Andrew Barnes :: Book Review - Essential Check Point FireWall-1 NG
As posted to Amazon.com, below is my review of PhoneBoy's "Essential Check Point FireWall-1 NG"
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=Title: Essential Check Point FireWall-1 NG - An Installation, Configuration, and Troubleshooting Guide
Author: Dameon D. Welch-Abernathy (a.k.a. "PhoneBoy")
ISBN: 0-321-18061-5
Publisher: Addison-Wesley Professional
Where: amazon.com, amazon.co.uk
Pages: 647
Reviewer: Andrew Barnes (andrewbarnes-reviews AT ramsesit DOT com)
Date: 22/02/2004
Rating: 10/10
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Introduction:
-------------
Following on from the success of "Essential Check Point FireWall-1", Dameon Welch-Abernathy (a.k.a. "PhoneBoy") has provided us with a timely update to this already indispensable title in the form of his latest book "Essential Check Point FireWall-1 NG"; especially timely given the End of Service Life of v4.1, and the latest security advisories.
With around 80% new content, this work is a major revision, and once again clearly deserving of its title.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Review:
-------
If not one of the worlds leading independent authorities on the installation, configuration and management of Check Point FireWall-1 products, PhoneBoy would have to be one of the best known. His web site - http://www.phoneboy.com - is a treasure-chest of hints, tips, "FAQs", "how-to's" and "gotcha's". Couple this latest book, with his "well-thumbed" site, and you have at your finger-tips the definitive guide to Check Point FireWall-1 NG.
The first thing you'll notice when you open the book is the size of Table of Contents - including the FAQ list. While this statement might seem out of place in a review of an IT book, it straightaway signifies the volume of knowledge and information that this guide contains. In my opinion, PhoneBoy has recognised that outside of initial installation of Check Point, the next time that most of us go to a book or web site is when there's a problem, or you're about to do something major - like upgrade. This comprehensive, up-front list gives you exactly what you're looking for. And if it isn't in the book - your answers are only a mouse-click away.
Right up front PhoneBoy points out his personal "platform bias", if only from a "pathname convention" perspective - UNIX. The second thing you'll notice in this book is that given his stated bias, PhoneBoy has taken the time and effort to ensure that this book is valid for all deployable platforms. Where appropriate, PhoneBoy has taken a side-step in his rhythm to pay particular attention to a platform-specific (or other significant) point.
Each chapter in this book begins with a list of expectations a reader can expect from reading the chapter, and finishes with a summary. Especially in the more advanced chapters, PhoneBoy has also included sample configurations, FAQs, and/or troubleshooting guides. It would be my view that he has achieved the goal of each chapter with flying colors.
One of the main drawing-points of this book is that the target audience could be anyone from a beginner to an experienced Check Point FireWall-1 NG Administrator. It starts from the basic items such as basic installation and configuration of FW-1/NG through to the more advanced topics of HA/Clustering, VPNs, and INSPECT (a programming language for Check Point's Stateful Inspection engine in FireWall-1).
The level of detail undertaken by PhoneBoy, for almost every menu, dialog box, option available, is superb. It is what makes "Essential Check Point FireWall-1 NG"... *ahem*... essential, for every FW-1/NG Administrator. It's always going to be the little things that make or break a change, and with every option now explained for you in a clear easy-to-understand manner, you.re understanding of the impact your change is about to make is made that much clearer.
Ironically, the one thing that *some* might find frustrating is in fact this level of detail. This is more of a problem for someone looking for information on a specific value, option, issue, etc. As is the nature of such a detailed resource in its hardcopy form, without the benefit of a search-engine it may sometimes take that little longer to find the specific information you're looking for. But hey, isn't that what the contents and index are for!
While I shouldn't have been surprised, it was nice to see that the very last page in the book was a link to Informit's online service. With any luck, one day we may even see PhoneBoy's book online too.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Summary:
--------
They say that the best way to learn is from your mistakes, but with "Essential Check Point FireWall-1 NG" by your side, you can hopefully save yourself the time, effort and embarrassment by drawing on PhoneBoy.s 8 years of experience and knowledge.
If it's "the detail maketh the book", then "'Essential Check Point FireWall-1 NG' maketh the firewall". As reference books go, if you're planning to, or already are, administering FW-1/NG, then this book is your first (if not last) port of call. Its clear, comprehensive content, supplemented by PhoneBoy's web site, makes it a definitive "must-have" guide.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
