames even though they don’t need it. This would be very bad as you are making sensitive data public for someone who shouldn’t see it the opportunity to do so.
Denial of service attacks also known as DoS is a type of attack where hackers try to block actual users of the site from gaining access from the service. In these attacks the hacker sends a bunch of requests for the server to authenticate which don’t have any return addresses. Because the server doesn’t have a return address the server closes the connection. While the connection has been closed the hacker then sends more requests to the server doing the same thing repeatedly which keeps the process of authentication and server wait going, which is what causes the network or server to be kept busy. There are a few ways for a DoS attack to be carried out which a few are flooding the network to halt network traffic, preventing a certain individual from accessing the service and disrupting the connection between 2 machines which in turn prevents access to the service as well as a few other ways. This is especially bad for an e-commerce site as when people are prevented from gaining access to the site, they are not able to make purchases which means the business is then losing out on sales and money.
Counterfeit goods:
Products at risk: There are many products that are at risk of being counterfeit like software, DVDs, Games and music which is an illegal copy of the original product. All of these types of counterfeit goods should be considered unsafe to use on your system as they haven’t been approved by the real manufacturer which proves the authenticity of the product and ensures the safety of the software. The main reason why these should be considered unsafe is not only because it hasn’t been approved by the manufacturer but also because the product might not be exactly what you thought it is. An example of this would be buying what you thought was a game but ended up being something completely different when you download it from the disk. This is a huge threat as you could end up downloading some sort of virus instead of what you thought you were getting. Counterfeit goods should not be used within a business as it can cause many issues for example if a business was to use a counterfeit version of Windows OS because it is a counterfeit there is a chance that it could have been coded differently which has been done so that spyware can be stored on the system as well as cause security breaches on the system. This is something a business wants to avoid completely as they will want to make sure they have good security to protect their data.
Distribution mechanism: There are a couple ways counterfeit goods can be distributed. The first way which is now a very common why people distribute this is though the use of types of software’s called BitTorrent clients. These clients allow people to transfer illegal files over the internet. This uses peer-to-peer connection where people seed specific files like game files and the people who want the files leech from them. This is illegal to do but is still a very common way to share counterfeit material. The other way which is a lot less common now is in a boot sale. Buying software and DVDs from a boot sale cannot be trusted as you don’t know whether or not it is a legitimate copy or a counterfeit. None of these ways should be used to get a product for a business as they’re illegal but also can be very dangerous to the businesses security as you could be downloading something harmful if it is not a legitimate copy.
Organisational Impact:
Loss of service: All the threats that can affect a business I have talked about above can have huge effects on the business itself for example. If some of these threats were to infect the business’s systems, it could cause something called loss of service. This means that no one will be able to access their services. This isn’t only the case for the business’s customers but not even the business will be able to access it so they can’t update any information.
Loss of business or income: Another problem that can happen to the business if these threats are to infect the business’s system would be the loss of business/income. This could be due to something like a virus infecting the system and possible corrupting important data like customer records. This has a huge effect on the business and its customers as if there are no more customer records returning customers will have to make new accounts and enter their information all over again. This is likely to put a lot of customers off of using the business’s service which in turn means less customers and less money being made for the business.
Increased cost: This is something that is likely to happen is a business has an infected system. This is because they will have to pay to get their system fixed and secure again as well as the cost for better security. Not only that but they will also have to pay more money to fix systems and issues that the threat has caused. Because the business has to pay for all of this to be fixed, they’re costs will increase drastically and there is no way for them to get around this issue unless they’re system never got infected in the first place.
Poor image: If a business was to have their systems infected by any of these and if people’s personal information was put at risk the business would have a poor image in the customers eyes. From this it is likely that the business poor image will spread as people will complain due to personal information they gave as they thought it would be kept secure was not actually secure. Due to a bad image they will have less people using their services as they are not trusted anymore.
Information security:
Confidentiality: This is a very important rule within a business as customers willingly enter there personal information to the business thinking that they’re information is going to be kept safe. To ensure the safe keeping of this data a business must make sure that all important and sensitive data is kept confidential. One way a business can do this is buy someone like a manager or higher up in the business will decide who in the business is able to view and manipulate/update this data. By doing this the business is keeping the data much more secure as they are directly preventing any staff who don’t have the authority to view the data. Not only that but by picking what staff are allowed to view and update the data the business will find it much easier to identify who the person was if any information goes missing or if any data gets corrupted. To add extra security to sensitive information the business should also set a rule for how often the data should be checked as well as updated just to make sure that there is nothing wrong with the data and also to ensure that the data is up to date so it can be used effectively. One of the most important ways to keep this data confidential is to make sure that none of the sensitive data the business has is to be used outside of the business like taking someone’s phone number as this is confidential information that should only be used by the business.
Data Integrity: This is the maintenance and assurance of the accuracy and consistency of the data the business is gathering. This is a very important aspect of any system which is used to store and retrieve data. If the business does not ensure these things, then It can cause a lot
of problems like incorrect customer data. If a business were to have incorrect data on their customers it can cause not only problems for the business but for the customers as well as that might mean they have to enter their information again, also if the business does not know they have incorrect information it could mean they might not be able to contact the customer which is very unprofessional.
Data completeness: This refers to whether or not there is any missing gaps in the data they were collecting from what they expected to get. This is a huge problem as a certain about of data is need for a business for it to actually be used effectively for example if they are trying to deliver a good to a customer, they will require a lot of data to do so like they’re address, phone number and card details. With all of the right information they will be able to make the delivery but if the data they have is missing any of that it can cause problems for the business as it means they can no longer do what they intended to do and instead my try again to get the correct information needed to do their job.
Task 2 - P2 Describe how physical security measures can help keep systems secure/P3 Describe how software and network security can keep systems and data secure/M2 Explain the operation and use of an encryption technique in ensuring security of transmitted information/D1 Discuss different ways of recovering from a disaster
VM 1 - Hack the box ‘pentesting: 1’
The first thing I will do is click on the top right of the screen to see ‘Active network connections’. This is something I am doing as it means I don’t need to do something like Nmap to find the IP address and is easy to do as I can get it directly from the system.
The next thing I will do is launch an Nmap attack so that I am able to see the active services that are running on the system and what ports they are on.
I am then going to open up a browser so that I can view the webpage. To do this I must enter the IP address that I found at the beginning of this into the search bar. Once I have done this a web page should load up which is the webpage in the image below.
Once I have reached this point I am going to open up DirBuster which is a web application brute force which I am using to find hidden files using a wordlist. To do this I am going to enter the IP address into DirBuster and then brows a word list. The word list I am using is going to be a default wordlist fromDirBuster.
Once I clicked start and waited a little while DirBuster found a folder called secret. With this new-found information I will go back to the browser and add /secret/ to the end of the IP address which will then redirect me to a blog.
I can see from this that all of the links on this page are being loaded from a domain name. I will now load up the host file as this contains domains and IP addresses where it essentially maps IP address to the domain names. Within this host file I am going to add 2 new entries.
Once I have done this, I am going to reload the webpage that I was on before. AS you can see from the image below the webpage now looks like a well-made page which is because all the CSS and other things were trying to be accessed from a domain that doesn’t exist until I just added it now.
After going over the website I didn’t find anything interesting, so I decided to go to the log in section. This is where I tried to enter a user name and password. I entered admin as the username and 111 as the password. This is because I was testing to see if the username is correct as even if I get the password incorrect it still lets me know that the username is right due to WordPress.
After I got the username right, I decided to try and carry on brute forcing my way in which ended up working as the password was the same as the username, admin. Once I gained access, I made my way over to the plugins where I am able to add a new plugin however it wont actually be a plugin but instead will be a reverse shell. The one I am suing is called malicious WordPress plugin which is available on the internet. To start I open this on a terminal where I type what is in the image below. As you can see it specifies the IP and the port. By clicking enter it the generates a PHP file and payload.
I then go back to WordPress where I then click add plugin and find the zip file that contains the payload that has just been generated. Once if find it I click activate plug in. Now that it has been uploaded to WordPress, I can then go to plugin editor which is on WordPress, go to the one I just uploaded where it gives me a list of information like the plugin file path.
I then copy the path from the image above and type in the search bar what is in the image below.
This is what gets the PHP file that was generated to run on the server and give me a session. On this I am going to type ‘shell’ just to check if I am on the system which is shown by typing whoami which will then output back www-data. From here I am going to run a script which is called unix-privesc-check as a way to get root. This is a shell script which will check for simple privilege escalation vectors on unix systems. To do so I am going to upload the file to the system. To do so I write what is in the image below which also shows what is being uploaded.
I then need to make the script I just uploaded executable by typing in shell ‘chmod +x unix-privesc-check’. Now that it is able to run I then need to do that next by typing again ‘./unix-privesc-check standard > output.txt’. This then runs the script. Once the script has finished I then need to type download output.txt /root which will download the output.txt file into the root folder where I will be able to open it and view it. The output.txt file is shown in the image below.
I then need to scroll down to a certain bit of the file as it contains the information I need to continue on. The image below shows the information I am looking at.
This is about ETC password which is where information about login is stored which means I am able to do rewrite root password. To do this I need to type ‘download /etc/passwd /root’ which will download the file into root where I am able to edit it. With the file I can see that the password is encrypted. This isnt a problem as I can use a command called openssl to encrypt a new password. To do this I need to type into the terminal ‘openssl passwd -1’ where I am given a prompt for a new password which I then verify by typing again as you can see in the image below.
This will output a hash sequence which I need to copy and past it into the passwd file that I downloaded where ‘x’ is to replace it then I must save it.
Once its saved you then need to upload the file back to the system by typing ‘upload /root/passwd /etc/passwd’ so that it is now back on the system. I then open up a shell and type ‘su root -l’
This then gives me a prompt to enter the password which I have made myself in this case being ‘pass’ which then grants me root access on this device.
That is how you complete the Hack the box pentesting 1
VM 2 - Hack the box ‘Jerry’
To start this off you want to use Nmap so that you are able to determine what ports are open as well as what services are being run on those ports and their versions.
As you can see there is only 1 port that is open and has something running on it. The thing running on the port is 8080/tcp open http Apache Tomcat/coyote JSP engine 1.1. To progress further I need to open up the webpage and check for any variabilities.
As you can see this looks like the default web page which you can see from the top is running version 7.0.88. From the webpage I can also see that there are 3 other links to other pages which are called server status, manager app and host manager. The page I am going to check is server status page. Once the new page loaded, I was greeted with a log in prompt which I had to get through. This was very easy as I guessed what the login details would be which shows why you need a strong password. The default login credentials were very simple which was admin: admin. After I was able to log in and was able to access the page, I was able to see many useful things like the name of the machine as well as the OS name, version and architecture.
Once I got this information I went back to the main page and decided to go to the page called manager app. On this page I was also required to log in however I was not able to do so. But when I entered the incorrect log in, I was shown the default error screen which happened to have the log in credentials on it. So, I took the credentials from the error page and tried to log in to the manager app again which worked this time.
I am now logged in as an admin. Now I can search for tom cat exploits within metaspoit where I ended up finding multi/http/tomcat_mgr_upload which I am able to configure with the port information that I found from Nmap, the log in credantials that I found and the meterpreter payload.
Once I was successfully connected I found that the tomcat manager log in information, the account I was able to find, was an administrator which means I don’t need to increase the privileges I have. Because of this I was able to check administrator desktop which is where I found flags folder. This folder contained a next file called ‘2 for the price of 1.txt’. Not only that but it also contained user.txt and root.txt which is exactly what we needed to complete this.
This is how you can complete ‘Jerry’ form hack the box.
Physical security:
Locks: One of the simplest types of physical security is a lock. This is very simple as it is just a lock but also very effective. This is because the only people who are going to be able to open the lock are the people with the correct key/key card. This means that people who don’t have one will not be able to reach the area without that correct key. An example of this would be in school where each door is kept lock by a key card lock which will only open when a key card with the correct privileges is tapped onto it. This keeps all rooms secure and safe from people like students who shouldn’t be in a room on their own. With the technology of using key cards it also eliminates the risk of people picking locks as that’s something you cannot do with an electronic lock due to there being no physical key hole. This is also very effective at keeping good security as you are able to track who is opening what door. Its also an effective way of giving different people different privileges for
example teachers will be allowed to open all classroom doors but won’t be able to open something like the server room where as it will be the other way for an IT technician.
Visitor passes: This is a great thing to use when a visitor is coming to the business as it is an effective way of showing that this person is only a visitor and does not work here. If a business uses key cards, then a visitor’s pass can be in the form of a key card they must always wear. This key card can be programmed so that it gives the visitor temporary access to a limited amount of areas so that they are not able to go somewhere within the building that they are not supposed to go to. This is why a visitors pass is a great way to keep system secure as it limits the amount of rooms they are able to access meaning they cannot gain access to any important rooms as well as the fact that because they are wearing a visitors pass employees will be able to see if they are doing anything they shouldn’t be doing.
Sign in/out systems: This can be used as a way to see when employees enter a certain area as well as when they leave. A business can use this system to not only check if employees show up on time but to also monitor when a certain area is entered as they will have to sign in and when a certain area is left as they would have to sign out. This is a very useful system as it means if something was to happen to the business system in a certain area it means they will be able to see who was signed in at that specific time which makes it much easier to narrow down culprit if there is one.
Biometrics: This is a great way to keep the business systems secure. Biometrics is used as a method of authentication which is done by identifying people by a certain characteristic or trait. A great example of this would be a thumb scanner. Biometrics is one of the most secure ways of authentication as no one else will have the same thumb print as you as it is unique. Biometrics can be used within a business to enter specific rooms or even used to log into a computer. If the business was to use a thumb scanner as a way of logging into a PC it would mean anybody who isn’t on the system won’t be able to log into a PC. This is also a much more secure way than a password as there are many ways to bypass something like that for example someone watching you type a password. This isn’t a problem for a thumb scanner log in as that’s completely unique to you can cannot be copied.
Software and Network Security:
Encryption techniques (Public and private key): Asymmetric cryptography which is also known as public key cryptography is an encryption technique that uses public and private keys to encrypt as well as to decrypt data. The keys consist of a large number sequence that has been paired together but are not identical which is why this is called asymmetric cryptography (asymmetric). The public key is the one that can be shared
with everyone where as the private key is the one you want to keep secret. When using these for encryption either one can be used but the one that hasn’t been used to encrypt the message is the one that is used for decryption. This is a very secure way of encryption as if the person doesn’t have the private key they will not be able to decipher the message meaning any data that is done this way is very safe.
Call Back: This is a security mechanism which is used to authenticate a user on the system so that they can log in and connect to the network. The way this works is by a user calling the system which will then have the system answer once the user has entered their username and password. Once that is done the system will call the user back to authenticate the user. This is a very old mechanism and is usually for dial-up internet which is not often used anymore.
Handshaking: This is the automated process for negotiation of setting up communication and a connection between 2 modems. This happens before any data in transferred between the two systems. This method sends the needed protocols for the sender as well as the receiver. It informs the receiving device on how to receive data from the sender as well as how to output the data that is received in the correct format for the receiver. This is something that is required when there are 2 different types of devices connecting to each other like a computer to a modem.
Diskless networks: This is where all the work stations on the network don’t have their own disk drives. This means that everything is stored on the server they are all connected to which includes the OS. This means that network booting is required to load its operating system from the server rather than from the workstation itself. This is very useful as it doesn’t matter where you log in because all the files are saved onto the server meaning you can access them from any workstation. This increases security as all the important files are saved directly to the server where as if they are stored on a drive within a work station it could end up breaking which will mean all the files within it are lost.
Use of Backups: This is a very important thing to use. Backups is where everything that is saved on a network is essentially copied and saved in a different storage device. This is done so that if any files get corrupt, they can be restored from when they were last backed up meaning nothing is lost. This is also done in case of the system failing or something like the storage system has completely broke as you will always have a complete backup of whatever was saved. This is great as it means the business is less likely to lose any valuable data that is saved on the server.
Audit logs: This is a very important feature to use as it allows you to see the activity that is taking place on the network. This means if someone was to compromise the network by installing any malicious software’s or by doing something they are not allowed to do then you would be able to look at the audit log to see exactly who was logged into the network at the specific time as the audit log keeps a record of everything the happens within the network.
Firewall configuration: This is something that must be done within a business as if you configure it you are able to add restrictions to what can be downloaded and what can be
accessed online. This means you can disallow any unwanted activity on the internet by having the firewall block anything you want. This means certain things cannot be downloaded which could be infected with a virus. Configuring your firewall adds an extra layer of security to the system.
Virus checking software: This is very useful to have as viruses pose a huge threat to systems and networks as if one station gets infected that virus for example a worm will be able to travel across the network and infect all the devices connected to it. A virus checking software will constantly check whether there are any viruses trying to enter the system or if there are any within the system already. Now there are many software’s that not only detect the virus but can also remove the virus which can be very useful.
Use of VPN: Using this is a good security mechanism as you can use it like a normal network where you can share information between the devices that are connected to the network. However, VPNs are much more secure than a normal network as it allows you to do things like change your location and things like that making it harder for people to track you as well as harder to infiltrate the network.
Intruder detection system: This is a security mechanism to have as it is used to inform someone like a server administrator when someone is attacking the network. This is very useful as it means the administrator can start the procedures to counter threats for this scenario. Without it it might take a long time for someone to realise this is happening or they might not know at all.
Passwords: These are an important security feature for any system to have not only that but using strong complex passwords is also important which means a mixture of upper- and lower-case letters, numbers and special characters. These are very important to a secure system as without one the system can be accessed by anyone. It is also good to change your passwords often as it means If people end up finding your password out, they will no longer be able to use it because it has been changed.
Levels of access to Data: This is used so that you are able to decide what employee can access what data. An example would be the manager would be able to have access to most data whereas a trainee might have access to a very limited amount of data. This is necessary for the security of a system as it means people who don’t need access to the data won’t have access to it which will prevent people from stealing or manipulating important data.
Software updating: This is something that every business should be doing on a frequent basis as updating software’s like operating system allows for not only improvements to the software but also improvements and changes to the security of it. If software’s aren’t updated, they are a risk to the system as newer viruses and similar threats have been improved to infiltrate these old versions. A secure system will always have up to date software as they are the safest and least likely to letting in any threats.
Whole system replacement: This is a method of recovery which is the last thing a business will want to do. This is a set plan where if a whole system was to break and not work anymore due to something like a natural disaster, they have a way to replace everything they have lost. This means they need a backup of their whole system that they are able to switch to when the main one fails. Without a plan like this if it were to ever happen the business would not be ready to deal with the situation and would take a long time for them
to replace the system and losing that much time for a business will be very bad and affect them terribly.
7 tiers of recovery: This is one of the best ways to keep data secure and safe as well as a great way to make sure multiple copies of the data are kept in case anything happens to the something like a system.Tier 1 Data without hot site- This is where a backup of all the systems data is kept at an off-site facility. This is done so that if there was ever a time where the systems data was to be damaged, they have it backed up on a different system so that they can then transfer that, and the system will work as normal. Even though this tier guarantees data redundancy it does not have a fix for the issue of recovering the lost data in the shortest time possible as it will take time to transfer the data from the offsite facility.Tier 2 Data with hot site - When using this system you must use tape backups. This is so that if needed they can make use of the alternate site (Hot site) to restore the data to. The reason why this is a very useful thing is because it can reduce the amount of downtime of the system because of how much faster this is compared to tier 1. The less downtime there is the better it is for the business.Tier 3 Electronic Vaulting - This tier makes use of the previous one but is different as it makes use of a VPN where data is always streamed to a remote location. The data that is sent to be backed up is preselected so that the most important data is backed up. The way data is backed up is much faster than using tape backups. One problem with this is if you don’t have a large enough bandwidth for the large amount of data that is being streamed it can take a lot longer than expected.Tier 4 Point in time copies - This is where data that is being backed up is captured as one file. This tier also uses hard drives as its storage and also is likely to back up data multiple times a day to make sure data is as up to date as possible. The use of hard drives help increases the speed of data recovery and backups due to the read/write speeds they can reach.Tier 5 Transaction Integrity - This is where the integrity of the data is verified both at the main site and the hot site location. This is done to stop any data inconsistencies and data corruption.Tier 6 Zero or near zero data loss - This tier has and maintains the highest level of data accuracy which means the data is always as up to date as it can possibly be. To achieve this it requires system fixes set In place to rapidly fix and restore applications. This is done by using things like disk mirroring with real-time data streaming. This also takes into account having a complete server crash where they are able to quickly switch to the hot site resulting in almost no interruption to the business.Tier 7 Highly automated business-integrated solution - This has the exact same benefits as tier 6 however on top of that it has automation. This means whenever they system has anything wrong with it it is automatically worked on. This means downtime can be as short as a few seconds due to it automated advantage.
