The Five Biggest Network No-Nos

If it is human to err, then it is almost inevitable that any network conceived by human intelligence and built by human hands is going to have problems. Mistakes happen, and they can range from the downright disastrous to the mildly infuriating. The good news, according to Forester Research analyst Robert Whiteley, is that organizations have gotten good enough at their networks that disasters are comparatively rare.

That doesn't mean that organizations don't commit a few blunders along the way, but the no-nos are more a question of having a network operate below expectations than one that doesn't function at all. "There's a difference between a network that just works and one that can support new applications," he says. "So mistakes aren't really so binary. They're just things that make work harder than it should be."

It is, of course, a whole lot easier to avoid the five top network no-nos when you're starting with a clean slate, but few organizations have that luxury. With network expansion, however, Whiteley says that it's possible for companies to at least not make mistakes that they've made before. "You don't see many greenfield builds anymore," he says. "But we get a lot of questions about things like cabling, probably because companies are building data centers, so there are pockets of network design where you can get things right, right from the start."

With that in mind, there are a whole range of things organizations can do to achieve better living through networking, and they all come down to avoiding common mistakes. These are the top five:

1. Ignoring network management tools: "People often forget about management tools when they're building a new network or looking at the one they have," Whiteley says. "Most hardware vendors provide management software with their products these days, but there is a whole tier of software that can give visibility into the network as a whole."The bottom line is that, without sniffers (software that intercepts and analyzes network traffic) and software to bind the whole management process together, you'll be running your network blind. For networks to operate at their optimal level, you need to be able to see things like traffic patterns, and though network management tools can be added after the build, companies rarely budget for the additional expense.

"There are ways to reduce you operational burden if you do it from the beginning," Whiteley says. "The no-no is not planning or budgeting for it."

2. Inefficient wireless network design: With the growing ubiquity of wireless local area networks (WLANs) in organizations around the globe, this can be a common issue. The good news is that, with no cables to pull, it's a problem that can be fixed. WLANs grew originally as convenient overlays to wired networks, but increasingly, they're being deployed as extensions of existing networks, and that makes design even more important.

Wireless networking carries its own security and architectural baggage that must be addressed if its going to be an effective part of the network, rather than a drag on efficiency. "Companies didn't originally think about these things in the design stage," Whiteley says. "One thing you see now is companies that simply have a blanket 'no wireless policy,' but that's risky. Someone can bring in a rogue Linksys router if he feels this is something he needs, but the company won't do."

Even if you're not investing in wireless as a priority technology, you still need to address it before your employees address it themselves. "The no-no is simply avoiding or dismissing wireless -- because you can't," Whitely says. "You might have a negative stance, but you have to have a policy."3. Investing only in perimeter security: The best thing about perimeter security is that it has a technological solution. You can buy a firewall or an intrusion prevention system and drop it into the network. The problem is that security threats don't just come from outside.

"There's a massive disconnect between people buying traditional perimeter security technologies in growing numbers, while the number of attacks from within the network is growing," Whiteley says. "You need to look at things like internal access control and IPS as well."

The problem is that, as they become more complex, the distinction between network insides and outsides has become blurred. "The perimeter is getting more porous," Whiteley says. "The no-no is to just invest there."

4. Underestimating the time it takes to build internal security: Even if a company does make a point of securing its network from the inside, there's a lot of work to do. It's one thing to put controls throughout the network, but it's another thing to turn them on and make sure they function the way you need them to.

Most importantly, with internal security increasingly becoming more of a policy issue than a point problem, it's easy to forget that you need policies to make it work. "Network access control (NAC) is a policy-based infrastructure, for example," Whiteley says. "So it's not just technology. Policies take time to develop and deploy."The no-no is to believe that technology alone can solve everything, Whiteley says and, more importantly, that it can be easily standardized.

5. Throwing bandwidth at the problem: "This really doesn't work anymore," Whiteley says. "It was legitimate for a long time to think that, as Moore's law kicks in, you could just increase network bandwidth to solve traffic problems."

The problem is that networking is no longer just a question of moving bits and packets from one network location to another. "As we move to an applications-dominated world, it's not bandwidth that's going to solve network problems," Whiteley says. "What solves problems is dealing with things like latency and actually turning QoS on. It's a question of designing an efficient network architecture. Just throwing bandwidth at problems only creates bottlenecks."