funsec mailing list archives
10 Laws of Networking [just for fun!]
From: Donal <irldexter () gmail com>
Date: Mon, 9 Feb 2009 22:44:24 +1100
10 laws of networking (evolving) Remember a few simple paradigms. ================================ 1) The risk profile of a network or fabric is greater than the aggregate of the risk profiles for each of its endpoint/client connected nodes or services. 2) Never underestimate physical *and* logical separation. Ask yourself what happens if the mgmt control plane goes down or gets stuck in 'flipmode'? 3) Protect your management and control plane above all else, try not to have them in-path with the data plane. IT is change management, if you can't manage your resources, you may as well not have them. 4) Where are your policy enforcement points which facilitate auditability and visibility? AAA is a must! 5) Always use subnets and NETBLOCKs to separate traffic when you can [e.g. good address management], as QOS on subnets is easier than QOS on discrete flows. 6) Darkness is not good. Instrument and gather telemetry from your network. Inbound poll and outbound trap at a minimum. Baselining and trending helps. 7) Always look at logs, sessions and empirical data rather than listening to conjecture and hearsay. 8) Abstraction layers are a good thing such that logical resources and physical resources can move without affecting one another. Loose coupling not tight coupling is the order of the day. 9) Always use loopbacks or virtual interfaces to manage devices where possible. [see 8] 10) In-path tests are the only things that represent what a client or endpoint sees. Up isn't always up, sometimes it's down. Note: This is evolving, please leave comments on adds, moves and changes including priorities! http://bsdosx.blogspot.com/2009/02/10-laws-of-networking-partial.html -- ________________________________________________________________________________ Donal ( http://bsdosx.blogspot.com/ ) "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." E. F. Schumacher _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 10 Laws of Networking [just for fun!] Donal (Feb 09)