Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

## Overview

A **network intrusion prevention system (NIPS)** is a device that monitors network traffic. It’s very similar to how a firewall inspects network packets. In most cases, the NIPS is installed at the perimeter to protect an organization’s internal network from internet-based attacks.

## How it works

An intrusion detection system can be considered the next evolution of a firewall, as it:

- Uses more sophisticated methods of inspecting packets.

- Examines different layers of the network packets.

- Evaluates a collection of several packets to identify patterns or
anomalous behavior.

## Alert-only mode

It can be challenging to tune a NIPS properly so that it doesn’t alert (or even worse, block) based on false positives. The first phase of implementation should be to put the NIPS into alert-only mode so that it can be tuned to only generate meaningful alerts.


## Block mode

The earlier version of a NIPS is a network intrusion detection system (NIDS), which only provides alerts and can’t block any network traffic. In most cases, a NIPS renders a NIDS obsolete because it can actually block malicious traffic.
 

> **Note:** Because a NIPS is considered a step above a firewall, which is fundamental to a security program, it’s considered a level 2 security objective.






# Overview

A **network intrusion prevention system (NIPS)** is a device that monitors network traffic. It’s very similar to how a firewall inspects network packets. In most cases, the NIPS is installed at the perimeter to protect an organization’s internal network from internet-based attacks.

# How it works

An intrusion detection system can be considered the next evolution of a firewall, as it:

- Uses more sophisticated methods of inspecting packets.

- Examines different layers of the network packets.

- Evaluates a collection of several packets to identify patterns or
anomalous behavior.

# Alert-only mode

It can be challenging to tune a NIPS properly so that it doesn’t alert (or even worse, block) based on false positives. The first phase of implementation should be to put the NIPS into alert-only mode so that it can be tuned to only generate meaningful alerts.


# Block mode

The earlier version of a NIPS is a network intrusion detection system (NIDS), which only provides alerts and can’t block any network traffic. In most cases, a NIPS renders a NIDS obsolete because it can actually block malicious traffic.
 

> **Note:** Because a NIPS is considered a step above a firewall, which is fundamental to a security program, it’s considered a level 2 security objective.






Learn how a Network Intrusion Prevention System monitors and blocks traffic in an organization.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

Network Intrusion Prevention System

Overview

How it works

Alert-only mode

Block mode