WEBVTT

1
00:00:00.000 --> 00:00:01.470
In this lesson,

2
00:00:01.470 --> 00:00:04.890
we will learn about access control systems.

3
00:00:04.890 --> 00:00:08.370
Access control systems are mechanisms designed

4
00:00:08.370 --> 00:00:11.580
to ensure that only authorized individuals

5
00:00:11.580 --> 00:00:14.430
can access resources and information

6
00:00:14.430 --> 00:00:17.130
based on their identity and permissions.

7
00:00:17.130 --> 00:00:20.130
Access control systems may be classified

8
00:00:20.130 --> 00:00:23.730
as either physical or logical control systems.

9
00:00:23.730 --> 00:00:26.040
Physical access control systems

10
00:00:26.040 --> 00:00:28.860
manage entry to physical locations

11
00:00:28.860 --> 00:00:31.110
such as buildings or server rooms

12
00:00:31.110 --> 00:00:36.110
using methods such as RFID key cards or biometric scanners.

13
00:00:36.750 --> 00:00:40.680
Logical access control systems manage digital access

14
00:00:40.680 --> 00:00:43.740
to enterprise networks using passwords

15
00:00:43.740 --> 00:00:47.940
or multi-factor authentication to verify user identity

16
00:00:47.940 --> 00:00:51.870
and enforce permissions to access network resources.

17
00:00:51.870 --> 00:00:53.880
Let's learn more about physical

18
00:00:53.880 --> 00:00:57.000
and logical access control systems.

19
00:00:57.000 --> 00:01:00.750
First, we have physical access control systems.

20
00:01:00.750 --> 00:01:02.940
Physical access control systems

21
00:01:02.940 --> 00:01:07.500
manage entry to physical locations such as office buildings,

22
00:01:07.500 --> 00:01:12.210
server rooms, or secure areas using various technologies

23
00:01:12.210 --> 00:01:16.620
to verify a person's identity before granting access.

24
00:01:16.620 --> 00:01:20.700
One common example of a physical access control system

25
00:01:20.700 --> 00:01:22.980
is an RFID key card.

26
00:01:22.980 --> 00:01:27.060
RFID stands for Radio Frequency Identification,

27
00:01:27.060 --> 00:01:32.010
and an RFID card works by using electromagnetic fields

28
00:01:32.010 --> 00:01:35.520
to automatically identify and track tags,

29
00:01:35.520 --> 00:01:40.020
which in this case are embedded in RFID key cards.

30
00:01:40.020 --> 00:01:44.550
When an individual taps or holds their RFID key card

31
00:01:44.550 --> 00:01:46.770
near an RFID reader,

32
00:01:46.770 --> 00:01:49.410
the reader sends out a radio signal

33
00:01:49.410 --> 00:01:52.620
to power up the chip inside the card.

34
00:01:52.620 --> 00:01:54.960
Once powered, the chip transmits

35
00:01:54.960 --> 00:01:59.730
its unique identification number or tag back to the reader,

36
00:01:59.730 --> 00:02:02.100
which then checks the system's database

37
00:02:02.100 --> 00:02:06.150
to verify whether the card holder is authorized access.

38
00:02:06.150 --> 00:02:10.379
This system is widely used in office buildings, hotels,

39
00:02:10.379 --> 00:02:12.420
and parking garages.

40
00:02:12.420 --> 00:02:16.050
Another widely used physical access control system

41
00:02:16.050 --> 00:02:17.940
is biometric scanning.

42
00:02:17.940 --> 00:02:22.170
Biometric scanners rely on unique biological traits

43
00:02:22.170 --> 00:02:26.490
such as fingerprints, facial recognition, iris scans,

44
00:02:26.490 --> 00:02:30.000
or retina scans to verify identity.

45
00:02:30.000 --> 00:02:34.200
Biometric systems are used in high-security areas

46
00:02:34.200 --> 00:02:37.650
because they provide a higher level of security

47
00:02:37.650 --> 00:02:41.010
compared to standard RFID key cards.

48
00:02:41.010 --> 00:02:44.820
For example, fingerprint scanners are often installed

49
00:02:44.820 --> 00:02:48.210
at data centers or sensitive government facilities,

50
00:02:48.210 --> 00:02:49.830
where it's critical to ensure

51
00:02:49.830 --> 00:02:54.780
that only specific individuals can enter sensitive areas.

52
00:02:54.780 --> 00:02:56.310
As an alternative to

53
00:02:56.310 --> 00:02:59.550
or used in conjunction with biometric scanners,

54
00:02:59.550 --> 00:03:03.210
businesses may incorporate keypad entry systems.

55
00:03:03.210 --> 00:03:06.420
Keypad entry systems require individuals

56
00:03:06.420 --> 00:03:10.560
to enter a unique PIN to gain access to an area.

57
00:03:10.560 --> 00:03:14.340
Finally, each of these physical access control systems

58
00:03:14.340 --> 00:03:17.940
can be integrated with an access control vestibule,

59
00:03:17.940 --> 00:03:19.980
also known as a mantrap.

60
00:03:19.980 --> 00:03:24.360
An access control vestibule consists of two sets of doors

61
00:03:24.360 --> 00:03:27.660
designed to allow only one person to pass through

62
00:03:27.660 --> 00:03:30.630
at a time to enter a secure area

63
00:03:30.630 --> 00:03:32.820
through an access control vestibule,

64
00:03:32.820 --> 00:03:36.270
an individual first passes through the outer door,

65
00:03:36.270 --> 00:03:38.490
usually using a verification method

66
00:03:38.490 --> 00:03:43.290
such as an RFID key card, keypad entry, biometric scan,

67
00:03:43.290 --> 00:03:45.060
or a combination of methods.

68
00:03:45.060 --> 00:03:47.220
Once inside the vestibule,

69
00:03:47.220 --> 00:03:51.060
the outer door closes before an inner door opens,

70
00:03:51.060 --> 00:03:54.630
ensuring that only one person gains access at a time.

71
00:03:54.630 --> 00:03:58.020
This setup of door openings and closings

72
00:03:58.020 --> 00:04:00.660
prevents an attack called tailgating.

73
00:04:00.660 --> 00:04:03.720
Tailgating is when an unauthorized person

74
00:04:03.720 --> 00:04:06.540
follows someone into a secure area.

75
00:04:06.540 --> 00:04:07.890
In some cases,

76
00:04:07.890 --> 00:04:10.860
additional verification may be required

77
00:04:10.860 --> 00:04:15.210
in the access control vestibule while both doors are closed

78
00:04:15.210 --> 00:04:18.360
and the user is in the middle of the entry.

79
00:04:18.360 --> 00:04:21.270
Access control vestibules are commonly used

80
00:04:21.270 --> 00:04:24.510
in high-security environments like data centers,

81
00:04:24.510 --> 00:04:27.810
financial institutions, and government buildings.

82
00:04:27.810 --> 00:04:31.620
Second, we have logical access control systems.

83
00:04:31.620 --> 00:04:33.780
Logical access control systems

84
00:04:33.780 --> 00:04:36.480
manage digital access to networks

85
00:04:36.480 --> 00:04:39.450
and are designed to verify user identity

86
00:04:39.450 --> 00:04:43.770
before granting access to sensitive data or resources.

87
00:04:43.770 --> 00:04:48.570
Logical access typically involves methods such as passwords,

88
00:04:48.570 --> 00:04:51.870
multi-factor authentication, and smart cards.

89
00:04:51.870 --> 00:04:55.470
One of the most common forms of logical access control

90
00:04:55.470 --> 00:04:57.630
is the use of passwords.

91
00:04:57.630 --> 00:05:01.680
While passwords are easy to implement and widely used,

92
00:05:01.680 --> 00:05:04.020
they come with certain limitations.

93
00:05:04.020 --> 00:05:06.210
If passwords are weekly constructed

94
00:05:06.210 --> 00:05:09.180
or reused across multiple platforms,

95
00:05:09.180 --> 00:05:11.340
they can be easily compromised.

96
00:05:11.340 --> 00:05:13.770
For this reason, many organizations

97
00:05:13.770 --> 00:05:16.350
encourage the use of complex passwords

98
00:05:16.350 --> 00:05:20.580
and recommend changing them regularly to enhance security.

99
00:05:20.580 --> 00:05:23.460
To strengthen security beyond passwords,

100
00:05:23.460 --> 00:05:27.570
many organizations rely on multi-factor authentication,

101
00:05:27.570 --> 00:05:28.860
or MFA.

102
00:05:28.860 --> 00:05:31.590
MFA requires users to provide two

103
00:05:31.590 --> 00:05:34.110
or more authentication factors,

104
00:05:34.110 --> 00:05:36.360
which are different types of credentials

105
00:05:36.360 --> 00:05:38.790
used to verify their identity.

106
00:05:38.790 --> 00:05:41.520
In fact, there are three primary types

107
00:05:41.520 --> 00:05:43.200
of authentication factors.

108
00:05:43.200 --> 00:05:46.110
Something you know, like a password or PIN,

109
00:05:46.110 --> 00:05:49.860
something you have, such as a smartphone or security token,

110
00:05:49.860 --> 00:05:51.690
and something you are,

111
00:05:51.690 --> 00:05:54.810
such as biometric traits like your fingernails

112
00:05:54.810 --> 00:05:56.430
or facial recognition.

113
00:05:56.430 --> 00:05:59.910
For example, in a typical MFA setup,

114
00:05:59.910 --> 00:06:01.740
after entering a password

115
00:06:01.740 --> 00:06:05.190
using the something you know authentication factor,

116
00:06:05.190 --> 00:06:09.330
a user might receive a one-time code sent to their phone,

117
00:06:09.330 --> 00:06:10.980
which is something that they have,

118
00:06:10.980 --> 00:06:13.200
or use an authenticator app,

119
00:06:13.200 --> 00:06:15.210
which is also something that they have,

120
00:06:15.210 --> 00:06:17.970
to generate a code for authentication.

121
00:06:17.970 --> 00:06:21.030
This combination of factors strengthen security

122
00:06:21.030 --> 00:06:24.510
by making it much harder for unauthorized users

123
00:06:24.510 --> 00:06:28.830
to gain access, even if they obtain a user's password.

124
00:06:28.830 --> 00:06:32.130
By requiring multiple forms of verification,

125
00:06:32.130 --> 00:06:36.960
MFA significantly reduces the risk of account compromise.

126
00:06:36.960 --> 00:06:40.350
Another example of logical access control

127
00:06:40.350 --> 00:06:42.540
is the use of smart cards.

128
00:06:42.540 --> 00:06:46.830
A smart card is a physical card with an embedded chip

129
00:06:46.830 --> 00:06:50.790
that contains encrypted information about the user.

130
00:06:50.790 --> 00:06:54.900
To gain access to a system, the user inserts the card

131
00:06:54.900 --> 00:06:57.630
or taps it on a contactless reader.

132
00:06:57.630 --> 00:07:00.120
The system reads the data from the chip

133
00:07:00.120 --> 00:07:02.070
to authenticate the user.

134
00:07:02.070 --> 00:07:03.780
Smart cards often work

135
00:07:03.780 --> 00:07:06.420
in conjunction with a PIN or password,

136
00:07:06.420 --> 00:07:09.480
adding an additional layer of security.

137
00:07:09.480 --> 00:07:12.900
Smart cards are commonly used in corporate settings

138
00:07:12.900 --> 00:07:16.830
and government offices to secure access to computers,

139
00:07:16.830 --> 00:07:20.820
networks, or even specific software applications.

140
00:07:20.820 --> 00:07:24.270
For example, an employee might use a smart card

141
00:07:24.270 --> 00:07:26.160
to log into their computer

142
00:07:26.160 --> 00:07:30.870
or access confidential information on a secure server.

143
00:07:30.870 --> 00:07:35.730
So, remember, physical and logical access control systems

144
00:07:35.730 --> 00:07:40.730
are used to regulate who can access specific physical spaces

145
00:07:40.950 --> 00:07:42.750
or digital networks.

146
00:07:42.750 --> 00:07:45.000
Physical access control systems

147
00:07:45.000 --> 00:07:48.900
manage entry to locations like buildings or server rooms

148
00:07:48.900 --> 00:07:53.040
using technologies like key cards, biometric scanners,

149
00:07:53.040 --> 00:07:55.320
or keypad entry systems.

150
00:07:55.320 --> 00:07:59.670
Logical access control systems regulate digital access,

151
00:07:59.670 --> 00:08:04.110
ensuring only authorized users can access sensitive data

152
00:08:04.110 --> 00:08:07.260
or networks using methods like passwords,

153
00:08:07.260 --> 00:08:11.340
multi-factor authentication, and smart cards.

154
00:08:11.340 --> 00:08:16.230
Both systems rely on verifying the identity of the user,

155
00:08:16.230 --> 00:08:18.600
either through something that they know,

156
00:08:18.600 --> 00:08:22.140
something that they have, or something that they are.

157
00:08:22.140 --> 00:08:25.080
Integrating these access control systems

158
00:08:25.080 --> 00:08:28.950
and authentication factors increases security

159
00:08:28.950 --> 00:08:32.340
and helps protect both physical and digital assets

160
00:08:32.340 --> 00:08:34.833
from unauthorized access.