Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Configuring Juniper NetScreen & SSG Firewalls

Posted by samzenpus on Wednesday April 09, @12:34PM
from the read-all-about-it dept.
r3lody writes "Configuring Juniper Networks NetScreen & SSG Firewalls (CJNNSF), written and edited by Rob Cameron of Juniper, is an ambitious attempt to provide a comprehensive approach to configuring Juniper’s flagship line of firewall appliances. Unfortunately there are a large number of errors in the presentation that distract and detract from its mission. CJNNSF is Rob Cameron’s second book. Helping him are six contributing writers: Matthew Albers and Mike Swarm of Juniper, and security consultants Ralph Bonnell, Mohan Krishnamurthy Madwacher, Brad Woodberg, and Neil R. Wyler. Collectively they have produced a book with a lot of in-depth information that will prove extremely useful to anyone working with Juniper devices. It suffers from an apparent lack of proper editorial oversight. Numerous examples exist of inconsistent styles, bad grammar, notes to other authors that were inadvertently left in, etc. Nonetheless, the actual content still makes this book worthwhile." Read below for the rest of Ray's review.
Configuring Juniper& Networks NetScreen& & SSG Firewalls
author Rob Cameron (Editor)
pages 745
publisher Syngress
rating 5/10
reviewer Ray Lodato
ISBN 1597491187
summary Provides fairly complete configuration details, but needs a lot of cosmetic improvement.


The progression through the book is well thought out and builds nicely from previous chapters. Each chapter starts with its own introduction, and ends with a summary, a “fast-track” bulleted list of highlights, and a small FAQs section.

Throughout much of the book, the reader is presented with a set of amateurish figures and tables. While the content is there, the presentation is reminiscent of high-school papers. I found myself wondering why the publisher didn't spend more time cleaning up the book to provide a more finished look. Another item that shows a lack of editorial oversight was the inclusion of a note from one author to another that was apparently left in the text by mistake (see the Solutions Fast Track at the end of chapter 5 to see what I mean). I was amused to see this exchange carried over to the duplication of the book online on the Books24x7 website.

I was upset to see some inaccuracies in the text. One key example is mistaking the TCP sequence number as a packet counter instead of a byte counter. When I read that, I began to mistrust the accuracy of the rest of the book. Thankfully, the Juniper-specific information appears accurate. A more in-depth technical review should have caught such an obvious error.

While Chapter 2 provides valuable information comparing the various models of the NetScreen and SSG/ISG series of security devices, I did have a problem with the formatting of the tables. There are a few cases where I had to look at a table a few times before I realized that information wrapped from the last column back into the first. I also took exception to one statement in particular: ScreenOS is more secure than open source operating systems because the general public cannot inspect the source code for vulnerabilities. Huh? Isn’t one of the reasons why open source is so secure is that many eyes have been able to review it and refine it?

There are three ways to manage Juniper devices: the CLI, the WebUI, and NSM (NetScreen Security Manager). While NSM makes the most sense in an enterprise rollout, the book declared it outside its scope. This does limit the usefulness of the book a little, but much of the WebUI detail is replicated in the NSM, so you may not be missing too much.

Later chapters in the book do dig into most of the capabilities of the Junipers, with examples detailed enough to help you understand how to apply it to your own uses. Policy configuration, attack detection and defense, high availability and virtual systems all have their own detailed chapters. Each chapter provides a wealth of information, once you ignore the amateurish styling.

Overall, you can find most of what you would need to know to choose, configure, and manage Juniper firewalls after reading this book. Unfortunately, you will also find many confusing examples, tables, and formatting inconsistencies. So many times I found myself thinking that my high-schooler would have done a better job laying out this book and making sure the reader wasn’t disturbed by the overall look. Despite that, the actual content does make this worthwhile if you need to understand the Juniper line of devices. I just hope that Syngress and the authors will correct these problems and release a second edition of the book.

You can purchase Configuring Juniper& Networks NetScreen& & SSG Firewalls from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Configuring Juniper NetScreen & SSG Firewalls More | Login | Reply
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Please Log In to ContinueClose 25 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.

  • Working for a Juniper reseller (Score:3, Insightful)

    by Anonymous Coward on Wednesday April 09, @12:49PM (#23014352)
    And being tossed this book as my introduction to the topic, I have to agree with this assessment. Juniper's are great firewalls, but this book leaves much to be desired.

    (posted anon to avoid the wrath of my coworkers! ;)
    • Since we read teh book too, we sorta, kinda, maybe understand how to capture your traffic and identify you....
    • What do you expect? It's a vendor-written book. Most vendor-written books are packed with excellent technical information, but very poor presentation and bad editing.

      Case in point: Anything from Microsoft Press. *ducks*
  • Why does it feel like the NAS/SAN startups are going to be the next round of layoffs, following AMD & Freescale.
    • How is this comment relevant to a book on firewalls?

      • Re: (Score:3, Funny)

        by MrNaz (730548) *
        Why Freescale? Because I heard their employees spend too much time reading Slashdot. I was unable to find someone to corroborate this story though.

  • Published in 2006? (Score:3, Informative)

    by gatekeep (122108) on Wednesday April 09, @01:18PM (#23014664)
    Is there a new edition of this book out or something? That ISBN dates to 2006 - an eternity in the world of security devices.
  • Personally, I have yet to find a good book on Juniper Firewalls, this one included. the only saving grace is that the Netscreen documentation provided by Juniper is excellent, a bit technical for someone just getting familiar with firewalls, but perfect f
    • Fully agreed. I used this book as a jumpstart for some of the more obscure functions of the Netscreen firewalls last year. Generally speaking a firewall is a firewall and the GUI is enough to get going. However, there are enough things not exposed (or n
  • You couldn't *pick* a better name than that....

    Picture him playing 'bop-the-gopher' at the next local Fair :-)
  • This article couldn't have better timing as I just inherited around 110 Juniper firewalls today.

    • This article couldn't have better timing as I just inherited around 110 Juniper firewalls today.
      Wow. Most people just have mutual funds in their retirement accounts.
  • Two hours later. 18 posts. Not the most popular slashdot story of all time is it? Editors, you've done it again!
    • That goes to show you that there aren't a whole lot slashdot readers knowledgable enough to comment on this matter. And as much as this sounds like a troll, in other topics there might be more comments but that doesn't necessarily mean more knowledgable pe
      • There's a difference in having enough knowledge of the article and the article istelf being interesting enough to comment on.
        • Yeah I agree with you. Reading back, my comment sounded a little pompous. What I really wanted to say is that when I sometimes intimitely know a subject, I'm amazed that half of the +5 comments are vague speculations, half-thruths or even plain wrong... :-
  • ...Keeping monsters out of your network. Great! Oh wait.... Thats on Cartoon Network...
  • I haven't read this one yet, but the ScreenOS Cookbook is amazing. I've worked closely with a couple of the authors, and they've taken a very pragmatic, recipie approach to configuring Netscreen firewalls. This book is is very concise with numerous real-wo
    • This one popped up on my Amazon "recommended" list. I'll definitely be snagging it; the reviews look great.

  • This sucks. (Score:3, Insightful)

    by lullabud (679893) on Thursday April 10, @01:26AM (#23021198) Homepage
    The Juniper manuals are about the worst I've ever read, with very confusing examples. That this book has confusing examples too is really frustrating. I absolutely *love* Juniper firewalls for the features I understand, but the problem is that they are very difficult to understand when the manuals suck. Bleh.

    At least the SSG VPN's were easy to figure out.
    • So, do you (or anyone) have alternative recommendations for firewall appliances?

      • A few years ago, I was responsible for approximately 120 Netscreen firewalls. We had about 115 Netscreen 5xt's, 2 x 208's and 3 x 204's.

        I found them to be pretty good overall. They are far faster than comparably priced Cisco kit, and the few times that


      • Crappy?

        I've worked with Cisco PIX, Shiva Lanrover VPN devices, and Checkpoint firewalls. Of the bunch Juniper is the most powerfull and easiest to implement.

        Granted, I started working with the Juniper firewalls on the SSG-520 platform running version 5.4
    • Actually, their hardware/software is outstanding. But I agree. Their documentation is crap.
    • AC posting with no specifics. Lame troll.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2008 SourceForge, Inc.