Initial Program Load - loading the operating system's kernel into the computer's main memory.
System shuts itself down in a controlled manner in response to a kernel (trusted computing base) failure
emergency system restart
system failure in an uncontrolled manner. Failure caused by a lower-privileged user - ex. attempting to access restricted memory segments
system cold start
An unexpected kernel or media failure happens and the regular recovery procedure cannot recover system to a more consistent state. Important that the system does not enter in an insecure state.
Operations - Steps after a system crash
1. enter into single mode - system will automatically boot up to a "single user mode" or must be manually booted to a "Recovery Console" These modes do not start services for users on the network. The administrator must be physically at the console or have a dial-in modem attached.
2. Fix Issue, Recover file - the system administrator will attempt to identify the cause of the shutdown. May need to roll-back or roll-forward a database. May be automatic or manual actions that need to occur before applications and services return to normal state.
3. Investigation of the problem suggest corruption (attack, user reconfiguration, hardware or software failure) - administrator needs to ensure that system files, and configuration files are consistent with their expected state. Administrator could look at cryptographic checksums of files (tripwire) or validate settings with documentation.
Security Concerns of system shutdown
Bootup sequence - only allow authorized users to change boot sequence - don't want an attacker to boot from CD etc.
Bypass System logs - attacker would be able to change configuration and remove tracks in logs
System forced shutdown - should be limited to administrators
Diagnostics messages and logs - should not be able to be re-routed. Access to messages should be restricted to authorized users.