RE: SUS server

From: Bill Mote (bill.mote@mem.com)
Date: 04/09/03

  • Next message: Depp, Dennis M.: "RE: SUS server"
    From: "Bill Mote" <bill.mote@mem.com>
    To: <focus-ms@securityfocus.com>
    Date: Wed, 9 Apr 2003 14:47:50 -0400
    
    

    Where in my network should I place the SUS server? It seems to me the
    logical place would be the DMZ as I want to use this server to patch my
    workstations, laptops, and my servers.

    Everything inside my network can talk to the DMZ, but the inverse is not
    true. The DMZ can only talk to the DB network on the DB protocol. Neither
    the DMZ nor the DB network can talk to our internal LAN at all. The DB
    network and the LAN can talk to machines in the DMZ though.

    BM

    -----Original Message-----
    From: Brian W. Spolarich [mailto:bspolarich@nephrostherapeutics.com]
    Sent: Monday, April 07, 2003 2:31 PM
    To: Thane Walkup; focus-ms@securityfocus.com
    Subject: RE: SUS server

    Thane Walkup wrote:
    > One VERY good reason not to run SP3 is possible HIPAA and 21CFR11
    > regulation issues - since the license for SP3 technically gives
    > Microsoft unfettered access to your PC, any company under those
    > regulations could be in violation of those regulations.
    >
    > This affects just about any medical facility.

      One can configure the SUS client to point at an internal SUS server via
    Active Directory GPOs. I suspect that if you point it at a non-functional
    URL the auto-update component will essentially be disabled, and it may be
    possible to disable it completely via GPO (haven't looked).

      -bws

    <b>
    ----------------------------------------------------------------------
    Block Spam, Smut & Viruses
    SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
    technology including filtering embedded and attached file content. Rid your
    enterprise of unwanted content.
    http://www.securityfocus.com/SurfControl-focus-ms2
    Download your free fully functional trial, complete with 30-days of free
    technical support.
    ----------------------------------------------------------------------
    </b>

    ----------------------------------------------------------------------
    Block Spam, Smut & Viruses
    SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
    technology including filtering embedded and attached file content. Rid your
    enterprise of unwanted content.
    http://www.securityfocus.com/SurfControl-focus-ms2
    Download your free fully functional trial, complete with 30-days of free
    technical support.
    ----------------------------------------------------------------------


  • Next message: Depp, Dennis M.: "RE: SUS server"

    Relevant Pages

    • RE: SUS server
      ... Where in my network should I place the SUS server? ... Everything inside my network can talk to the DMZ, ... SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of ...
      (Focus-Microsoft)
    • RE: SUS server
      ... My problem, however, is not with talking to my DMZ; ... Nor can my dB network talk "in" to my network. ... Is your fear that the SUS server on the DMZ could be compromised and thus ... SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of ...
      (Focus-Microsoft)
    • RE: SUS server
      ... Dennis ... My problem, however, is not with talking to my DMZ; it's letting my DMZ talk anywhere else. ... Is your fear that the SUS server on the DMZ could be compromised and thus provide bad patches? ... SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of technology including filtering embedded and attached file content. ...
      (Focus-Microsoft)
    • Re: [fw-wiz] Rationale of the great DMZ
      ... >DMZ and its implied security has changed. ... Network activity wouldn't ... >necessarily begin from the DMZ and be tunneled in to the internal network. ... >Commonly SSL accelerators terminate the SSL end point prior to the ...
      (Firewall-Wizards)
    • Re: Firewall and DMZ topology
      ... attacker cannot spread his influence across the network. ... If the DMZ resides between the public Internet and the ... Should the DMZ be behind the LAN and not split off at the firewall, ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)