Skip to main content

Network Antipatterns

(Compiled from AWS, Azure, Google and and other community sources)

The following are antipatterns to avoid:

  • Your data centers are the transit point for all data.
  • Without being aware of the necessary utilization, you create too many Direct Connect links.
  • You fail to factor in workload features and encryption effects when creating your networking solutions.
  • You employ on-premises tactics and techniques to formulate cloud-based solutions.
  • Instead of putting workloads in an AWS Region closest to your customers, you place them in the AWS Region near your company HQ.
  • You do not assess your workload execution and constantly analyze it in comparison to the benchmark.
  • You disregard the possibility of optimizing service settings for better performance.
  • You assess VPN solutions to meet your network encryption demands.
  • You do not consider backup or alternative connectivity choices.
  • You apply conventional settings for routers, tunnels, and BGP sessions.
  • You do not recognize or determine all workload prerequisites (encryption, protocol, bandwidth and traffic wants).
  • You route all web traffic through current load balancers.
  • You utilize basic TCP load balancing and making each compute node manage SSL encryption.
  • You use TCP for all workloads no matter of performance requirements.
  • You gather all workload resources into one geographical area.
  • You select the closest region to your location but not to the workload end user.
  • You assume that all performance-related issues are application-related.
  • You only evaluate your network performance from a location nearby where you have deployed the workload.

Avoid:

  • Centralized network architecture:
    • A single point of failure is created when a single network is responsible for the entire system.
  • Complex network topology:
    • Complex topologies can lead to reduced network performance, security risks, and increased costs for maintenance and troubleshooting.
  • Overuse of broadcast traffic:
    • Excessive broadcast traffic can lead to network congestion and reduced performance.
  • Poor quality of service (QoS) design:
    • A poorly designed QoS system can cause network congestion and delay, leading to poor application performance and user experience.
  • Inadequate bandwidth management:
    • Not managing bandwidth properly can lead to network congestion and slower application performance.
  • Inefficient routing:
    • Inefficient routing can cause network congestion and delay, which can affect the performance of the entire system.
  • Unsecured network perimeter:
    • An unsecured network perimeter can make it easier for attackers to access the network and exploit vulnerabilities.
  • Insufficient network access controls:
    • Without proper access controls, unauthorized users can gain access to sensitive data and systems.
  • Inadequate network monitoring:
    • Insufficient network monitoring can lead to missed security events and performance issues, which can have a serious impact on the business.
  • Inadequate disaster recovery and business continuity planning:
    • Without proper disaster recovery and business continuity planning, the network can be vulnerable to disruptions, outages, and data loss.
  • Insufficient network segmentation:
    • Insufficient network segmentation can allow attackers to move laterally within the network and gain access to sensitive data and systems.
  • Failure to keep network equipment and software up to date:
    • Not keeping network equipment and software up to date can leave the network vulnerable to known security vulnerabilities and performance issues.
  • Lack of network segmentation:
    • Failing to properly segment your network can make it easier for attackers to move laterally within your infrastructure and increase the potential damage in case of a successful attack.
  • Weak encryption:
    • If you are relying on weak encryption protocols or algorithms, you are putting your network and data at risk. Ensure that you are using the latest and most secure encryption standards to protect your network.
  • Unsecured remote access:
    • Allowing remote access to your network without proper security controls in place can lead to unauthorized access and data breaches. Ensure that all remote access is encrypted and secured using strong authentication protocols.
  • Lack of redundancy:
    • Not having redundant network components or connections can result in costly downtime if a critical component fails. Plan for redundancy and failover to ensure high availability.
  • Inadequate access controls:
    • Failing to properly configure access controls can result in unauthorized access to sensitive network resources. Make sure that access controls are in place and periodically reviewed to ensure they remain effective.
  • Poorly configured firewalls:
    • Misconfigured firewalls can lead to security vulnerabilities and create opportunities for attackers to gain unauthorized access. Ensure that your firewalls are properly configured and updated to prevent unauthorized access.
  • No network monitoring:
    • Failing to monitor your network can lead to delayed detection of security incidents, which can result in prolonged attacks and increased damage. Implement a network monitoring solution to detect suspicious activity and respond quickly to potential threats.

Antipatterns fro Remote Dev Administration

  • Sharing login credentials:
    • Sharing login credentials such as username and password is a significant security risk, as it makes it difficult to track who is accessing the system.
  • Allowing remote access via unsecured channels:
    • Remote access should be provided only through secure channels such as VPN, SSH, and HTTPS. Using unsecured channels such as Telnet, FTP, and HTTP exposes the system to potential security threats.
  • Allowing unrestricted access:
    • Providing unrestricted access to a system's network to remote developers can be a significant security risk. Access should be granted only to the specific resources required for development.
  • Lack of multifactor authentication:
    • Remote developer access should include multifactor authentication to ensure that only authorized users can access the system.
  • Lack of encryption:
    • All data transmitted over the network should be encrypted to ensure that sensitive information cannot be intercepted.
  • Insufficient logging:
    • Logging access to the system is important to track who is accessing the system and what actions they are taking.
  • Using default credentials:
    • Using default credentials such as "admin" and "password" is a significant security risk, as attackers can easily guess these credentials.
  • Not regularly reviewing access:
    • Access to the system should be reviewed regularly to ensure that remote developers still require access and that they are not accessing resources they should not have access to.
  • Lack of firewalls and intrusion detection systems:
    • Firewalls and intrusion detection systems are essential for protecting the system from unauthorized access.
  • Lack of policies and procedures:
    • Policies and procedures should be in place to govern remote developer access. These policies should outline the access requirements, authentication procedures, and procedures for granting and revoking access.