Re: Checkpoint Question

[Antonomasia <ant () notatla demon co uk>]

Neal,

> Is it possible to install a Checkpoint firwall w/o formal training?  If
> so, what are some of the resources like books, etc that can be used to
> do it right the first time.
> Any kind of help will be highly appreciated.

I'm sure practically anything _can_ be installed without formal training
but not necessarily to best effect.

One book I heartily deprecate is
   "Checkpoint Firewall-1 Administration Guide"
   Marcus Goncalves & Steven Brown
   McGraw Hill
   ISBN 0-07-134229-X

This book is highly repetitive.  For example half of p34 is half of p26
repeated with the odd word changed.  IMO people writing for an intelligent
readers should expect them to be capable of noticing this.  It also reads
at times like an advert.  Does an admin guide need to refer to
"unique, patented" aspects of the system ?

There are also sufficient detectable errors that my confidence in the
material new to me is rather low.

Chapter 1 has an example (p 3,4 fig 1.2) where the text and figure do not
obviously match.  The text says this shows NAT, but the diagram looks as
if it were intended to show a need for anti-spoof ingress filtering.

P6 says about firewalling ftp "... port 20 on the internal network machines
is still available to probes" in an apparent confusion of source and
destination ports.

They seem to have MD4 and RC4 confused (on pages 160,164,165).  But I only
know that after looking it up in the index.  I haven't read beyond p46.
Contrast TCP/IP Illustrated where I intend to read every word.

I've cc'd the address the author gives in the introduction in case he
wants to respond to these criticisms.   I also have "Firewalls Complete"
by the same author but have not looked at that yet.

--
##############################################################
# Antonomasia   ant () notatla demon co uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################