|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
In-Reply-To: <CA+vWMo7Ys09Kb9i+v477nDHEseTkLotcNMsdN1Us281rST--VQ@mail.gmail.com> From: Keegan Holley <keegan.holley@sungard.com> Date: Mon, 12 Mar 2012 16:40:24 -0400 To: Maverick <myeaddress@gmail.com> Cc: nanog@nanog.org Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org 2012/3/12 Maverick <myeaddress@gmail.com> > Like list of sites that operating systems or applications installed on > your machines go to update themselves. One way could be to go on each > vendors site and look at their update servers like > microsoft.update.com but it would be good if there is a list of such > servers for all OS and applications so that it could be used as a > whitelist. > > I stick with my original answer... sometimes. I'm not sure if this is different now, but I remember MS update being spoofed with bogus DNS entries because the process is died to that dns name. I think this is the most popular method combined with some sort of encryption and/or signing to verify the updates themselves. I'm sure there are applications that use a white list though. There are alot of shops that update via some kind of CDN, so the whitelist method is a bit combersome at scale and is not immune to spoofing or other attacks. The most secure thing is probably to protect the updates themselves.
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |