A couple of interesting research products have hit the commercial
marketplace. Lumeta (www.lumeta.com) is selling a firewall rule analyzer,
a pseudo-expert system which lets you ask questions about a firewall
ruleset; and a network mapping system which helps find unexpected network
Have folks tried the commercial versions of Lumeta's products? Since both
products are both essentially discovery tools, did people discover
anything they didn't already know? While I would like both the network
discovery and firewall analyzer as part of a toolkit, as stand-alone
tools they seem limited.
If you spend the money, Lumeta's products will tell you either what you
already know, or they'll tell you about stuff you didn't know. But how do
you know ahead of time whether or not you already know how the movie
ends, and its worth the price of the movie ticket?
I did like Bill Cheswick's comments on password aging.
Once upon a time I decided to research the source of the change your
password every N days rule. I tracked it back to the days of 300 baud
modems. When was the last time your changed your 4-digit PIN on your