Cybersecurity Architecture: Networks
ฝัง
- เผยแพร่เมื่อ 4 ก.ค. 2023
- IBM Security QRadar EDR → ibm.biz/BdymsM
IBM Security X-Force Threat Intelligence Index 2023 → ibm.biz/Bdymsv
Networks are your company's connection to the world, and therefore one of they key players in a cybersecurity architecture. In the sixth installment of the series, IBM Distinguished Engineer and Adjunct Professor Jeff Crume introduces and explains the elements of network security, including firewalls, VPNs, and lower-level topics like network packet security-risk detection.
Get started for free on IBM Cloud → ibm.biz/ibm-cloud-sign-up
Subscribe to see more videos like this in the future → ibm.biz/subscribe-now
#AI #Software #ITModernization #Cybersecurity #QRadar #JeffCrume #networksecurity
This series on cybersecurity architecture has to be one of the best I've watched. It covers all the important concepts and explains them so well, making them easy to understand and visualize. Jeff is a real Maestro... Bravo!
Thanks so very much for watching and taking the time to comment!
This is one of the best network Lay man explanations. This is the view I have ever seen
I cannot state how much those course and especially this particular video has helped me, thank you. The domain I’ve been falling short on, on my sec+ practice tests is the architecture. Also memorizing all the dang acronyms, this has helped so very much, and I thank you.
I love hearing this! Glad it helped
This is really shaping up to be an excellent series. It's a perfect mid-level view of cybersecurity, not overly technical but also not so broad that it lacks meaning to a beginner. I started my first cybersecurity job a few months ago and this video pretty much captures everything I'm working with on a daily basis. It's rare to find so much good information in one place, great job.
Thanks so much @CubensisEnjoyer! I’m really glad to hear that you are enjoying the series and that it is hitting the mark for you. It’s always a challenge to try to hit that sweet spot of have substantive content without being overly technical. Good to know that we’re getting there for you!
I am preparing for a job interview and this series is a very good refresher for my entry level CC certificate from ISC2 but with sufficient practical information to keep me on the edge. Thank you very much for your time and effort Jeff. If and when your time allows, could you please do a video on the ETC part? I want to hear you speak on that one as well. Thank you sir.
Jeff Crume is the man !
You are far too kind!
This is porbably the best and well-put together Cybersecurity Series I've seen, well done and Thank you for your content.
Thank you for saying so!
I loved how technical information has been simplified using simple diagrams, which beginners can relate to. I'm sure even the experts would have missed simple yet effective explanations like this. It was easy to understand which is why I stuck to it and didn't take my eyes off. It made learning easy and the pictures are going to stay in my head. Thank you for making learning simple and creating the quest.
Thanks so much for all the great feedback! This is what makes the effort all worthwhile!
This is by far the best series on Cyber Security.
Thanks so much for saying so!
I love your content and how clear you are about all of it. I would love a deeper cybercsecurity course teached by you, maybe even with hands on. Thanks for teaching 💪
I love ginni rometty
I’m so glad you are enjoying the series! I do a deeper version of this in the course I teach at NC State University but it’s only available in the classroom, unfortunately, so I came up with this reduced format version for the channel to at least get out some of the basics
Please talk more about network security, this is very good topic.
Amazing content and delivery.. Thank you🎉🎉🎉
Thanks to IBM for this entire series thats help for me
So glad you liked it!
The best facilitator i have come across so far. Wowww, coming from a background of zero knowledge i learnt and grasped so much in this short time. Thank you so much, I was almost backing out till i came across this video
I work in IT, I feel like I'm in a conference room with a colleague. This instructor is super easy to comprehend and retain.
Thanks so much for saying so! Glad you liked it!
Not going to lie, I learned this in school and have been in GRC for a few years now. This was one thing that always held me back because I didn't have practical knowledge. He just made it sound so simple right now and covered in my opinion alot of advanced stuff in under 30 minutes. Bravo
I’m so glad to hear that you liked it! Thanks for saying so!
Please, definitely expand on any and all subjects you want :) Great series! thanks!
Glad you liked it!
Much appreciated, thank you for sharing!
He is the most skilled teacher in this industry who is a native English speaker. Not only he is smart, experienced, and knowledgeable, but he also knows how to teach a beginner. Thats very important when it comes to teaching. Also, you can never teach something with this quality if you haven’t master the topic yourself.
In Kurdish we say “if you can’t teach it to a kid, you haven’t mastered it yet.”
Thank you for all the kind words! That saying you quoted is very true. I have found I had to dig deeper and improve my own understanding in order to develop this material
Thanks, appreciate this.
I would be very interested in 5G and Wifi Network-Security aspects. Thanks for the great content!
IBM cybersecurity series are just fantastic ! Congrats to these great engineers and their teams. Great Job !
Thank you for watching!
Thank you for your efforts to create this series. 🙏
You’re most welcome!
Hey Jeff, Thanks for sharing this knowledge ..
My pleasure! Thanks for watching!
Thank you for this masterpiece!!!
This is such a high-quality education series! Thank you! Would love to watch a session on SWG or proxy.
Thanks so much!
I really appreciate your presentation style, it's just amazing. That content gives enough insights on the security architecture covering all the security aspects. Thanks for sharing.
You are very kind to say so! Comments like yours make it all worthwhile!
Amazing presentation on Networks...definitely talk about 5G technology Jeff🤝
Very clear. Thank you.
Superb
The best teacher ❤
Thanks @kent_calvin! Very nice of you to say so!
Please make seperate video on SASE common products from various vendors and comparison for enterprise
Interested in the physical networking side like 5G and Wi-Fi. Please do make the video content. Thank you
Some heavy content on this video. There is so much to talk about and so little time. It would be great to have you go deeper into some/all of these subjects. But it is nonetheless amazing to have this presentation so well done, and for free on this platform. Thank you again
thank you professor. Your explanation and demonstration of cybersecurity concept and methods to defend network resources are easy to follow and understand. Appreciate your time very much. I am very interested in in learning more about methods to identify cyber key terrain assets and map different assets, data flow maps, etc, and assess its vulnerability. thanks in advance if you have time to put a presentation together next time
Thanks for the feedback! Those topics may be a bit deep for this channel but I’ll see what I can do going forward
Good Explane, Thanks
would love to hear about 5 g, loving this series
You explain very nicely, clear, concise and to the point, please explain a bit about 5G, wifi and nw security capabilities. Many thanks
Glad you liked it!
Nice explanation
Thanks for saying so!
I will alike to understand more about 5G
I am interested in more physical topic like Wifi and 5G, please, make a video about it
Your videos are amazing! Thank you for creating this content.
Thanks for saying so!
1 through 5 were pretty much spot on. Some of the comments around SPI, VPN, and (micro-)segmentaion seemed a bit off. Looking inside the packet payload is still mostly regular packet inspection. As you said but perhaps not forcefully enough, the stateful part is where that packet fits within a larger sequence/flow/protocol. I've never heard anyone else call SSH a form of VPN. Some VPNs use SSH vs. IPSEC to make an encrypted connection from point A to B, but that seems a different concept. I rarely hear people discussing segmentation in that sort of left-to-right from secure to private context. I usually hear that term within one of those areas for splitting up dev, qa, and production (internal) or mail servers, dns servers, and web servers (dmz/external). But, that may just be what I hear most... Overall, very good stuff...
Hi, This video helped me a lot in understanding network security. Could you please make a video on Physical security as well? Thank you :)
I’m glad you liked it. Unfortunately, the “guards, guns and gates” of physical security are areas where I would be out of my depth since all of my work has been in infosec
I've almost finished my Coursera IBM Cybersecurity course and this is a great extra series of videos for me to review my studies! Thanks for posting this series!😁👍
Can you guide me how to complete the course in Coursera.I am interested to do.
Awesome! Best of luck with your learning journey!
SUBCRIBED 👍👍
Thank you!
Dear Professor,
There needs to be a correction where the SPI (Stateful Packet Inspection) you mention looks into the packet contents (5:39 of the video). In reality, the SPI looks at the packet state so the firewall knows where the packet originated to help with return traffic. The Deep Packet Inspection is where the content is also assessed by firewalls.
Good point. So often I’ve found these two combined at the product level that the lines get blurred so I went with the usage that I thought people are likely to run into
Exactly my thought. He conflates stateful filtering and deep packet inspection. Also, describing SSH as a VPN is a great example of where the OSI model fails to reflect the real world. A more important point, I think, and also something that beginners often don't realize, is that VPN does not necessarily always include encryption, e.g. MPLS. But, this is not a networking tutorial,so that may be too out of bounds.
Interesting
First to view this video 😀
Very much interested in each and every video content from you, so Yes for wifi, 5G security as well. Also would love to hear the transition story from network perimeterized security to Zero Trust as and when you can share
same here
❤❤❤❤
Interesante
Need more detailed explanation about SASE.
Actually, a less detailed and less convoluted explanation of SASE is probably more appropriate for this series. SASE is really about extending the security perimeter from the edge of the corporate network to the remote endpoint ( think user with their laptop at home or in the coffee shop ). The details of how that is accomplished vary by vendor because SASE is only defined at a high level, and has a hardware component ( SD-WAN ) that also varies widely by vendor.
with this multi tiered dmz aproaches how do you conquer latency thats added per hop?
Typically, the firewalling functions operate at wire speed so there really is no noticeable lag
Please make video on sase
What is the difference between SPI and deep PI ?
I really combined both in my description of SPI in the interest of time but technically SPI is about considering state/order of the packets whereas deep PI is about digging deeper past the header into the details of the payload/data
A more detailed answer to the question. First, consider the packet filtering firewall. It operates on the 5-tuple ( protocol, source and destination IP address, source and destination port ) in only one direction. Thus, two rules are required to allow bi-directional traffic. Generally, the packet filtering firewall is in the form of an Access Control List (ACL) on a physical device, and is not a physical device on its own.
The stateful firewall eliminates the single direction limitation by implementing a connection table that tracks traffic in one direction and automatically implements policy to allow the traffic to return. Only one rule is required to allow bi-directional traffic. This type of firewall is commonly a physical device, but can take the form of a type of ACL or software on a host ( i.e. Windows Firewall ).
Deep packet inspection is not directly related to either of the two firewall types, although it is most commonly found in stateful firewalls. DPI simply refers to the fact that the firewall can look beyond the packet headers and into the payload, as part of the decision to allow or drop the traffic. The effectiveness of DPI is limited by encryption. The firewall cannot protect against what it cannot see. This limitation is commonly overcome through the use of decryption of inbound traffic and re-encryption as the traffic leaves the firewall, which comes at a cost of higher CPU usage and added latency.
Dr segmentation part a little confusing
Sorry about that. I have a limited amount of time on the channel to cover a lot so some parts get squished, I’m afraid
@@jeffcrume I would really want to be one of your students some day.What a good tutor,i hope i can be able to explain concepts like these easily to my juniors
IBM knows BSV is the real Bitcoin. BTC is not bitcoin.
WHAT all this time I thought a firewall was a wall of fire that destroys bad shit, not a wall that stops fires from geting in
I been in IT for 8 years 😂😂must be my christian upbringing and watching too much megaman as a kid😅😭
Sorry to disappoint …😂😂
I wonder if he has a good relationship with his wife... zero-trust.
😂