Re: Automatic Updates security concern
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 30 Nov 2007 01:20:35 -0700
If you run WSUS then you can use group policy to configure
your machines' autoupdate client to use only your WSUS
servers. If those servers are not configured to support SSL
on tcp 443 then the update clients will be forced to use tcp
80 (in policy you would point them to http://yourWsus not
to https://yourWsus)
"rusga" <only@newsgroup> wrote in message
news:ODi76aqMIHA.6060@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
Is there any way of setting the AU repository so it never uses https (tcp
443) and only uses http (tcp 80)?
Or, it uses only admin allowed update servers?
This might be a bit strange, but on a highly security strict LAN with
content filtering proxy (as in this case), this imposes a security risk
since https doesn't permit content parsing. Meaning that tcp 443 rules
*must* be set at the routers/firewalls and so, default configured http
clients (browsers on out-of-the box installs for instance) end up
rendering
content that they weren't suposed to.
Thank you,
rusga
.
- References:
- Automatic Updates security concern
- From: rusga
- Automatic Updates security concern
- Prev by Date: Re: spam email sender field
- Next by Date: Share Permissions, acting different between Vista and XP
- Previous by thread: Automatic Updates security concern
- Next by thread: Re: spam email sender field
- Index(es):
Relevant Pages
|
Loading
