HOME

TheInfoList



Click Here for Items Related To - Fail Well
OR:
Fail Well on:   [Wikipedia]   [Google]   [Amazon]

Failing badly and failing well are concepts in systems security and
network security Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves th ...
(and engineering in general) describing how a system reacts to
failure Failure is the state or condition of not meeting a desirable or intended objective, and may be viewed as the opposite of success. The criteria for failure depends on context, and may be relative to a particular observer or belief system. One ...
. The terms have been popularized by
Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Ce ...
, a
cryptographer Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adv ...
and security consultant.Homeland Insecurity
, ''
Atlantic Monthly ''The Atlantic'' is an American magazine and multi-platform publisher. It features articles in the fields of politics, foreign affairs, business and the economy, culture and the arts, technology, and science. It was founded in 1857 in Boston, ...
'', September 2002


Failing badly

A system that fails badly is one that has a catastrophic result when failure occurs. A
single point of failure A single point of failure (SPOF) is a part of a system that, if it fails, will stop the entire system from working. SPOFs are undesirable in any system with a goal of high availability or reliability, be it a business practice, software appl ...
can thus bring down the whole system. Examples include: *
Database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases spa ...
s (such as
credit card A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's accrued debt (i.e., promise to the card issuer to pay them for the amounts plus the o ...
databases) protected only by a
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
. Once this security is breached, all data can be accessed. *
Fracture critical The National Bridge Inventory (NBI) is a database, compiled by the Federal Highway Administration, with information on all bridges and tunnels in the United States that have roads passing above or below them. That is similar to the grade-crossing ...
structures, such as buildings or bridges, that depend on a single column or truss, whose removal would cause a chain reaction collapse under normal loads. * Security checks which concentrate on establishing identity, not intent (thus allowing, for example, suicide attackers to pass). *
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...
access provided by a single
service provider A service provider (SP) is an organization that provides services, such as consulting, legal, real estate, communications, storage, and processing services, to other organizations. Although a service provider can be a sub-unit of the organization t ...
. If the provider's
network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...
fails, all Internet connectivity is lost. * Systems, including social ones, that rely on a single person, who, if absent or becomes permanently unavailable, halts the entire system. *
Brittle A material is brittle if, when subjected to stress, it fractures with little elastic deformation and without significant plastic deformation. Brittle materials absorb relatively little energy prior to fracture, even those of high strength. ...
materials, such as "over- reinforced concrete", when overloaded, fail suddenly and catastrophically with no warning. * Keeping the only copy of data in one central place. That data is lost forever when that place is damaged, such as the
1836 U.S. Patent Office fire The 1836 U.S. Patent Office fire was the first of two major fires the U.S. Patent Office has had in its history. It occurred in Blodget's Hotel building, Washington on December 15, 1836. An initial investigation considered the possibility of ...
, the American 1973
National Personnel Records Center fire The National Personnel Records Center fire of 1973, also known as the 1973 National Archives fire, was a fire that occurred at the Military Personnel Records Center in the St. Louis suburb of Overland, Missouri, from July 12–16, 1973. The f ...
, and the
destruction of the Library of Alexandria The Great Library of Alexandria in Alexandria, Egypt, was one of the largest and most significant libraries of the ancient world. The Library was part of a larger research institution called the Mouseion, which was dedicated to the Muses, t ...
.


Failing well

A system that fails well is one that compartmentalizes or contains its failure. Examples include: * Compartmentalized hulls in watercraft, ensuring that a hull breach in one compartment will not flood the entire vessel. * Databases that do not allow downloads of all data in one attempt, limiting the amount of compromised data. * Structurally redundant buildings conceived to resist loads beyond those expected under normal circumstances, or resist loads when the structure is damaged. * Computer systems that restart or proceed to a stopped state when an invalid operation occurs. * Access control systems that are locked when power is cut to the unit. *
Concrete Concrete is a composite material composed of fine and coarse aggregate bonded together with a fluid cement (cement paste) that hardens (cures) over time. Concrete is the second-most-used substance in the world after water, and is the most ...
structures which show fractures long before breaking under load, thus giving early warning. * Armoured cockpit doors on airplanes, which confine a potential hijacker within the cabin even if they are able to bypass airport security checks. * Internet connectivity provided by more than one vendor or discrete path, known as
multihoming Multihoming is the practice of connecting a host or a computer network to more than one network. This can be done in order to increase reliability or performance. A typical host or end-user network is connected to just one network. Connecting ...
. *
Star A star is an astronomical object comprising a luminous spheroid of plasma held together by its gravity. The nearest star to Earth is the Sun. Many other stars are visible to the naked eye at night, but their immense distances from Earth make ...
or
mesh network A mesh network is a local area network topology in which the infrastructure nodes (i.e. bridges, switches, and other infrastructure devices) connect directly, dynamically and non-hierarchically to as many other nodes as possible and cooperate wit ...
s, which can continue to operate when a node or connection has failed (though for a star network, failure of the central hub will still cause the network to fail). *
Ductile Ductility is a mechanical property commonly described as a material's amenability to drawing (e.g. into wire). In materials science, ductility is defined by the degree to which a material can sustain plastic deformation under tensile stres ...
materials, such as "under- reinforced concrete", when overloaded, fail gradually – they yield and stretch, giving some warning before ultimate failure. * Making a backup copy of all important data and storing it in a separate place. That data can be recovered from the other location when either place is damaged. Designing a system to 'fail well' has also been alleged to be a better use of limited security funds than the typical quest to eliminate all potential sources of errors and failure.
Failing Well with Information Security
'' - Young, William; Apogee Ltd Consulting, 2003


See also

* * * * *


References

{{Reflist Engineering failures Systems theory Security engineering