Firewall Wizards mailing list archives

RE: Checkpoint Question

From: Marcus Goncalves <Goncalves () arcweb com>
Date: Fri, 21 Apr 2000 10:05:47 -0400

 Thanks for your constructive feedback.  Indeed we've noticed such errors,
which some I take ownership for it, others were beyond my control.  The book
was revised to address these issues and another one with the CD, which did
not bring the white papers and there was a typo stating the CD had an eval
of FireWall-1, whereas you probably know, Check Point does not provide.
What the CD has is an eval of Flood-Gate-1.  You probably have an early
version of the book.

Anyhow, I appreciate your comments, especially as far as repetition, as I'll
make sure to improve.

Thanks again, and best regards,

Marcus Goncalves

-----Original Message-----
From: Antonomasia
To: firewall-wizards () nfr net; sachdev_neal () bah com
Cc: goncalves () arcweb com
Sent: 04/19/2000 6:55 AM
Subject: Re: [fw-wiz] Checkpoint Question

Neal,

Is it possible to install a Checkpoint firwall w/o formal training?

If

so, what are some of the resources like books, etc that can be used to
do it right the first time.
Any kind of help will be highly appreciated.


I'm sure practically anything _can_ be installed without formal training
but not necessarily to best effect.

One book I heartily deprecate is
   "Checkpoint Firewall-1 Administration Guide"
   Marcus Goncalves & Steven Brown
   McGraw Hill
   ISBN 0-07-134229-X

This book is highly repetitive.  For example half of p34 is half of p26
repeated with the odd word changed.  IMO people writing for an
intelligent
readers should expect them to be capable of noticing this.  It also
reads
at times like an advert.  Does an admin guide need to refer to
"unique, patented" aspects of the system ?

There are also sufficient detectable errors that my confidence in the
material new to me is rather low.

Chapter 1 has an example (p 3,4 fig 1.2) where the text and figure do
not
obviously match.  The text says this shows NAT, but the diagram looks as
if it were intended to show a need for anti-spoof ingress filtering.

P6 says about firewalling ftp "... port 20 on the internal network
machines
is still available to probes" in an apparent confusion of source and
destination ports.

They seem to have MD4 and RC4 confused (on pages 160,164,165).  But I
only
know that after looking it up in the index.  I haven't read beyond p46.
Contrast TCP/IP Illustrated where I intend to read every word.

I've cc'd the address the author gives in the introduction in case he
wants to respond to these criticisms.   I also have "Firewalls Complete"
by the same author but have not looked at that yet.

--
##############################################################
# Antonomasia   ant () notatla demon co uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

Current thread:

RE: Checkpoint Question, (continued)
- RE: Checkpoint Question Chris Dinsmore (Apr 19)
- Re: Checkpoint Question Aaron Turner (Apr 19)
- RE: Checkpoint Question Robert Lupo (Apr 20)
- Re: Checkpoint Question Joe Matusiewicz (Apr 20)
- Re: Checkpoint Question Ejovi Nuwere (Apr 20)
- RE: Checkpoint Question Dom De Vitto (Apr 20)
- Re: Checkpoint Question Antonomasia (Apr 20)
- Re: Checkpoint Question Rogue Bolo (Apr 20)
- RE: Checkpoint Question Cannella, Michael (ISS Southfield) (Apr 21)
  - RE: Checkpoint Question hermit1 (Apr 26)
- RE: Checkpoint Question Marcus Goncalves (Apr 24)
- RE: Checkpoint Question Oxenreider, Jeff (Apr 27)