Cybersecurity Architecture: Networks
HTML-код
- Опубликовано: 4 июл 2023
- IBM Security QRadar EDR → ibm.biz/BdymsM
IBM Security X-Force Threat Intelligence Index 2023 → ibm.biz/Bdymsv
Networks are your company's connection to the world, and therefore one of they key players in a cybersecurity architecture. In the sixth installment of the series, IBM Distinguished Engineer and Adjunct Professor Jeff Crume introduces and explains the elements of network security, including firewalls, VPNs, and lower-level topics like network packet security-risk detection.
Get started for free on IBM Cloud → ibm.biz/ibm-cloud-sign-up
Subscribe to see more videos like this in the future → ibm.biz/subscribe-now
#AI #Software #ITModernization #Cybersecurity #QRadar #JeffCrume #networksecurity
Jeff the way that you explain each lesson has immensely helped me in learning concepts about Security Architecture. Thank you
This series on cybersecurity architecture has to be one of the best I've watched. It covers all the important concepts and explains them so well, making them easy to understand and visualize. Jeff is a real Maestro... Bravo!
Thanks so very much for watching and taking the time to comment!
This is one of the best network Lay man explanations. This is the view I have ever seen
This is porbably the best and well-put together Cybersecurity Series I've seen, well done and Thank you for your content.
Thank you for saying so!
This is really shaping up to be an excellent series. It's a perfect mid-level view of cybersecurity, not overly technical but also not so broad that it lacks meaning to a beginner. I started my first cybersecurity job a few months ago and this video pretty much captures everything I'm working with on a daily basis. It's rare to find so much good information in one place, great job.
Thanks so much @CubensisEnjoyer! I’m really glad to hear that you are enjoying the series and that it is hitting the mark for you. It’s always a challenge to try to hit that sweet spot of have substantive content without being overly technical. Good to know that we’re getting there for you!
I am preparing for a job interview and this series is a very good refresher for my entry level CC certificate from ISC2 but with sufficient practical information to keep me on the edge. Thank you very much for your time and effort Jeff. If and when your time allows, could you please do a video on the ETC part? I want to hear you speak on that one as well. Thank you sir.
Jeff Crume is the man !
You are far too kind!
I cannot state how much those course and especially this particular video has helped me, thank you. The domain I’ve been falling short on, on my sec+ practice tests is the architecture. Also memorizing all the dang acronyms, this has helped so very much, and I thank you.
I love hearing this! Glad it helped
I loved how technical information has been simplified using simple diagrams, which beginners can relate to. I'm sure even the experts would have missed simple yet effective explanations like this. It was easy to understand which is why I stuck to it and didn't take my eyes off. It made learning easy and the pictures are going to stay in my head. Thank you for making learning simple and creating the quest.
Thanks so much for all the great feedback! This is what makes the effort all worthwhile!
I love your content and how clear you are about all of it. I would love a deeper cybercsecurity course teached by you, maybe even with hands on. Thanks for teaching 💪
I love ginni rometty
I’m so glad you are enjoying the series! I do a deeper version of this in the course I teach at NC State University but it’s only available in the classroom, unfortunately, so I came up with this reduced format version for the channel to at least get out some of the basics
This is by far the best series on Cyber Security.
Thanks so much for saying so!
He is the most skilled teacher in this industry who is a native English speaker. Not only he is smart, experienced, and knowledgeable, but he also knows how to teach a beginner. Thats very important when it comes to teaching. Also, you can never teach something with this quality if you haven’t master the topic yourself.
In Kurdish we say “if you can’t teach it to a kid, you haven’t mastered it yet.”
Thank you for all the kind words! That saying you quoted is very true. I have found I had to dig deeper and improve my own understanding in order to develop this material
Thanks to IBM for this entire series thats help for me
So glad you liked it!
I work in IT, I feel like I'm in a conference room with a colleague. This instructor is super easy to comprehend and retain.
Thanks so much for saying so! Glad you liked it!
Not going to lie, I learned this in school and have been in GRC for a few years now. This was one thing that always held me back because I didn't have practical knowledge. He just made it sound so simple right now and covered in my opinion alot of advanced stuff in under 30 minutes. Bravo
I’m so glad to hear that you liked it! Thanks for saying so!
I am not a CSE.I only have some surface level knowledge on CS. This and other video enriched my management capability. Thanks Sir.
Hey Jeff, Thanks for sharing this knowledge ..
My pleasure! Thanks for watching!
Please, definitely expand on any and all subjects you want :) Great series! thanks!
Glad you liked it!
IBM cybersecurity series are just fantastic ! Congrats to these great engineers and their teams. Great Job !
Thank you for watching!
This is such a high-quality education series! Thank you! Would love to watch a session on SWG or proxy.
Thanks so much!
I really appreciate your presentation style, it's just amazing. That content gives enough insights on the security architecture covering all the security aspects. Thanks for sharing.
You are very kind to say so! Comments like yours make it all worthwhile!
thank you professor. Your explanation and demonstration of cybersecurity concept and methods to defend network resources are easy to follow and understand. Appreciate your time very much. I am very interested in in learning more about methods to identify cyber key terrain assets and map different assets, data flow maps, etc, and assess its vulnerability. thanks in advance if you have time to put a presentation together next time
Thanks for the feedback! Those topics may be a bit deep for this channel but I’ll see what I can do going forward
The best facilitator i have come across so far. Wowww, coming from a background of zero knowledge i learnt and grasped so much in this short time. Thank you so much, I was almost backing out till i came across this video
You explain very nicely, clear, concise and to the point, please explain a bit about 5G, wifi and nw security capabilities. Many thanks
Glad you liked it!
Some heavy content on this video. There is so much to talk about and so little time. It would be great to have you go deeper into some/all of these subjects. But it is nonetheless amazing to have this presentation so well done, and for free on this platform. Thank you again
Much appreciated, thank you for sharing!
The best teacher ❤
Thanks @kent_calvin! Very nice of you to say so!
Amazing content and delivery.. Thank you🎉🎉🎉
Thanks, appreciate this.
Amazing presentation on Networks...definitely talk about 5G technology Jeff🤝
Thank you for your efforts to create this series. 🙏
You’re most welcome!
Very clear. Thank you.
I've almost finished my Coursera IBM Cybersecurity course and this is a great extra series of videos for me to review my studies! Thanks for posting this series!😁👍
Can you guide me how to complete the course in Coursera.I am interested to do.
Awesome! Best of luck with your learning journey!
Please talk more about network security, this is very good topic.
Thank you for this masterpiece!!!
Your videos are amazing! Thank you for creating this content.
Thanks for saying so!
Good Explane, Thanks
Superb
Good one as always 🤞🏾
1 through 5 were pretty much spot on. Some of the comments around SPI, VPN, and (micro-)segmentaion seemed a bit off. Looking inside the packet payload is still mostly regular packet inspection. As you said but perhaps not forcefully enough, the stateful part is where that packet fits within a larger sequence/flow/protocol. I've never heard anyone else call SSH a form of VPN. Some VPNs use SSH vs. IPSEC to make an encrypted connection from point A to B, but that seems a different concept. I rarely hear people discussing segmentation in that sort of left-to-right from secure to private context. I usually hear that term within one of those areas for splitting up dev, qa, and production (internal) or mail servers, dns servers, and web servers (dmz/external). But, that may just be what I hear most... Overall, very good stuff...
would love to hear about 5 g, loving this series
Nice explanation
Thanks for saying so!
I will alike to understand more about 5G
I would be very interested in 5G and Wifi Network-Security aspects. Thanks for the great content!
Hi, This video helped me a lot in understanding network security. Could you please make a video on Physical security as well? Thank you :)
I’m glad you liked it. Unfortunately, the “guards, guns and gates” of physical security are areas where I would be out of my depth since all of my work has been in infosec
First to view this video 😀
Dear Professor,
There needs to be a correction where the SPI (Stateful Packet Inspection) you mention looks into the packet contents (5:39 of the video). In reality, the SPI looks at the packet state so the firewall knows where the packet originated to help with return traffic. The Deep Packet Inspection is where the content is also assessed by firewalls.
Good point. So often I’ve found these two combined at the product level that the lines get blurred so I went with the usage that I thought people are likely to run into
Exactly my thought. He conflates stateful filtering and deep packet inspection. Also, describing SSH as a VPN is a great example of where the OSI model fails to reflect the real world. A more important point, I think, and also something that beginners often don't realize, is that VPN does not necessarily always include encryption, e.g. MPLS. But, this is not a networking tutorial,so that may be too out of bounds.
SUBCRIBED 👍👍
Thank you!
This is too powerful
I am interested in more physical topic like Wifi and 5G, please, make a video about it
Very much interested in each and every video content from you, so Yes for wifi, 5G security as well. Also would love to hear the transition story from network perimeterized security to Zero Trust as and when you can share
same here
Interesting
Interested in the physical networking side like 5G and Wi-Fi. Please do make the video content. Thank you
Please make seperate video on SASE common products from various vendors and comparison for enterprise
❤❤❤❤
Interesante
Need more detailed explanation about SASE.
Actually, a less detailed and less convoluted explanation of SASE is probably more appropriate for this series. SASE is really about extending the security perimeter from the edge of the corporate network to the remote endpoint ( think user with their laptop at home or in the coffee shop ). The details of how that is accomplished vary by vendor because SASE is only defined at a high level, and has a hardware component ( SD-WAN ) that also varies widely by vendor.
with this multi tiered dmz aproaches how do you conquer latency thats added per hop?
Typically, the firewalling functions operate at wire speed so there really is no noticeable lag
What is the difference between SPI and deep PI ?
I really combined both in my description of SPI in the interest of time but technically SPI is about considering state/order of the packets whereas deep PI is about digging deeper past the header into the details of the payload/data
A more detailed answer to the question. First, consider the packet filtering firewall. It operates on the 5-tuple ( protocol, source and destination IP address, source and destination port ) in only one direction. Thus, two rules are required to allow bi-directional traffic. Generally, the packet filtering firewall is in the form of an Access Control List (ACL) on a physical device, and is not a physical device on its own.
The stateful firewall eliminates the single direction limitation by implementing a connection table that tracks traffic in one direction and automatically implements policy to allow the traffic to return. Only one rule is required to allow bi-directional traffic. This type of firewall is commonly a physical device, but can take the form of a type of ACL or software on a host ( i.e. Windows Firewall ).
Deep packet inspection is not directly related to either of the two firewall types, although it is most commonly found in stateful firewalls. DPI simply refers to the fact that the firewall can look beyond the packet headers and into the payload, as part of the decision to allow or drop the traffic. The effectiveness of DPI is limited by encryption. The firewall cannot protect against what it cannot see. This limitation is commonly overcome through the use of decryption of inbound traffic and re-encryption as the traffic leaves the firewall, which comes at a cost of higher CPU usage and added latency.
Please make video on sase
Dr segmentation part a little confusing
Sorry about that. I have a limited amount of time on the channel to cover a lot so some parts get squished, I’m afraid
@@jeffcrume I would really want to be one of your students some day.What a good tutor,i hope i can be able to explain concepts like these easily to my juniors
IBM knows BSV is the real Bitcoin. BTC is not bitcoin.
WHAT all this time I thought a firewall was a wall of fire that destroys bad shit, not a wall that stops fires from geting in
I been in IT for 8 years 😂😂must be my christian upbringing and watching too much megaman as a kid😅😭
Sorry to disappoint …😂😂
I wonder if he has a good relationship with his wife... zero-trust.
😂