Educause Security Discussion mailing list archives
Re: Windows Updates and Cisco Clean Access
From: "Franklin, Elliott" <franklin () TXSTATE EDU>
Date: Thu, 14 Jul 2005 14:13:21 -0500
This is a response from our network lead who implemented CCA a month or so ago: I got tired of trying to keep up with the IP's used for windows update. Using the host names is much better, but even then it's a moving target. Microsoft sometimes adds new sub domains and in the latest version of the update page it's a url under microsoft.com. We are allowing traffic to everything ending in microsoft.com and g.msn.com. That way the updates always work (so far) and students can search for and download patches manually. There are cases when windows update claims that a machine is fully patched but it is still missing something. The helpdesk can tell what's missing from the reports and the student can search for KBxxxx and download and install it manually. Anders Engle Systems Programmer I Texas State University -----Original Message----- From: Flagg, Martin D. [mailto:FlaggMD () HIRAM EDU] Sent: Thursday, July 14, 2005 1:13 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Windows Updates and Cisco Clean Access We are implementing Cisco Clean Access (formally Perfigo). It has gone really well but we keep coming up with problems with Windows Update, it fails because CCA is blocking the IP. When this happens, I use a sniffer and add the new IP address that Microsoft is using and then it works, until they change address's again. Cisco says use the Host setting allowing requests that end in "update.microsoft.com". This does not always work. I am really at a loss because it works for 95% of the machines but I can not afford to have 5% of the students in my office when they get back from the summer. Any Ideas? Martin Flagg Hiram College
Current thread:
- Windows Updates and Cisco Clean Access Flagg, Martin D. (Jul 14)
- <Possible follow-ups>
- Re: Windows Updates and Cisco Clean Access Charlie Prothero (Jul 14)
- Re: Windows Updates and Cisco Clean Access Michael Grinnell (Jul 14)
- Re: Windows Updates and Cisco Clean Access Jim Lawson (Jul 14)
- Re: Windows Updates and Cisco Clean Access Franklin, Elliott (Jul 14)
- Re: Windows Updates and Cisco Clean Access Information Security (Jul 14)
- Re: Windows Updates and Cisco Clean Access Flagg, Martin D. (Jul 15)
- Re: Windows Updates and Cisco Clean Access Lee Weers (Jul 15)
- Re: Windows Updates and Cisco Clean Access Richard Gambrell (Jul 15)
- Re: Windows Updates and Cisco Clean Access Atif Azim (atif) (Jul 15)
- Re: Windows Updates and Cisco Clean Access Mike Wiseman (Jul 18)