This series on cybersecurity architecture has to be one of the best I've watched. It covers all the important concepts and explains them so well, making them easy to understand and visualize. Jeff is a real Maestro... Bravo!
He is the most skilled teacher in this industry who is a native English speaker. Not only he is smart, experienced, and knowledgeable, but he also knows how to teach a beginner. Thats very important when it comes to teaching. Also, you can never teach something with this quality if you haven’t master the topic yourself. In Kurdish we say “if you can’t teach it to a kid, you haven’t mastered it yet.”
Thank you for all the kind words! That saying you quoted is very true. I have found I had to dig deeper and improve my own understanding in order to develop this material
Not going to lie, I learned this in school and have been in GRC for a few years now. This was one thing that always held me back because I didn't have practical knowledge. He just made it sound so simple right now and covered in my opinion alot of advanced stuff in under 30 minutes. Bravo
This is really shaping up to be an excellent series. It's a perfect mid-level view of cybersecurity, not overly technical but also not so broad that it lacks meaning to a beginner. I started my first cybersecurity job a few months ago and this video pretty much captures everything I'm working with on a daily basis. It's rare to find so much good information in one place, great job.
Thanks so much @CubensisEnjoyer! I’m really glad to hear that you are enjoying the series and that it is hitting the mark for you. It’s always a challenge to try to hit that sweet spot of have substantive content without being overly technical. Good to know that we’re getting there for you!
I love your content and how clear you are about all of it. I would love a deeper cybercsecurity course teached by you, maybe even with hands on. Thanks for teaching 💪
I’m so glad you are enjoying the series! I do a deeper version of this in the course I teach at NC State University but it’s only available in the classroom, unfortunately, so I came up with this reduced format version for the channel to at least get out some of the basics
I really appreciate your presentation style, it's just amazing. That content gives enough insights on the security architecture covering all the security aspects. Thanks for sharing.
The best facilitator i have come across so far. Wowww, coming from a background of zero knowledge i learnt and grasped so much in this short time. Thank you so much, I was almost backing out till i came across this video
I cannot state how much those course and especially this particular video has helped me, thank you. The domain I’ve been falling short on, on my sec+ practice tests is the architecture. Also memorizing all the dang acronyms, this has helped so very much, and I thank you.
Watching this guy reminds me of when my 7th grade teacher had us watching Bill Nye almost every day, very informative and presents it in a fun yet comprehensive way.
Some heavy content on this video. There is so much to talk about and so little time. It would be great to have you go deeper into some/all of these subjects. But it is nonetheless amazing to have this presentation so well done, and for free on this platform. Thank you again
thank you professor. Your explanation and demonstration of cybersecurity concept and methods to defend network resources are easy to follow and understand. Appreciate your time very much. I am very interested in in learning more about methods to identify cyber key terrain assets and map different assets, data flow maps, etc, and assess its vulnerability. thanks in advance if you have time to put a presentation together next time
Network security has always been something I am not so good at understanding but Jeff you have explained these concepts so well :) thank you so much :)
I've almost finished my Coursera IBM Cybersecurity course and this is a great extra series of videos for me to review my studies! Thanks for posting this series!😁👍
Hi Jeff, Many thanks for this series. In a limited time you've managed to cover network security brilliantly. I need to know how i can thoroughly understand technology infrastructure and network designs and call out gaps in security so controls can be implemented?
1 through 5 were pretty much spot on. Some of the comments around SPI, VPN, and (micro-)segmentaion seemed a bit off. Looking inside the packet payload is still mostly regular packet inspection. As you said but perhaps not forcefully enough, the stateful part is where that packet fits within a larger sequence/flow/protocol. I've never heard anyone else call SSH a form of VPN. Some VPNs use SSH vs. IPSEC to make an encrypted connection from point A to B, but that seems a different concept. I rarely hear people discussing segmentation in that sort of left-to-right from secure to private context. I usually hear that term within one of those areas for splitting up dev, qa, and production (internal) or mail servers, dns servers, and web servers (dmz/external). But, that may just be what I hear most... Overall, very good stuff...
I’m glad you liked it. Unfortunately, the “guards, guns and gates” of physical security are areas where I would be out of my depth since all of my work has been in infosec
Very much interested in each and every video content from you, so Yes for wifi, 5G security as well. Also would love to hear the transition story from network perimeterized security to Zero Trust as and when you can share
Dear Professor, There needs to be a correction where the SPI (Stateful Packet Inspection) you mention looks into the packet contents (5:39 of the video). In reality, the SPI looks at the packet state so the firewall knows where the packet originated to help with return traffic. The Deep Packet Inspection is where the content is also assessed by firewalls.
Good point. So often I’ve found these two combined at the product level that the lines get blurred so I went with the usage that I thought people are likely to run into
Exactly my thought. He conflates stateful filtering and deep packet inspection. Also, describing SSH as a VPN is a great example of where the OSI model fails to reflect the real world. A more important point, I think, and also something that beginners often don't realize, is that VPN does not necessarily always include encryption, e.g. MPLS. But, this is not a networking tutorial,so that may be too out of bounds.
Actually, a less detailed and less convoluted explanation of SASE is probably more appropriate for this series. SASE is really about extending the security perimeter from the edge of the corporate network to the remote endpoint ( think user with their laptop at home or in the coffee shop ). The details of how that is accomplished vary by vendor because SASE is only defined at a high level, and has a hardware component ( SD-WAN ) that also varies widely by vendor.
I really combined both in my description of SPI in the interest of time but technically SPI is about considering state/order of the packets whereas deep PI is about digging deeper past the header into the details of the payload/data
A more detailed answer to the question. First, consider the packet filtering firewall. It operates on the 5-tuple ( protocol, source and destination IP address, source and destination port ) in only one direction. Thus, two rules are required to allow bi-directional traffic. Generally, the packet filtering firewall is in the form of an Access Control List (ACL) on a physical device, and is not a physical device on its own. The stateful firewall eliminates the single direction limitation by implementing a connection table that tracks traffic in one direction and automatically implements policy to allow the traffic to return. Only one rule is required to allow bi-directional traffic. This type of firewall is commonly a physical device, but can take the form of a type of ACL or software on a host ( i.e. Windows Firewall ). Deep packet inspection is not directly related to either of the two firewall types, although it is most commonly found in stateful firewalls. DPI simply refers to the fact that the firewall can look beyond the packet headers and into the payload, as part of the decision to allow or drop the traffic. The effectiveness of DPI is limited by encryption. The firewall cannot protect against what it cannot see. This limitation is commonly overcome through the use of decryption of inbound traffic and re-encryption as the traffic leaves the firewall, which comes at a cost of higher CPU usage and added latency.
@@jeffcrume I would really want to be one of your students some day.What a good tutor,i hope i can be able to explain concepts like these easily to my juniors
WHAT all this time I thought a firewall was a wall of fire that destroys bad shit, not a wall that stops fires from geting in I been in IT for 8 years 😂😂must be my christian upbringing and watching too much megaman as a kid😅😭
This series on cybersecurity architecture has to be one of the best I've watched. It covers all the important concepts and explains them so well, making them easy to understand and visualize. Jeff is a real Maestro... Bravo!
This is one of the best network Lay man explanations. This is the view I have ever seen
I agree. Fabulous stuff.
He is the most skilled teacher in this industry who is a native English speaker. Not only he is smart, experienced, and knowledgeable, but he also knows how to teach a beginner. Thats very important when it comes to teaching. Also, you can never teach something with this quality if you haven’t master the topic yourself.
In Kurdish we say “if you can’t teach it to a kid, you haven’t mastered it yet.”
Thank you for all the kind words! That saying you quoted is very true. I have found I had to dig deeper and improve my own understanding in order to develop this material
I work in IT, I feel like I'm in a conference room with a colleague. This instructor is super easy to comprehend and retain.
Thanks so much for saying so! Glad you liked it!
Not going to lie, I learned this in school and have been in GRC for a few years now. This was one thing that always held me back because I didn't have practical knowledge. He just made it sound so simple right now and covered in my opinion alot of advanced stuff in under 30 minutes. Bravo
I’m so glad to hear that you liked it! Thanks for saying so!
This is really shaping up to be an excellent series. It's a perfect mid-level view of cybersecurity, not overly technical but also not so broad that it lacks meaning to a beginner. I started my first cybersecurity job a few months ago and this video pretty much captures everything I'm working with on a daily basis. It's rare to find so much good information in one place, great job.
Thanks so much @CubensisEnjoyer! I’m really glad to hear that you are enjoying the series and that it is hitting the mark for you. It’s always a challenge to try to hit that sweet spot of have substantive content without being overly technical. Good to know that we’re getting there for you!
Jeff Crume is the man !
You are far too kind!
This is porbably the best and well-put together Cybersecurity Series I've seen, well done and Thank you for your content.
Thank you for saying so!
I love your content and how clear you are about all of it. I would love a deeper cybercsecurity course teached by you, maybe even with hands on. Thanks for teaching 💪
I love ginni rometty
I’m so glad you are enjoying the series! I do a deeper version of this in the course I teach at NC State University but it’s only available in the classroom, unfortunately, so I came up with this reduced format version for the channel to at least get out some of the basics
This is by far the best series on Cyber Security.
Thanks so much for saying so!
I really appreciate your presentation style, it's just amazing. That content gives enough insights on the security architecture covering all the security aspects. Thanks for sharing.
You are very kind to say so! Comments like yours make it all worthwhile!
This is such a high-quality education series! Thank you! Would love to watch a session on SWG or proxy.
Thanks so much!
Jeff the way that you explain each lesson has immensely helped me in learning concepts about Security Architecture. Thank you
I’m so glad to hear that these videos are helping!
The best facilitator i have come across so far. Wowww, coming from a background of zero knowledge i learnt and grasped so much in this short time. Thank you so much, I was almost backing out till i came across this video
I cannot state how much those course and especially this particular video has helped me, thank you. The domain I’ve been falling short on, on my sec+ practice tests is the architecture. Also memorizing all the dang acronyms, this has helped so very much, and I thank you.
I love hearing this! Glad it helped
Watching this guy reminds me of when my 7th grade teacher had us watching Bill Nye almost every day,
very informative and presents it in a fun yet comprehensive way.
I am not a CSE.I only have some surface level knowledge on CS. This and other video enriched my management capability. Thanks Sir.
Glad to hear that it helped!
Please, definitely expand on any and all subjects you want :) Great series! thanks!
Glad you liked it!
Some heavy content on this video. There is so much to talk about and so little time. It would be great to have you go deeper into some/all of these subjects. But it is nonetheless amazing to have this presentation so well done, and for free on this platform. Thank you again
thank you professor. Your explanation and demonstration of cybersecurity concept and methods to defend network resources are easy to follow and understand. Appreciate your time very much. I am very interested in in learning more about methods to identify cyber key terrain assets and map different assets, data flow maps, etc, and assess its vulnerability. thanks in advance if you have time to put a presentation together next time
Thanks for the feedback! Those topics may be a bit deep for this channel but I’ll see what I can do going forward
IBM cybersecurity series are just fantastic ! Congrats to these great engineers and their teams. Great Job !
Thank you for watching!
Network security has always been something I am not so good at understanding but Jeff you have explained these concepts so well :) thank you so much :)
I am looking forward to more courses like these from you, Jeff!
Thanks so much!
Thank you Jeff and the IBM Team for this incredibly insightful & informative yet easy to digest series.
You explain very nicely, clear, concise and to the point, please explain a bit about 5G, wifi and nw security capabilities. Many thanks
Glad you liked it!
I give you a 100..and thanks so much for this eloquent explanation
Please talk more about network security, this is very good topic.
I've almost finished my Coursera IBM Cybersecurity course and this is a great extra series of videos for me to review my studies! Thanks for posting this series!😁👍
Can you guide me how to complete the course in Coursera.I am interested to do.
Awesome! Best of luck with your learning journey!
Jeff, you are fantastic.
You are far too kind!
Hey Jeff, Thanks for sharing this knowledge ..
My pleasure! Thanks for watching!
Much appreciated, thank you for sharing!
Nice explanation
Thanks for saying so!
Hi Jeff, Many thanks for this series. In a limited time you've managed to cover network security brilliantly. I need to know how i can thoroughly understand technology infrastructure and network designs and call out gaps in security so controls can be implemented?
So glad you liked it. I can only get into the beginnings here but I hope it helps
Very interesting lectures and understandable.
Sir Thanks for your response.
Thank you for your efforts to create this series. 🙏
You’re most welcome!
The best teacher ❤
Thanks @kent_calvin! Very nice of you to say so!
Amazing presentation on Networks...definitely talk about 5G technology Jeff🤝
very detailed and practical in explanation.
Your videos are amazing! Thank you for creating this content.
Thanks for saying so!
would love to hear about 5 g, loving this series
1 through 5 were pretty much spot on. Some of the comments around SPI, VPN, and (micro-)segmentaion seemed a bit off. Looking inside the packet payload is still mostly regular packet inspection. As you said but perhaps not forcefully enough, the stateful part is where that packet fits within a larger sequence/flow/protocol. I've never heard anyone else call SSH a form of VPN. Some VPNs use SSH vs. IPSEC to make an encrypted connection from point A to B, but that seems a different concept. I rarely hear people discussing segmentation in that sort of left-to-right from secure to private context. I usually hear that term within one of those areas for splitting up dev, qa, and production (internal) or mail servers, dns servers, and web servers (dmz/external). But, that may just be what I hear most... Overall, very good stuff...
Amazing content and delivery.. Thank you🎉🎉🎉
thank you that was well explained in a very insightful way .
Thanks, appreciate this.
it is great video i like the idea and the explanation of the holistic view of the concept, but please cover Wifi and 5AG in a separate video
I will alike to understand more about 5G
I would love to receive more information about the physical layer
5G and WIFI networks
Very interesting and well-explained
Superb
Thank you for this masterpiece!!!
Superb lecture!!!
Glad you liked it!
I am interested in more physical topic like Wifi and 5G, please, make a video about it
First to view this video 😀
Hi, This video helped me a lot in understanding network security. Could you please make a video on Physical security as well? Thank you :)
I’m glad you liked it. Unfortunately, the “guards, guns and gates” of physical security are areas where I would be out of my depth since all of my work has been in infosec
I would be very interested in 5G and Wifi Network-Security aspects. Thanks for the great content!
loved it. it is very helpful
Much appreciated sir
Interesante
Very clear. Thank you.
Good Explane, Thanks
Good one as always 🤞🏾
Thank you!
Thanks!
Very much interested in each and every video content from you, so Yes for wifi, 5G security as well. Also would love to hear the transition story from network perimeterized security to Zero Trust as and when you can share
same here
This is too powerful
Dear Professor,
There needs to be a correction where the SPI (Stateful Packet Inspection) you mention looks into the packet contents (5:39 of the video). In reality, the SPI looks at the packet state so the firewall knows where the packet originated to help with return traffic. The Deep Packet Inspection is where the content is also assessed by firewalls.
Good point. So often I’ve found these two combined at the product level that the lines get blurred so I went with the usage that I thought people are likely to run into
Exactly my thought. He conflates stateful filtering and deep packet inspection. Also, describing SSH as a VPN is a great example of where the OSI model fails to reflect the real world. A more important point, I think, and also something that beginners often don't realize, is that VPN does not necessarily always include encryption, e.g. MPLS. But, this is not a networking tutorial,so that may be too out of bounds.
Please make seperate video on SASE common products from various vendors and comparison for enterprise
Well, I believe I am not the only one interested in more details related to wifi, 5G and all know future tehnologies and how AI can help
SUBCRIBED 👍👍
Thank you!
Interesting
Interested in the physical networking side like 5G and Wi-Fi. Please do make the video content. Thank you
Please do create a video on Wifi
❤❤❤❤
Need more detailed explanation about SASE.
Actually, a less detailed and less convoluted explanation of SASE is probably more appropriate for this series. SASE is really about extending the security perimeter from the edge of the corporate network to the remote endpoint ( think user with their laptop at home or in the coffee shop ). The details of how that is accomplished vary by vendor because SASE is only defined at a high level, and has a hardware component ( SD-WAN ) that also varies widely by vendor.
Hello #IBM
Please make video on sase
🙏🙌🏽
What is the difference between SPI and deep PI ?
I really combined both in my description of SPI in the interest of time but technically SPI is about considering state/order of the packets whereas deep PI is about digging deeper past the header into the details of the payload/data
A more detailed answer to the question. First, consider the packet filtering firewall. It operates on the 5-tuple ( protocol, source and destination IP address, source and destination port ) in only one direction. Thus, two rules are required to allow bi-directional traffic. Generally, the packet filtering firewall is in the form of an Access Control List (ACL) on a physical device, and is not a physical device on its own.
The stateful firewall eliminates the single direction limitation by implementing a connection table that tracks traffic in one direction and automatically implements policy to allow the traffic to return. Only one rule is required to allow bi-directional traffic. This type of firewall is commonly a physical device, but can take the form of a type of ACL or software on a host ( i.e. Windows Firewall ).
Deep packet inspection is not directly related to either of the two firewall types, although it is most commonly found in stateful firewalls. DPI simply refers to the fact that the firewall can look beyond the packet headers and into the payload, as part of the decision to allow or drop the traffic. The effectiveness of DPI is limited by encryption. The firewall cannot protect against what it cannot see. This limitation is commonly overcome through the use of decryption of inbound traffic and re-encryption as the traffic leaves the firewall, which comes at a cost of higher CPU usage and added latency.
with this multi tiered dmz aproaches how do you conquer latency thats added per hop?
Typically, the firewalling functions operate at wire speed so there really is no noticeable lag
Dr segmentation part a little confusing
Sorry about that. I have a limited amount of time on the channel to cover a lot so some parts get squished, I’m afraid
@@jeffcrume I would really want to be one of your students some day.What a good tutor,i hope i can be able to explain concepts like these easily to my juniors
24K
IBM knows BSV is the real Bitcoin. BTC is not bitcoin.
730
WHAT all this time I thought a firewall was a wall of fire that destroys bad shit, not a wall that stops fires from geting in
I been in IT for 8 years 😂😂must be my christian upbringing and watching too much megaman as a kid😅😭
Sorry to disappoint …😂😂
Harris John Allen Charles Lewis Sandra
I wonder if he has a good relationship with his wife... zero-trust.
😂
Traffic is king ! It’s the best time to slip in. 🥸