EP 107: SDP 6: Fail-safe Defaults

https://www.yourcyberpath.com/107/

In this episode, we go back to the Security Design Principles series, this time we are discussing Failsafe Defaults.

Failsafe defaults simply means that the default condition of a system should always be to deny.

An example of a failsafe default is the security reference monitor (SRM) that has been implemented in Windows operating systems since Windows NT. The SRM prevents access to any actions like logging on, accessing a file, or printing something unless the user presents a token to prove that they should have access to a file or an action.

There will always be two choices for failsafe defaults - to fail close or to fail open. The DoD and government organization side will tend toward using the fail close option, while the commercial and more streamlined companies will definitely prefer to fail open.

There will always be this challenge between security and operations. More security means less operations and more inconveniences, while prioritizing operations means that security will not be the best. It all depends on your organization and its goals.

Understanding failsafe defaults and other security design principles will help you become a better analyst and produce more secure, robust, and functional systems.

What You’ll Learn

●    What is Failsafe Defaults?

●    What are some examples for Failsafe defaults?

●     What is the Security Reference Monitor?

●     What is the difference between failing close and failing open?

Relevant Websites For This Episode

●    Akylade Certified Cyber Resilience Fundamentals (A/CCRF)

●   Your Cyber Path

●   IRRESISTIBLE: How to Land Your Dream Cybersecurity Position

●   The Cyber Risk Management Podcast

Other Relevant Episodes

●   Episode 103 - SDP 4: Compromise Recording

●   Episode 105 - SDB 5: Work Factor

●   Episode 101 -   SDP 3: Economy of Mechanism