CISSP Tip 1

CISSP Tip 1

Yasser Auda Yasser Auda

Yasser Auda

Cisco VIP , .:|:.:|:. CCIE#45694 CCSI#34215, CISSP, MSc Computer Networking & Cyber Security

发布日期: 2018年10月1日
+ 关注

Fail-safe vs Fail-secure in three different domains or topics

Physical Security

Doorways with automatic locks can be configured to be fail-safe or fail-secure.

fail-safe setting means that if a power fail , the doors default to being unlocked.

(protecting people is important more than anything)

fail-secure setting means that if a power fail , the doors default to being locked .

(If people do not need to use this door for escape during an emergency, importance priority goes to protecting Assets)

when it comes to doors we could see a third term "fail-soft"

fail-soft locks default to being locked or unlocked depending on the sensitivity of the data and systems in an area , like open from inside only doors

Systems & Networking Devices

Systems (ex:Firewall / IPS systems) can be designed so that they fail in a fail-secure state or a fail-open state.

A fail-secure (aka fail-close) system will default to a secure state in the event of a failure, blocking all access. (security is important more than availability )

A fail-open system will fail in an open state, granting all access. (availability is important more than security)

Software Security (OS)

Fail-secure and fail-open In spite of the best efforts of programmers, product designers, and project managers, developed applications

programmers should design into their code a general sense of how to respond to and handle failures.

There are two basic choices when planning for system failure:

The fail-secure failure state puts the system into a high level of security and possibly even disables it entirely until an administrator can diagnose the problem and restore the system to normal operation (closing just the application or possibly stopping the operation of the entire host system.). this is the common used option . example : windows Blue Screen of Death (BSOD).

The programmer should consider the activities that occur after a fail-secure operation occurs.

The options are to remain in a fail-secure state or to automatically reboot the system.

The fail-open state allows users to bypass failed security controls, erring on the side of permissiveness.

要查看或添加评论,请登录

Yasser Auda的更多文章

  • New CCNA 200-301 Official Materials
    2019年8月23日

    New CCNA 200-301 Official Materials

    Here is my opinion for the New CCNA official Material from Cisco after 5 days of Alpha Review & hard working with the…

    3 条评论
  • Filling the Gaps for Cisco Enterprise Infra Certification [aka R&S]
    2019年8月10日

    Filling the Gaps for Cisco Enterprise Infra Certification [aka R&S]

    The following are devices going to be used in CCIE Enterprise Infra Lab exam , also its covered in CCNA & CCNP…

    8 条评论
  • Resources for Anti-Dinosaurs
    2019年7月9日

    Resources for Anti-Dinosaurs

    for Study Python , Study Network Programmability , Study Network Automation tools and Study Devops tools read the…

    3 条评论
  • CISSP Access Control Models
    2018年7月2日

    CISSP Access Control Models

    Access Control Models are frameworks that explain how subjects access objects. Every OS has a security kernel/reference…

    5 条评论
  • SD-WAN vs iWAN
    2018年6月26日

    SD-WAN vs iWAN

    Software-defined wide area networking (SD-WAN) is a specific application of software-defined networking (SDN)…

    4 条评论
  • CISSP 15-April 2018 Changes Summary
    2018年5月24日

    CISSP 15-April 2018 Changes Summary

    To understand these changes lets first go two versions back CISSP 2012 made from 10 Domains: Information Security…

    1 条评论
  • What is NSM (Security Onion) & SIEM (ELK)?
    2018年5月21日

    What is NSM (Security Onion) & SIEM (ELK)?

    Network Security Monitoring NSM is the collection, detection and analysis of network security data. The majority of NSM…

  • PMPv6 Changes Summary
    2018年5月17日

    PMPv6 Changes Summary

    If you preparing for PMPv6 exam, here is a list of notes you should take care of: 1-Read "AGILE PRACTICE GUIDE" book…

    1 条评论
  • TOP DevOops Tools for Cisco Pros
    2018年5月15日

    TOP DevOops Tools for Cisco Pros

    TOP DevOops Configuration Management, Automation tools & Containerization which made Infrastructure as Code: Puppet…

    2 条评论
  • A Must Study List [Topics & Tools]
    2018年4月23日

    A Must Study List [Topics & Tools]

    Here is what you need to learn to survive for next five years: Its open buffet, eat (study) as much as you can…

社区洞察

其他会员也浏览了