Network expert tip: You’d be better off not putting these three Easter eggs in your basket.
Documentation sets out how a network environment was originally planned; however, the actual state of systems that have grown over the years often tells a different story. Here are three tips from the UMB network experts to help you avoid such issues in your network.
Many network problems do not arise from poor technology, but from legacy structures and pragmatic decisions made in the past. Typical examples include flat networks with no clear separation between Operational Technology (OT) and Information Technology (IT), a lack of transparency regarding OT systems, firewall rules that were introduced as temporary workarounds, and infrastructure that is being operated well beyond its lifecycle. During a network analysis for an industrial client, we encountered precisely such legacy structures: IT and OT networks were not separated, the network had a flat architecture, a separate OT network belonging to a manufacturer was not documented at all, and several devices were already at end-of-life (EOL) with outdated software. Such situations are by no means unusual – networks grow over the years, new systems are integrated, projects are added, and not every architectural decision is subsequently re-examined.
Tip 1: Unknown OT devices – lack of visibility
In many companies, traditional IT is relatively well inventoried. Servers, clients, network devices and cloud resources are recorded in asset management systems, monitoring tools or Configuration Management Databases (CMDBs). In the OT sector, however, the situation is often different. Production facilities, control systems, Programmable Logic Controllers (PLCs) and industrial PCs remain in operation for many years. New machines are added, existing systems are expanded or modernised – yet network documentation is not always consistently updated. As a result, it remains unclear which OT systems are actually on the network, which devices communicate with which systems, which components are critical to production, and where outdated operating systems and insecure protocols are running. Without sufficient OT visibility, the network quickly becomes a black box. Security risks remain undetected and proper segmentation becomes difficult. In the industrial environment in particular, transparency regarding OT systems is now a central component of modern security strategies. A structured approach to asset discovery and network monitoring can already make a big difference here.
Tip 2: Don’t open ports temporarily and forget about them
Another pattern found in many networks: An application isn’t working, or a supplier needs access to a system. The quick fix is often: ‘Let’s just open the port for a bit.’ The problem is that temporary firewall rules rarely remain temporary. Even at our industrial client’s site, we found firewalls with open ports where nobody could remember exactly why they were there. The documentation was sometimes incomplete or long out of date. Such situations often arise almost automatically – due to new applications, supplier access or projects. Every change leaves behind an additional rule. Over time, this leads to confusing rule sets, unnecessarily open ports, a lack of traceability and increased security risks. As part of the operational handover, we systematically reviewed the firewall rules, removed those no longer required and restructured the policies. The result was a significantly clearer and more secure firewall configuration. A simple principle often helps here: every firewall rule should have a clearly documented purpose, an owner and, ideally, a review date.
Tip 3: Do not operate infrastructure for too long
Another point that caught our attention: network devices are already at end-of-life (EOL) or are running significantly outdated software versions. In many organisations, infrastructure is kept running for as long as it technically works. For budgetary or prioritisation reasons, replacement is repeatedly postponed. However, the risks increase over time: there are no longer any security updates from the manufacturer, support is limited or non-existent, hardware failures become more likely, and modern network or security features are missing. Structured lifecycle management is particularly worthwhile in the network sector to avoid such situations at an early stage.
Improvement starts with a thorough assessment
Modern networks must do more than just work. They must also be transparent, secure and sustainable in the long term. And sometimes, improvement simply begins with a thorough assessment. UMB AG can support you in this. Together with our leading-edge partners, we ensure a high-performance network that operates to the highest security standards. We are not just network specialists; we can manage your entire infrastructure. Our holistic understanding of IT ensures that everything works in harmony. With our network services, we analyse your current network and security setup and identify the right technology and design for your business. Get in touch!
