WEBVTT 1 00:00:00.000 --> 00:00:01.530 In this lesson, 2 00:00:01.530 --> 00:00:05.250 we will learn about subject access control. 3 00:00:05.250 --> 00:00:08.760 Subject access is the mechanism that determines 4 00:00:08.760 --> 00:00:12.060 and enforces which subjects have access 5 00:00:12.060 --> 00:00:16.110 to specific resources within a network environment. 6 00:00:16.110 --> 00:00:18.900 Subjects are defined as users, 7 00:00:18.900 --> 00:00:22.320 processes, devices, and services. 8 00:00:22.320 --> 00:00:25.890 A user is an individual entity that requires 9 00:00:25.890 --> 00:00:29.040 and receives access to resources. 10 00:00:29.040 --> 00:00:33.240 Next, a process is an instance of a program 11 00:00:33.240 --> 00:00:36.715 that requires permissions to perform operations 12 00:00:36.715 --> 00:00:41.190 on behalf of a user or system function. 13 00:00:41.190 --> 00:00:44.670 Next, a device is any physical 14 00:00:44.670 --> 00:00:48.090 or virtual hardware that connects to the network. 15 00:00:48.090 --> 00:00:51.090 Devices often require authentication 16 00:00:51.090 --> 00:00:55.110 to ensure they are authorized to access resources. 17 00:00:55.110 --> 00:00:58.410 Finally, a service is a system function 18 00:00:58.410 --> 00:01:01.950 or application that operates continuously 19 00:01:01.950 --> 00:01:04.135 in the background, providing users 20 00:01:04.135 --> 00:01:08.070 the seamless machine interaction they expect. 21 00:01:08.070 --> 00:01:11.700 Services manage tasks like processing data, 22 00:01:11.700 --> 00:01:15.690 handling requests, and maintaining system performance, 23 00:01:15.690 --> 00:01:19.950 all without requiring direct user intervention. 24 00:01:19.950 --> 00:01:23.520 Services may also interact with other services, 25 00:01:23.520 --> 00:01:27.420 devices or users and must be controlled 26 00:01:27.420 --> 00:01:30.210 to prevent unauthorized access. 27 00:01:30.210 --> 00:01:33.900 Let's learn more about subject access control 28 00:01:33.900 --> 00:01:36.900 in relation to users, processes, 29 00:01:36.900 --> 00:01:40.110 devices, and service subjects. 30 00:01:40.110 --> 00:01:42.540 First we have users. 31 00:01:42.540 --> 00:01:44.610 The users are individuals 32 00:01:44.610 --> 00:01:49.200 or entities that need access to resources within a system, 33 00:01:49.200 --> 00:01:50.550 for example, 34 00:01:50.550 --> 00:01:55.200 an employee logging into a company's network to check email 35 00:01:55.200 --> 00:01:58.620 or access files is considered a user. 36 00:01:58.620 --> 00:02:02.640 Subject access control ensures that each user 37 00:02:02.640 --> 00:02:05.400 has the correct permissions based on their 38 00:02:05.400 --> 00:02:08.400 role, like an accountant having access 39 00:02:08.400 --> 00:02:12.870 to financial records while a software developer does not, 40 00:02:12.870 --> 00:02:15.660 this prevents unauthorized access 41 00:02:15.660 --> 00:02:18.570 and keeps sensitive information secure 42 00:02:18.570 --> 00:02:22.920 by only allowing users to see what they need for their jobs 43 00:02:22.920 --> 00:02:24.540 and nothing else. 44 00:02:24.540 --> 00:02:27.300 Second, we have processes. 45 00:02:27.300 --> 00:02:32.070 Processes are instances of programs that run on behalf 46 00:02:32.070 --> 00:02:35.100 of a user or system function. 47 00:02:35.100 --> 00:02:38.220 For example, when you open a web browser 48 00:02:38.220 --> 00:02:39.930 to check your email, 49 00:02:39.930 --> 00:02:44.400 that web browser is a process running on your computer. 50 00:02:44.400 --> 00:02:47.970 Processes often need specific permissions 51 00:02:47.970 --> 00:02:52.020 to perform their tasks, such as accessing a file 52 00:02:52.020 --> 00:02:54.330 or connecting to the internet. 53 00:02:54.330 --> 00:02:58.380 Subject access control manages these permissions 54 00:02:58.380 --> 00:03:02.010 to ensure that processes only perform actions 55 00:03:02.010 --> 00:03:04.650 that are safe and necessary. 56 00:03:04.650 --> 00:03:07.680 If a process tries to access data 57 00:03:07.680 --> 00:03:11.460 or perform an action it is not authorized for, 58 00:03:11.460 --> 00:03:15.390 access control prevents it protecting the system 59 00:03:15.390 --> 00:03:18.630 from potential threats like malware. 60 00:03:18.630 --> 00:03:21.150 Third, we have devices. 61 00:03:21.150 --> 00:03:23.730 Devices include any physical 62 00:03:23.730 --> 00:03:27.420 or virtual hardware that connects to the network, 63 00:03:27.420 --> 00:03:31.860 such as laptops, smartphones, or virtual machines. 64 00:03:31.860 --> 00:03:34.830 Devices must authenticate themselves 65 00:03:34.830 --> 00:03:37.980 to confirm they are authorized to connect 66 00:03:37.980 --> 00:03:40.260 and access resources. 67 00:03:40.260 --> 00:03:43.710 For example, when you connect your work laptop 68 00:03:43.710 --> 00:03:46.710 to the office wifi the device may need 69 00:03:46.710 --> 00:03:50.370 to pass security checks to ensure it's up to date 70 00:03:50.370 --> 00:03:53.580 and compliant with any company policies. 71 00:03:53.580 --> 00:03:58.290 Subject access control helps by checking device credentials, 72 00:03:58.290 --> 00:04:02.670 ensuring that only approved devices can access the network 73 00:04:02.670 --> 00:04:04.590 and blocking unauthorized, 74 00:04:04.590 --> 00:04:07.680 or potentially compromised devices. 75 00:04:07.680 --> 00:04:11.130 Fourth and last, we have services. 76 00:04:11.130 --> 00:04:13.800 Services are system functions 77 00:04:13.800 --> 00:04:16.260 or applications that operate 78 00:04:16.260 --> 00:04:19.590 and run continuously in the background. 79 00:04:19.590 --> 00:04:22.890 Managing tasks like processing data, 80 00:04:22.890 --> 00:04:27.720 handling user requests, or maintaining system performance. 81 00:04:27.720 --> 00:04:31.380 Examples of services include email, 82 00:04:31.380 --> 00:04:36.030 file sharing applications, or database management systems. 83 00:04:36.030 --> 00:04:39.960 These services interact with users, devices, 84 00:04:39.960 --> 00:04:44.960 and other services often without direct user involvement. 85 00:04:45.210 --> 00:04:49.340 Subject access control regulates these interactions 86 00:04:49.340 --> 00:04:52.800 by defining what each service can access 87 00:04:52.800 --> 00:04:55.560 and what actions it can perform. 88 00:04:55.560 --> 00:04:59.220 For instance, an email service might have permission 89 00:04:59.220 --> 00:05:01.380 to send and receive messages, 90 00:05:01.380 --> 00:05:03.660 but should not have direct access 91 00:05:03.660 --> 00:05:05.940 to sensitive financial records. 92 00:05:05.940 --> 00:05:09.600 So by controlling service access like this, 93 00:05:09.600 --> 00:05:12.570 the system prevents unauthorized access 94 00:05:12.570 --> 00:05:16.830 and helps maintain the integrity of operations. 95 00:05:16.830 --> 00:05:20.250 So remember, subject access control 96 00:05:20.250 --> 00:05:23.430 determines and enforces which subjects 97 00:05:23.430 --> 00:05:27.720 have access to specific resources within a network 98 00:05:27.720 --> 00:05:30.630 where subjects include users, 99 00:05:30.630 --> 00:05:34.260 processes, devices, and services. 100 00:05:34.260 --> 00:05:38.490 Subject access control insurers users only have 101 00:05:38.490 --> 00:05:42.000 the permissions necessary for their rules, 102 00:05:42.000 --> 00:05:46.800 preventing unauthorized access to sensitive information. 103 00:05:46.800 --> 00:05:51.210 Next processes are instances of running programs 104 00:05:51.210 --> 00:05:55.336 that are granted permissions to only perform their tasks. 105 00:05:55.336 --> 00:05:59.190 Next devices include both physical 106 00:05:59.190 --> 00:06:02.820 and virtual hardware That must authenticate 107 00:06:02.820 --> 00:06:05.490 to prove it is authorized to connect 108 00:06:05.490 --> 00:06:08.520 and access network resources. 109 00:06:08.520 --> 00:06:12.360 Finally, services operate in the background 110 00:06:12.360 --> 00:06:13.739 to manage tasks 111 00:06:13.739 --> 00:06:15.390 and are controlled 112 00:06:15.390 --> 00:06:19.380 to ensure they only access the resources necessary 113 00:06:19.380 --> 00:06:21.180 for their functions, 114 00:06:21.180 --> 00:06:25.203 protecting the system from unauthorized access.