Re: Check Point FireWall-1 and CCSA

From: Richard H Miller (rick_at_bcm.tmc.edu)
Date: 10/24/03

  • Next message: Johnny Sandaire: "Secure Socket Layer communication for Server/Client C++ Application" 
    Date: 24 Oct 2003 07:21:52 GMT

    Beoweolf (Beoweolf-spam@pacbell.net) wrote:
    : Richard,

    : Just as Checkpoint has embraced OPSEC for partners to create add-ons and
    : products for its installed base, so it should continue to embrace the
    : reality that in today's jobsite, money is still tight, the old school "super
    : techs" have been let go, down-sized or shifted to other positions. The
    : remaining tech are not as free to attend classes as easily as they should,
    : thanks to the "right-sizing" theory. The leaves self study, which requires
    : materials appropriate to different learning styles.

    Almost all of the books are now written to NG. The Boson tends to include
    questions about some of the depricated modules. It does tend to concentrate too
    much on depricated elements [CPMAD] in the CCSE+ test.

    I will try to look at the tests specifically referenced as include AI elements
    and see what might be there

    : As for the point that not much has changed...most, if not all the former
    : proprietary protocols have been removed from NG (starting with FP2).
    : Increased emphasis on VPN, SecurClient/SecuRemote, Bringing VoIP into a more
    : prominent position....looks a lot like more than a patch or bug fix.

    I never said that much had not changed. Many of the major changes did occur
    in FP3. From what I have looked, the incremental changes between FP3 and FP4
    are not so large to make the NG AI test substantially different from the FP3
    test. Trying to understand NG AI based on CP2000 is a stretch.

    : Even the names of modules has changed, (again starting with FP1 and 2), the
    : location of commands, command line syntax, configuration location
    : changes...it's not your fathers Oldsmobile any more. For some people this
    : may seem minor, but for the tech running a 4.1 or 2000 install, who is now
    : tasked with an upgrade to latest and greatest, its a big deal. Worthy of a
    : few sleepless nights and much study. It is a big deal and trying to learn
    : the ends and out using Online help or PDF documentation is like trying to
    : visualize an Elephant, by looking its parts though the wrong end of a
    : telescope. A lot of detail but no overall concept. That is where the
    : "pre-digested" third party manuals can help. They help fit the puzzle
    : together to give you an idea of what the picture will or should look like.

    But again, the orignal point of this thread seems to be the claim that the
    movement to testing based on NG AI was premature [specifically for the CCSA]

    : As much as I am stressing on this issue, do not think I am against
    : Checkpoint, they have a great product and this release is a big step in the
    : right direction.. I just think this release could have used a little more
    : thought, a little more time and lot more coordination with test centers,
    : third party writers, publishers and especially techs.

    But, again, the incremental differences between the FP3 and AI tests [based on
    the description] at the CCSA level tend IMHO, to be minor and the additional knowledge
    requirements added in the AI test can be handled by a combination of the documentation,
    use of the demo mode and the exsiting third party material for NG. Bear in mind that
    this was simply going to be FP4 until they renamed it for AI.

    Howoever, this is supposition on my part. It would be interesting to hear from someone
    who has taken the NG AI CCSA as to how much is 'new' material vs how much is based on
    NG only. In particular, how much of a stretch is it for a person experienced on NG to
    pass the NG AI with the material available. I will try to look at the training material
    for MGMT I on AI and compare it against FP3.

    Now, when we start talking about the CCSE and CCSE+, real substantial differences will
    begin appear. But this is part of the trend that has always been there and is
    become really true for CCSE/CCSE+;this certification is not a paper certification. Unless
    you have real experiance in VPN design and implementation with the product and with the
    distributed module [for CCSE+] you will not pass.

    So, I understand your point but I do disagree that Checkpoint should have waited before kicking
    the CCSA exam up.

    I also do agree that they should have kept the CCSE/CCSE+ for NG available a bit longer. I was
    lucky and was able to register well in advance so that I could take those two for NG and not
    NG AI.

  • Next message: Johnny Sandaire: "Secure Socket Layer communication for Server/Client C++ Application"