funsec mailing list archives

Previous By Date Next
Previous By Thread Next

10 Laws of Networking [just for fun!]

From: Donal <irldexter () gmail com>
Date: Mon, 9 Feb 2009 22:44:24 +1100
10 laws of networking (evolving)

Remember a few simple paradigms.
================================
1) The risk profile of a network or fabric is greater than the
aggregate of the risk profiles for each of its endpoint/client
connected nodes or services.
2) Never underestimate physical *and* logical separation. Ask yourself
what happens if the mgmt control plane goes down or gets stuck in
'flipmode'?
3) Protect your management and control plane above all else, try not
to have them in-path with the data plane. IT is change management, if
you can't manage your resources, you may as well not have them.
4) Where are your policy enforcement points which facilitate
auditability and visibility? AAA is a must!
5) Always use subnets and NETBLOCKs to separate traffic when you can
[e.g. good address management], as QOS on subnets is easier than QOS
on discrete flows.
6) Darkness is not good. Instrument and gather telemetry from your
network. Inbound poll and outbound trap at a minimum. Baselining and
trending helps.
7) Always look at logs, sessions and empirical data rather than
listening to conjecture and hearsay.
8) Abstraction layers are a good thing such that logical resources and
physical resources can move without affecting one another. Loose
coupling not tight coupling is the order of the day.
9) Always use loopbacks or virtual interfaces to manage devices where
possible. [see 8]
10) In-path tests are the only things that represent what a client or
endpoint sees. Up isn't always up, sometimes it's down.

Note: This is evolving, please leave comments on adds, moves and
changes including priorities!
http://bsdosx.blogspot.com/2009/02/10-laws-of-networking-partial.html

-- 
________________________________________________________________________________
Donal ( http://bsdosx.blogspot.com/ )

"Any intelligent fool can make things bigger, more complex, and more
violent. It takes a touch of genius -- and a lot of courage -- to move
in the opposite direction." E. F. Schumacher
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: