Failing badly
Encyclopedia
Failing badly and failing well are concepts in systems security and network security
describing how a system reacts to failure
. The terms have been popularized by Bruce Schneier
, a cryptographer
and security consultant.
A system that fails badly is one that fails catastrophically once failure occurs. A single point of failure
can thus bring down the whole system. Examples include:
A system that fails well is one that compartmentalizes or contains failure. Examples include:
Designing a system to 'fail well' has also been alleged to be a better use of limited security funds than the typical quest to eliminate all potential sources of errors and failure.
Network security
In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...
describing how a system reacts to failure
Failure
Failure refers to the state or condition of not meeting a desirable or intended objective, and may be viewed as the opposite of success. Product failure ranges from failure to sell the product to fracture of the product, in the worst cases leading to personal injury, the province of forensic...
. The terms have been popularized by Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
, a cryptographer
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
and security consultant.
A system that fails badly is one that fails catastrophically once failure occurs. A single point of failure
Single point of failure
A single point of failure is a part of a system that, if it fails, will stop the entire system from working. They are undesirable in any system with a goal of high availability or reliability, be it a business practice, software application, or other industrial system.-Overview:Systems can be made...
can thus bring down the whole system. Examples include:
- DatabaseDatabaseA database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model relevant aspects of reality , in a way that supports processes requiring this information...
s (such as credit cardCredit cardA credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services...
databases) protected only by a passwordPasswordA password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
. Once this security is breached, all data can be accessed. - Buildings depending on a single column or truss, whose removal would cause a chain reaction collapse under normal loads.
- Security checks which concentrate on establishing identity, not intent (thus allowing, for example, suicideSuicideSuicide is the act of intentionally causing one's own death. Suicide is often committed out of despair or attributed to some underlying mental disorder, such as depression, bipolar disorder, schizophrenia, alcoholism, or drug abuse...
attackers to pass). - InternetInternetThe Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
access provided by a single service providerInternet service providerAn Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
. If the provider's network fails, all Internet connectivity is lost. - Ring networkRing networkA ring network is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node - a ring...
s in which the failure of a single node or connection between nodes brings down the entire network.
A system that fails well is one that compartmentalizes or contains failure. Examples include:
- Compartmentalized hulls in watercraft, ensuring that a hull breach in one compartment will not flood the entire vessel.
- Databases that do not allow downloads of all data in one attempt, limiting the amount of compromised data.
- Structurally redundantRedundancy (engineering)In engineering, redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the case of a backup or fail-safe....
buildings conceived to resist loads beyond those expected under normal circumstances, or resist loads when the structure is damaged. - ConcreteConcreteConcrete is a composite construction material, composed of cement and other cementitious materials such as fly ash and slag cement, aggregate , water and chemical admixtures.The word concrete comes from the Latin word...
structures, which show fractureFractureA fracture is the separation of an object or material into two, or more, pieces under the action of stress.The word fracture is often applied to bones of living creatures , or to crystals or crystalline materials, such as gemstones or metal...
s long before breaking under load, thus giving early warning. - Armoured cockpitCockpitA cockpit or flight deck is the area, usually near the front of an aircraft, from which a pilot controls the aircraft. Most modern cockpits are enclosed, except on some small aircraft, and cockpits on large airliners are also physically separated from the cabin...
doors on airplanes, which confine a potential hijacker within the cabin even if they are able to bypass airport security checks. - Internet connectivity provided by more than one vendor or discrete path, known as multihomingMultihomingMultihoming is a technique used to increase the reliability of the Internet connection for an IP network. As an adjective, it is typically used to describe a customer, rather than an Internet service provider network...
. - StarStar networkStar networks are one of the most common computer network topologies. In its simplest form, a star network consists of one central switch, hub or computer, which acts as a conduit to transmit messages...
or mesh networks, which can continue to operate when a node or connection has failed (though for a star network, failure of the central hub will still cause the network to fail).
Designing a system to 'fail well' has also been alleged to be a better use of limited security funds than the typical quest to eliminate all potential sources of errors and failure.