Checkpoint FireWall-1 has become one of the top firewall software products in the industry. There are many reasons for its predominance. It was the first commercial
firewall on the market, but more importantly, the FireWall-1 GUI and its ease of use impressed corporate CIO's.
Although FireWall-1 is easy to use, some users face difficulty in configuring the product correctly and appropriately. In fact, one of the biggest dangers of a firewall is that it can
provide a false sense of security; if not properly configured, a firewall may have so many holes that it actually functions as nothing more than a router. Firewall expert Marcus
Ranum notes that, "...eventually, if enough data is going back and forth through your firewall, it is no longer a firewall -- it is a router."
Many times, firewall administrators are hired not because of their expertise in information security, but because they know network and systems administration quite
well. Many FireWall-1 administrators start with zero experience and knowledge. This is good from a job security and training perspective, but terrible from a security perspective.
Despite the proliferation and ubiquitous nature of FireWall-1 over the past decade, it is only in the last few months that any worthwhile books on FireWall-1 have become
available. One of the best is Essential Checkpoint Firewall-1: An Installation, Configuration, and Troubleshooting Guide by Dameon Welch-Abernathy. Welch-
Abernathy maintains a Web site, ..., which contains information on anything and everything related to FireWall-1. In fact, many FireWall-1 administrators have
... bookmarked as their prime site for FireWall-1 information, even before the Check Point support site.
Although the documentation that comes with FireWall-1 is quite good, Essential Checkpoint Firewall-1 often surpasses it. This is what makes Welch-Abernathy known as
the man for FireWall-1. Even Nir Zuk, who was a principal engineer at Check Point, stated that Welch-Abernathy's knowledge of FireWall-1 in many cases surpassed the
knowledge of Check Point's own engineers.
As its title implies, the book covers the installation, configuration, and troubleshooting of FireWall-1. Whereas the product itself is pretty straightforward to install (except for the
software license information), the real challenge is in the post- installation arena. The book has 14 chapters and, by Chapter 3 (page 34), the book is already into FireWall-
1. Other books often include up to 100 pages of filler on topics such as computer secrity, cryptography, threats, etc., and don't get to the main subject until half way through the
book. Chapter 4 of this book provides a thorough overview of how to build a rulebase. The chapter describes the various fields and objects that need to be created for the
firewall to be effective. Although the simplicity of the Check Point GUI is obvious, the definition of names, network objects, and so forth, must be carefully planned -- especially
for rollouts of FireWall-1 in large enterprise environments.
Chapter 8 provides an excellent overview of content security. FireWall-1 is built on its patented Stateful Inspection capabilities, but it has other security facilities including CVP
(Content Vectoring Protocol), UFP (URL Filtering Protocol), and others. The chapter describes much of the secondary content protection capabilities of FireWall-1. Such
capabilities are crucial in light of the volume of information that passes through corporate firewalls (including streaming media, email, files, Java, etc.).
Essential Checkpoint Firewall-1 covers all the crucial topics that any FireWall-1 administrator needs to know. From authentication, VPN, logging, high availability, and
more, it is all there. This is what makes Essential Checkpoint Firewall-1 the book of choice for FireWall-1.