nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Whitelist of update servers

From: William Herrin <bill () herrin us>
Date: Mon, 12 Mar 2012 16:53:26 -0400
On Mon, Mar 12, 2012 at 4:40 PM, Peter Kristolaitis <alter3d () alter3d ca> wrote:

On 12-03-12 04:34 PM, Maverick wrote:

Like list of sites that operating systems or applications installed on
your machines go to update themselves. One way could be to go on each
vendors site and look at their update servers like
microsoft.update.com but it would be good if there is a list of such
servers for all OS and applications so that it could be used as a
whitelist.



I'm trying to determine if this is supposed to be an exercise in
   "How To Annoy Your Sysadmins"
or
   "How To Do Network Security The Really, Really Wrong Way"
or some combination of the two....


Pete,

There are scenarios in which it is completely reasonable to provide
white listed Web access instead of general Internet access. Consider:
PCs in a prison with access to legal library and off-site education
web sites. It would be helpful if they could also access automatic
updates so they don't get malware but God help the sysadmin if one of
the prisoners figures out how to get to child porn.

That having been said, this is almost certainly the wrong mailing list
to ask. It just isn't the kind of work we do here.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
Previous By Date Next
Previous By Thread Next

Current thread: