Educause Security Discussion mailing list archives
Re: Windows Updates and Cisco Clean Access
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Mon, 18 Jul 2005 08:44:39 -0400
We ran into the same problem here at UVM when implementing NetReg. There are a list of DNS names by which Microsoft provides access to Windows Update, but they are frequently CNAMEs which point to various ISPs which get rotated. I ended up writing a script which re-generates the list of DNS names and IP addresses that are allowed based upon the result of certain DNS queries. We do this for other sites besides Windows Update, such as Trend Micro's "Housecall" (which helps in cleaning up virus-infected machines in the unregistered subnets.) I'd be happy to share the list of names with you if it would help. I have to admit that I'm kind of surprised that CCA/Perfigo doesn't already do this, though. Jim Lawson Technical Support Group, Computing & Information Technology University of Vermont Burlington, VT USA
We also found the same problem with our NetReg setup. To solve it, we went with 'squid' to filter URLs. Filtered URLs have access to a full services DNS server. So now we can use *.microsoft.com, *.symantec.com, etc. Mike Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of Toronto
Current thread:
- Windows Updates and Cisco Clean Access Flagg, Martin D. (Jul 14)
- <Possible follow-ups>
- Re: Windows Updates and Cisco Clean Access Charlie Prothero (Jul 14)
- Re: Windows Updates and Cisco Clean Access Michael Grinnell (Jul 14)
- Re: Windows Updates and Cisco Clean Access Jim Lawson (Jul 14)
- Re: Windows Updates and Cisco Clean Access Franklin, Elliott (Jul 14)
- Re: Windows Updates and Cisco Clean Access Information Security (Jul 14)
- Re: Windows Updates and Cisco Clean Access Flagg, Martin D. (Jul 15)
- Re: Windows Updates and Cisco Clean Access Lee Weers (Jul 15)
- Re: Windows Updates and Cisco Clean Access Richard Gambrell (Jul 15)
- Re: Windows Updates and Cisco Clean Access Atif Azim (atif) (Jul 15)
- Re: Windows Updates and Cisco Clean Access Mike Wiseman (Jul 18)