nanog mailing list archives
Re: Whitelist of update servers
From: Paul Graydon <paul () paulgraydon co uk>
Date: Mon, 12 Mar 2012 11:03:22 -1000
On 03/12/2012 10:53 AM, William Herrin wrote:
But there are ways of doing that, such as Windows Software Update Services, and a little bit of policy enforcement from a centralised place. That gives you a centralised, controlled place to push updates out from without risking the machines going off to the internet to get them themselves (and an opportunity to try limited roll-out just in case.)On Mon, Mar 12, 2012 at 4:40 PM, Peter Kristolaitis<alter3d () alter3d ca> wrote:On 12-03-12 04:34 PM, Maverick wrote:Like list of sites that operating systems or applications installed on your machines go to update themselves. One way could be to go on each vendors site and look at their update servers like microsoft.update.com but it would be good if there is a list of such servers for all OS and applications so that it could be used as a whitelist.I'm trying to determine if this is supposed to be an exercise in "How To Annoy Your Sysadmins" or "How To Do Network Security The Really, Really Wrong Way" or some combination of the two....Pete, There are scenarios in which it is completely reasonable to provide white listed Web access instead of general Internet access. Consider: PCs in a prison with access to legal library and off-site education web sites. It would be helpful if they could also access automatic updates so they don't get malware but God help the sysadmin if one of the prisoners figures out how to get to child porn.
For that matter if it's necessary to be talking about blacklisting/whitelisting sites under such conditions as PCs in a prison you're really better off just paying for something like a Websense to take care of it.
Paul
Current thread:
- Whitelist of update servers Maverick (Mar 12)
- Re: Whitelist of update servers -Hammer- (Mar 12)
- Re: Whitelist of update servers Paul Graydon (Mar 12)
- Re: Whitelist of update servers Keegan Holley (Mar 12)
- Re: Whitelist of update servers Maverick (Mar 12)
- Re: Whitelist of update servers Keegan Holley (Mar 12)
- Re: Whitelist of update servers Peter Kristolaitis (Mar 12)
- Re: Whitelist of update servers William Herrin (Mar 12)
- Re: Whitelist of update servers Peter Kristolaitis (Mar 12)
- Re: Whitelist of update servers Paul Graydon (Mar 12)
- Re: Whitelist of update servers Maverick (Mar 12)
- Re: Whitelist of update servers Randy Bush (Mar 12)
- Re: Whitelist of update servers Jeff Kell (Mar 12)