Educause Security Discussion mailing list archives
Re: Windows Updates and Cisco Clean Access
From: "Flagg, Martin D." <FlaggMD () HIRAM EDU>
Date: Fri, 15 Jul 2005 10:07:48 -0400
I would love to have a copy of that list. Thanks Marty Martin D. Flagg Network Engineer/Administrator Hiram College PH: 330-569-5376 FAX: 330-569-5462 email: flaggmd () hiram edu - If you lend someone $20, and never see that person again, it was probably worth it. -----Original Message----- From: Jim Lawson [mailto:jtl+educause () UVM EDU] Sent: Thursday, July 14, 2005 2:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows Updates and Cisco Clean Access Martin, We ran into the same problem here at UVM when implementing NetReg. There are a list of DNS names by which Microsoft provides access to Windows Update, but they are frequently CNAMEs which point to various ISPs which get rotated. I ended up writing a script which re-generates the list of DNS names and IP addresses that are allowed based upon the result of certain DNS queries. We do this for other sites besides Windows Update, such as Trend Micro's "Housecall" (which helps in cleaning up virus-infected machines in the unregistered subnets.) I'd be happy to share the list of names with you if it would help. I have to admit that I'm kind of surprised that CCA/Perfigo doesn't already do this, though. Flagg, Martin D. wrote:
We are implementing Cisco Clean Access (formally Perfigo). It has gone really well but we keep coming up with problems with Windows Update, it fails because CCA is blocking the IP. When this happens, I
use a sniffer and add the new IP address that Microsoft is using and then it works, until they change address's again. Cisco says use the Host setting allowing requests that end in "update.microsoft.com". This does not always work. I am really at a loss because it works for 95% of the machines but I can not afford to have 5% of the students in my office when they get back from the summer. Any Ideas? Martin Flagg Hiram College
-- Jim Lawson Technical Support Group, Computing & Information Technology University of Vermont Burlington, VT USA
Current thread:
- Windows Updates and Cisco Clean Access Flagg, Martin D. (Jul 14)
- <Possible follow-ups>
- Re: Windows Updates and Cisco Clean Access Charlie Prothero (Jul 14)
- Re: Windows Updates and Cisco Clean Access Michael Grinnell (Jul 14)
- Re: Windows Updates and Cisco Clean Access Jim Lawson (Jul 14)
- Re: Windows Updates and Cisco Clean Access Franklin, Elliott (Jul 14)
- Re: Windows Updates and Cisco Clean Access Information Security (Jul 14)
- Re: Windows Updates and Cisco Clean Access Flagg, Martin D. (Jul 15)
- Re: Windows Updates and Cisco Clean Access Lee Weers (Jul 15)
- Re: Windows Updates and Cisco Clean Access Richard Gambrell (Jul 15)
- Re: Windows Updates and Cisco Clean Access Atif Azim (atif) (Jul 15)
- Re: Windows Updates and Cisco Clean Access Mike Wiseman (Jul 18)