Fail Secure – The Correct Way to Crash

Do you think there is a right way to crash?  A system crash sounds like a bad thing all around, but there are safe ways for a system to crash and dangerous ways.  Systems can crash in a way that allows attackers to exploit the data on them or to install back doors gaining control over the system.  In a term called “Fail Secure,” systems are designed in such a way that they fail and then start up without introducing new security vulnerabilities for attackers to exploit.

Let’s look at three areas where systems should fail secure; communication channels, access control systems, and default configurations.  In communication channels, use public key cryptography for communication initialization.  In this way, when new sessions are created, key material will not be exchanged in plain text for an attacker to read.  Likewise, access control systems should deny requests when they fail.  How many times in movies have you seen a person bash a keypad to gain entry to a system?  Attackers perform something similar such as disconnecting the power from a device to gain entry.  These devices should be configured so that they stay locked even when they fail.  Avoid default configurations on systems and disable the ability for a system to roll back to a default state.  Some devices have a button or a menu item that will allow you to reset to factory defaults, but this can create a security hole in your network since many devices have their default configurations well documented.

Share Button

Leave a Reply