Security Architecture Anti-Patterns and Design Mistakes

FrancescoFaenzi 7 views 10 slides Mar 02, 2025
Slide 1
Slide 1 of 10
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10

About This Presentation

Common design mistakes to avoid in your security architecture? A guide for network designers, technical architects and security architects responsible for designing secure systems within organisations.

Size: 4.64 MB
Language: en
Added: Mar 02, 2025
Slides: 10 pages

Slide Content

Security Anti-Patterns Common design mistakes to avoid in your security architecture A guide for network designers, technical architects and security architects responsible for designing secure systems within organisations. FF da Francesco Faenzi

Agenda 1 Introduction Common patterns to avoid in system designs and why they're problematic. 2 Anti-pattern 1 'Browse-up' for administration - when administration is performed from less trusted devices. 3 Anti-pattern 2 Management bypass - when layered defences can be short-cut via the management plane. 4 Anti-pattern 3 Back-to-back firewalls - implementing the same controls with two firewalls in series. 5 Anti-pattern 4 Building an 'on-prem' solution in the cloud - replicating traditional infrastructure in cloud environments. 6 Anti-pattern 5 Uncontrolled third party access - allowing unfettered remote access without constraints or monitoring. 7 Anti-pattern 6 The un-patchable system - when systems cannot be patched due to 24/7 operational requirements.

Security Anti-patterns Common mistakes to avoid in security architecture A practical guide for network designers, technical architects, and security architects responsible for designing secure systems within organizations. We will explore the most common patterns to avoid and why they can compromise the security of your systems.

Anti-pattern 1: 'Browse-up' for Administration The Problem Administration performed from devices less trusted than the system being administered. Why It's Bad Compromised credentials or session hijacking can give attackers control of your system. Better Approach: 'Browse-down' Use trusted devices for administration. Perform riskier activities in separate processing contexts.

Anti-pattern 2: Management Bypass The Problem Layered defences in network data plane can be short-cut via the management plane. 1 How to Identify Management interfaces from different layers connected to a single switch without corresponding layers. 2 Better Approach Build similar layered defences into management planes as you have in data planes. 3

Anti-pattern 3: Back-to-back Firewalls The Problem Same controls implemented by two firewalls in series, often from different manufacturers. Why It's Bad Adds cost, complexity, and maintenance overheads for little benefit. Better Approach One well-maintained, well-configured firewall is better than two poorly maintained ones. Exception Contract enforcement point between two entities connecting to each other.

Anti-pattern 4: 'On-prem' Solution in the Cloud The Problem Building the same solution in the cloud that you would have built on-premises. How to Identify Database engines, file stores, and security appliances installed on compute instances. Better Approach Use higher-order functions and Platform-as-a-Service offerings to reduce infrastructure management.

Anti-pattern 5: Uncontrolled Third Party Access The Problem Third parties have unfettered remote access without constraints or monitoring. How to Identify Look for 'umbilical cords' out of network diagrams to third parties. Better Approach Choose third parties carefully, constrain access with least privilege, and maintain audit trails.

Anti-pattern 6: The Un-patchable System 1 Design for Maintenance Patch in phases without disrupting operations 2 Redundancy Systems remain operational during maintenance 3 Representative Test Systems Build confidence in patching process 4 Regular Patching Schedule Apply updates little and often

Security Anti-Patterns: Key Takeaways Avoid these common pitfalls to improve your security posture. 1 Layered Defences Implement security in layers. Don't rely on a single control. 2 Regular Maintenance Patch systems frequently. Design for maintainability. 3 Least Privilege Limit access for both humans and third-party systems.
Tags
cybersecurity information security security network system design
Categories
Design Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 7
  • Slides 10
  • Age 274 days
Related Slideshows
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf 1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
26 views
EUNITED_Advocacy and Public Engagement through Visual Media 16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
30 views
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx 31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
24 views
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx 36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
27 views
Hinduism and Its History - PowerPoint Slides.pptx 112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
23 views
Service Attributes of Manufactured Parts.pptx 20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
24 views
View More in This Category