Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

## Overview

Several different kinds of network activity should be monitored. Being aware of certain events can helpdetect malware installations, attacks, scans, and other unwanted activities. The following sections discuss network activity we may want to monitor to protect our organization.


## DNS query monitoring

The domain name resolution, also known as DNS resolution, is a mechanism that saves people from needing to remember an IP address to reach websites. While a DNS resolution is helpful with the ubiquity of IPv4 addresses (in `n.n.n.n` notation), this tool will prove essential once the internet has transitioned to IPv6, which uses numerical addresses like `fe80::b089:75ff:fefd:47a4`. Try memorizing that.

In order to visit www.google.com, the web browser resolves this domain name into an IPv4 address (`4.4.4.4`). This address is the location of the server hosting Google’s website. There are thousands of DNS servers that perform the resolution of domains into IP addresses for internet users and websites all over the globe. The problem is that DNS was created in the early days of the internet when people were more concerned about connectivity than security.


# Overview

Several different kinds of network activity should be monitored. Being aware of certain events can helpdetect malware installations, attacks, scans, and other unwanted activities. The following sections discuss network activity we may want to monitor to protect our organization.


# DNS query monitoring

The domain name resolution, also known as DNS resolution, is a mechanism that saves people from needing to remember an IP address to reach websites. While a DNS resolution is helpful with the ubiquity of IPv4 addresses (in `n.n.n.n` notation), this tool will prove essential once the internet has transitioned to IPv6, which uses numerical addresses like `fe80::b089:75ff:fefd:47a4`. Try memorizing that.

In order to visit www.google.com, the web browser resolves this domain name into an IPv4 address (`4.4.4.4`). This address is the location of the server hosting Google’s website. There are thousands of DNS servers that perform the resolution of domains into IP addresses for internet users and websites all over the globe. The problem is that DNS was created in the early days of the internet when people were more concerned about connectivity than security.


Learn how an organization uses various network-monitoring techniques to protect itself from cyber attacks.


Network Activity

Learn how an organization uses various network-monitoring techniques to protect itself from cyber attacks.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

Network Activity

Overview

DNS query monitoring