Application Policies - Defense in Depth | Coursera

瀏覽 Coursera 的全部課程

瀏覽
頂級課程
登錄
免費加入

Application Policies

Loading...

IT Security: Defense against the digital dark arts

4.8（6,416 個評分） | 75K 名學生已註冊

課程 5（共 5 門，Google IT 支持專項課程）

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. Finally, we’ll go through a case study, where we examine the security model of Chrome OS. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team. At the end of this course, you’ll understand: ● how various encryption algorithms and techniques work as well as their benefits and limitations. ● various authentication systems and types. ● the difference between authentication and authorization. ● how to evaluate potential risks and recommend ways to reduce risk. ● best practices for securing a network. ● how to help others to grasp security concepts and protect themselves.

查看授課大綱

您將學習的技能

Cybersecurity, Wireless Security, Cryptography, Network Security

審閱

4.8（6,416 個評分）

5 stars
82%
4 stars
14%
3 stars
2%
2 stars
1%
1 star
0%

DS

Aug 17, 2018

This course was insane, all the possibilities, the potential for growth, and the different ways to help protect against cyber attacks. It was truly an eye-opening lesson in security. Thank you.

TE

Oct 05, 2018

Thank you to all the instructors. I learned concrete and useful IT skills from the courses and especially from the projects. After completing this course, I feel I want to learn more and more.

從本節課中

Defense in Depth

In the fifth week of this course, we're going to go more in-depth into security defense. We'll cover ways to implement methods for system hardening, application hardening, and determine the policies for OS security. By the end of this module, you'll know why it's important to disable unnecessary components of a system, learn about host-based firewalls, setup anti-malware protection, implement disk encryption, and configure software patch management and application policies.

Software Patch Management6:32

Application Policies4:24

教學方

Google

以免費的價格試聽課程

腳本

As you can see, application software can represent a pretty large attack surface. This is especially true when it comes to a large fleet of systems used throughout an organization. So, it's important to have some kind of application policies in place. These policies serve two purposes. Not only do they defined boundaries of what applications are permitted or not, but they also help educate folks on how to use software more securely. We've seen the risks that software can pose because of security vulnerabilities. It makes sense to have a policy around applying software updates in a timely way. A common recommendation or even a requirement is to only support or require the latest version of a piece of software. From the I.T. support perspective, this is important because software updates will often fix issues that someone may be encountering. But from the security side of things, making sure the latest version of the software will ensure that all security patches have been applied and the most secure version is in use. This should be clearly called out in a policy. People tend to be pretty lazy about applying updates to software that they use a lot. Lots of times, applying an update requires restarting the application, which can feel inconvenient and disruptive to users. It's generally a good idea to disallow risky classes of software by policy. Things like file sharing software and piracy-related software tend to be closely associated with malware infections. They usually don't have a business use either. Let's not even talk about the legal implications of this type of software. Understanding what your users need to do their jobs will help shape your approach to software policies and guidelines. If there's a common use case for a certain type of software, it would be helpful to select a specific software implementation and require the use of that solution. This lets to reevaluate the most secure solution and benefit from a more uniform software installation. Remember, the name of the game is to minimize attack surfaces. Each piece of software that accomplishes the same thing represents a different set of potential attack surfaces that could have a vulnerability lurking inside. Helping your users accomplish tasks by recommending or supporting specific software makes for a more secure environment. It also helps users by giving them clear solutions to accomplish tasks. If you want to employ a binary white listing solution, it's also important to define a policy around what type of software can be whitelisted. So it's probably unnecessary to have video games whitelisted, unless your company is a video game studio, of course. These policies usually require some kind of business use case or justification to avoid a lot of one off personal software requests. Another class of software that you might want to have policies defined for are browser extensions or add ons. Since a lot of workflows live exclusively within the web browser now, they represent a potential vector for malware that often gets overlooked. Extensions that require full access to web sites visited can be risky since the extension developer has the power to modify pages visited. Some extensions may even send user input to a remote server. This could potentially leak confidential information. Clearly defining classifications of risky extensions and add ons will help protect your systems and provide guidance to your users. But, policies are usually not enough to arm users with the information they need to make informed choices. Their decisions can impact the security of your organization. That's where education and training comes into play which, we'll discuss in the next module. We went over a lot of really dense information on security in these lessons. Take time to review some of the videos so that it really sinks in. Okay, awesome work. Now, it's time for a project that will test what you learned about the system hardening, then if you can believe it, you'll move on to the last lesson of the last course of this program. Woohoo.

探索我們的目錄

免費加入並獲得個性化推薦、更新和優惠。

熱門在線課程

適用於所有人的人工智能課程
TensorFlow 簡介
神經網絡與深度學習
算法第 1 部分
算法第 2 部分
機器學習
使用 Python 進行機器學習
使用 SAS Viya 進行機器學習
R 語言程序設計（中文版）
Matlab 編程入門
使用 Python 進行數據分析
AWS 基礎知識：走向雲原生
Google 雲端平台基礎知識
網站可靠性工程
英語專業說
幸福科學
選修“如何學習”這門課
金融市場
公共健康領域的假設檢驗
日常領導基礎知識

熱門在線專項課程

深度學習
零基礎 Python 入門
數據科學
借助 Python 應用數據科學
商務基礎
Architecting with Google Cloud Platform
Google 雲端平台數據工程
Excel 到 MySQL
高級機器學習
數學在機器學習領域的應用
自動駕駛汽車
企業區塊鏈革命
商業分析
Excel 辦公技能
數字化營銷
使用 R 進行公共健康領域的統計分析
免疫學基礎知識
解剖學
管理創新和設計思維
積極心理學基礎知識

在線證書

Google IT 支持
IBM 客戶關係專員
IBM 數據科學
應用項目管理
IBM Applied AI 專業證書
用於分析的機器學習
空間數據分析和可視化
建築工程與管理
教學設計

在線學位課程

數據科學碩士
計算機科學學士學位
計算機科學與工程學位
機器學習碩士
MBA 和商學學位
電氣工程碩士
公共健康碩士
信息技術碩士

Coursera

關於
管理團隊
工作機會
目錄
證書
MasterTrack™ 證書
學位
企業版
政府版
面向校園
新冠疫情響應

社區

學生
合作夥伴
開發者
Beta 測試人員
專業譯員
博客
技術博客

更多

條款
隱私
幫助
內容訪問
媒體
聯繫我們
目錄
附屬公司

通過 Google Play 獲取

© 2020 Coursera Inc.保留所有權利。