- Failing badly
"Failing badly" and "failing well" are concepts in systems security and
network securitydescribing how a system reacts to failure. The terms have been popularized by Bruce Schneier, a cryptographer and security consultant. [ [http://charlesmann.org/articles/Homeland-Insecurity-Atlantic.pdf Homeland Insecurity] , " Atlantic Monthly", September 2002]
A system that fails badly is one that fails "catastrophically" once failure occurs. A
single point of failurecan thus bring down the whole system. Examples include:
Databases (such as credit carddatabases) protected only by a password. Once this security is breached, all data can be stolen.
*Buildings depending on a single column or truss, whose removal would cause a chain reaction collapse under normal loads.
*Security checks which concentrate on establishing identity, not intent (thus allowing, for example,
suicideattackers to pass).
Internetaccess provided by a single service provider. If the provider's network fails, all Internet connectivity is lost.
A system that fails well is one that "compartmentalizes" or "contains" failure. Examples include:
*Databases that do not allow downloads of all data in one attempt, limiting the amount of compromised data.
*Structurally redundant buildings conceived to resist loads beyond those expected under normal circumstances, or resist loads when the structure is damaged.
Concretestructures, which show fractures long prior to breaking under load, thus giving early warning.
cockpitdoors on airplanes, which confine a potential hijacker within the cabin even if they are able to bypass airport security checks.
*Internet connectivity provided by more than one vendor or discrete path, known as
Designing a system to 'fail well' has also been alleged to be a better use of limited security funds than the typical quest to eliminate all potential sources of errors and failure. [" [http://www.apogee.co.nz/docs/FailingWell.pdf Failing Well with Information Security] " - Young, William; Apogee Ltd Consulting, 2003]
Wikimedia Foundation. 2010.