Gain insights into effective security techniques including patching, cryptography, and phishing prevention. Explore practices to make systems resistant and vulnerabilities more detectable, enhancing defense against attacks.

docker.tar.gz

network-commands

node

It seems like hardly a week goes by without a high-profile computer breach. Why do these happen? How can you prevent them? This course doesn’t have all the answers, but it does outline practices that make life harder for attackers and that will help tide you over until you get a full-time security team in place.

In this course, you will learn 5 simple, yet effective, techniques for preventing attackers from getting into your system. These techniques are related to: patching, software vulnerabilities, cryptography, windows security, and phishing. Within each chapter you will learn the best practices for preventing vulnerabilities and how to make them more detectable. 

This course is based on the Pragmatic Programmers’ book, Practical Security, and is aimed at developers, admins, team leads, architects, technology generalists, and all others who stand guard against the things that disrupt the network.

Practical Security: Simple Practices for Defending Your Systems

# Even perfectly written code entails risk
Let’s pretend that every piece of software that your organization ever writes from here on out is completely perfect. All of your developers are attentive and well trained. Your developers will never write code with a logic error, SQL injection, or cross-site scripting vulnerability. (Don’t worry if you don’t know what these vulnerabilities are yet.)

Aaah. Safe, cozy, and warm. It feels good to know that we’re completely secure, doesn’t it?

Nope.

Even if all the code that you write is perfect, you’re still at risk. You’re dependent on lots of software written by third parties. We don’t know what vulnerabilities exist in third-party software, when these vulnerabilities will become public, or when patches will become available.

# Patching is time-critical 

What’s worse, this state of ignorance is time-critical. Once a vulnerability is made public, security researchers and criminals alike start writing tools to scan for vulnerable computers. 

Scanning tools allow attackers to find your vulnerable public systems even if they’d never had any reason to attack you before. The internet makes every public-facing computer equally close. Even if the technical details of a vulnerability are not made public and only a patch is made available, motivated attackers can look at what’s changed to try to find likely attack vectors. 

As defenders, it’s important that we learn to use these tools to help us find our own vulnerable systems before criminals do.


In this lesson, we will discuss what patching is and why it's important.

Introduction

Patching

Vulnerabilities

Cryptography

Windows

Phishing

Introduction

Even perfectly written code entails risk