On 12-03-12 04:53 PM, William Herrin wrote:
On Mon, Mar 12, 2012 at 4:40 PM, Peter Kristolaitis<alter3d@alter3d.ca> wrote:
On 12-03-12 04:34 PM, Maverick wrote:
Like list of sites that operating systems or applications installed on your machines go to update themselves. One way could be to go on each vendors site and look at their update servers like microsoft.update.com but it would be good if there is a list of such servers for all OS and applications so that it could be used as a whitelist. I'm trying to determine if this is supposed to be an exercise in "How To Annoy Your Sysadmins" or "How To Do Network Security The Really, Really Wrong Way" or some combination of the two.... Pete,
There are scenarios in which it is completely reasonable to provide white listed Web access instead of general Internet access. Consider: PCs in a prison with access to legal library and off-site education web sites. It would be helpful if they could also access automatic updates so they don't get malware but God help the sysadmin if one of the prisoners figures out how to get to child porn.
That having been said, this is almost certainly the wrong mailing list to ask. It just isn't the kind of work we do here.
Regards, Bill Herrin
In my experience, if you're dealing with a locked down environment like that, one or both of the following will be true: - The users won't have sufficient privileges on the workstation to apply updates anyways - Software updates and configuration changes are managed centrally I agree that there are situations where whitelisted Web access might be suitable, but I expect the number of situations where you'd want whitelisted Web access AND ad-hoc software updates AND users to have local admin access on their workstations would be... very low. - Pete