Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Book Reviews Books Media

Configuring Juniper NetScreen & SSG Firewalls 35

r3lody writes "Configuring Juniper Networks NetScreen & SSG Firewalls (CJNNSF), written and edited by Rob Cameron of Juniper, is an ambitious attempt to provide a comprehensive approach to configuring Juniper’s flagship line of firewall appliances. Unfortunately there are a large number of errors in the presentation that distract and detract from its mission. CJNNSF is Rob Cameron’s second book. Helping him are six contributing writers: Matthew Albers and Mike Swarm of Juniper, and security consultants Ralph Bonnell, Mohan Krishnamurthy Madwacher, Brad Woodberg, and Neil R. Wyler. Collectively they have produced a book with a lot of in-depth information that will prove extremely useful to anyone working with Juniper devices. It suffers from an apparent lack of proper editorial oversight. Numerous examples exist of inconsistent styles, bad grammar, notes to other authors that were inadvertently left in, etc. Nonetheless, the actual content still makes this book worthwhile." Read below for the rest of Ray's review.
Configuring Juniper& Networks NetScreen& & SSG Firewalls
author Rob Cameron (Editor)
pages 745
publisher Syngress
rating 5/10
reviewer Ray Lodato
ISBN 1597491187
summary Provides fairly complete configuration details, but needs a lot of cosmetic improvement.


The progression through the book is well thought out and builds nicely from previous chapters. Each chapter starts with its own introduction, and ends with a summary, a “fast-track” bulleted list of highlights, and a small FAQs section.

Throughout much of the book, the reader is presented with a set of amateurish figures and tables. While the content is there, the presentation is reminiscent of high-school papers. I found myself wondering why the publisher didn't spend more time cleaning up the book to provide a more finished look. Another item that shows a lack of editorial oversight was the inclusion of a note from one author to another that was apparently left in the text by mistake (see the Solutions Fast Track at the end of chapter 5 to see what I mean). I was amused to see this exchange carried over to the duplication of the book online on the Books24x7 website.

I was upset to see some inaccuracies in the text. One key example is mistaking the TCP sequence number as a packet counter instead of a byte counter. When I read that, I began to mistrust the accuracy of the rest of the book. Thankfully, the Juniper-specific information appears accurate. A more in-depth technical review should have caught such an obvious error.

While Chapter 2 provides valuable information comparing the various models of the NetScreen and SSG/ISG series of security devices, I did have a problem with the formatting of the tables. There are a few cases where I had to look at a table a few times before I realized that information wrapped from the last column back into the first. I also took exception to one statement in particular: ScreenOS is more secure than open source operating systems because the general public cannot inspect the source code for vulnerabilities. Huh? Isn’t one of the reasons why open source is so secure is that many eyes have been able to review it and refine it?

There are three ways to manage Juniper devices: the CLI, the WebUI, and NSM (NetScreen Security Manager). While NSM makes the most sense in an enterprise rollout, the book declared it outside its scope. This does limit the usefulness of the book a little, but much of the WebUI detail is replicated in the NSM, so you may not be missing too much.

Later chapters in the book do dig into most of the capabilities of the Junipers, with examples detailed enough to help you understand how to apply it to your own uses. Policy configuration, attack detection and defense, high availability and virtual systems all have their own detailed chapters. Each chapter provides a wealth of information, once you ignore the amateurish styling.

Overall, you can find most of what you would need to know to choose, configure, and manage Juniper firewalls after reading this book. Unfortunately, you will also find many confusing examples, tables, and formatting inconsistencies. So many times I found myself thinking that my high-schooler would have done a better job laying out this book and making sure the reader wasn’t disturbed by the overall look. Despite that, the actual content does make this worthwhile if you need to understand the Juniper line of devices. I just hope that Syngress and the authors will correct these problems and release a second edition of the book.

You can purchase Configuring Juniper& Networks NetScreen& & SSG Firewalls from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
This discussion has been archived. No new comments can be posted.

Configuring Juniper NetScreen & SSG Firewalls

Comments Filter:
  • by Anonymous Coward on Wednesday April 09, 2008 @11:49AM (#23014352)
    And being tossed this book as my introduction to the topic, I have to agree with this assessment. Juniper's are great firewalls, but this book leaves much to be desired.

    (posted anon to avoid the wrath of my coworkers! ;)
    • Since we read teh book too, we sorta, kinda, maybe understand how to capture your traffic and identify you....
    • What do you expect? It's a vendor-written book. Most vendor-written books are packed with excellent technical information, but very poor presentation and bad editing.

      Case in point: Anything from Microsoft Press. *ducks*
  • Why does it feel like the NAS/SAN startups are going to be the next round of layoffs, following AMD & Freescale.
    • How is this comment relevant to a book on firewalls?
  • Published in 2006? (Score:3, Informative)

    by gatekeep ( 122108 ) on Wednesday April 09, 2008 @12:18PM (#23014664)
    Is there a new edition of this book out or something? That ISBN dates to 2006 - an eternity in the world of security devices.
  • Personally, I have yet to find a good book on Juniper Firewalls, this one included. the only saving grace is that the Netscreen documentation provided by Juniper is excellent, a bit technical for someone just getting familiar with firewalls, but perfect for senior network professionals.

    David

    • Fully agreed. I used this book as a jumpstart for some of the more obscure functions of the Netscreen firewalls last year. Generally speaking a firewall is a firewall and the GUI is enough to get going. However, there are enough things not exposed (or not intuitively exposed) in the Netscreen GUI to make really digging into the CLI worthwhile. This book helped some with that.

      The basic errors in language and presentation, however, detract significantly from the overall experience. I would recommend this
  • You couldn't *pick* a better name than that....

    Picture him playing 'bop-the-gopher' at the next local Fair :-)
  • This article couldn't have better timing as I just inherited around 110 Juniper firewalls today.
    • This article couldn't have better timing as I just inherited around 110 Juniper firewalls today.
      Wow. Most people just have mutual funds in their retirement accounts.
  • Two hours later. 18 posts. Not the most popular slashdot story of all time is it? Editors, you've done it again!
    • That goes to show you that there aren't a whole lot slashdot readers knowledgable enough to comment on this matter. And as much as this sounds like a troll, in other topics there might be more comments but that doesn't necessarily mean more knowledgable people, just more people thinking it's worth chiming in.
      • There's a difference in having enough knowledge of the article and the article istelf being interesting enough to comment on.
        • Yeah I agree with you. Reading back, my comment sounded a little pompous. What I really wanted to say is that when I sometimes intimitely know a subject, I'm amazed that half of the +5 comments are vague speculations, half-thruths or even plain wrong... :-/
  • ...Keeping monsters out of your network. Great! Oh wait.... Thats on Cartoon Network...
  • I haven't read this one yet, but the ScreenOS Cookbook is amazing. I've worked closely with a couple of the authors, and they've taken a very pragmatic, recipie approach to configuring Netscreen firewalls. This book is is very concise with numerous real-world examples that will certainly apply in many environments.
    • This one popped up on my Amazon "recommended" list. I'll definitely be snagging it; the reviews look great.
  • This sucks. (Score:3, Insightful)

    by lullabud ( 679893 ) on Thursday April 10, 2008 @12:26AM (#23021198)
    The Juniper manuals are about the worst I've ever read, with very confusing examples. That this book has confusing examples too is really frustrating. I absolutely *love* Juniper firewalls for the features I understand, but the problem is that they are very difficult to understand when the manuals suck. Bleh.

    At least the SSG VPN's were easy to figure out.

Only great masters of style can succeed in being obtuse. -- Oscar Wilde Most UNIX programmers are great masters of style. -- The Unnamed Usenetter

Working...