On Aug 22, 2008, at 9:57 AM, Hall, Rand wrote:
These have bothered me for a while... (but obviously not enough to
ask ;-)
1) Cisco recommends making Windows Update requirements optional:
"The Windows Update requirement type is set to Optional (or "do not
enforce") by default to optimize user experience by running the
update process in the background. Cisco also recommends leaving this
requirement as Optional if selecting the "Automatically download and
install" option."
I know that the Windows Update UI feedback is minimal and may
confuse the user a bit...but doesn't this in, large degree, defeat a
fundamental NAC goal--keeping unpatched PCs from beating on others
and vice versa?
Am I missing something?
For the record, I make the WU requirement mandatory but put text in
the description that encourages them to go to windowsupdate.com if
they get antsy.
We don't use the WU requirement, we rolled our own.
2) With vulnerabilities moving away from the OS and to apps, has
anyone created a requirement to at least use the Microsoft Update
agent rather than Windows Update (so Office gets patched, too)?
We currently have an Audit requirement for this. We will be making it
mandatory at some point soon. We also created Audit requirements for
Flash and the Novell Client.
3) Firewall requirements?
We rolled our own for Windows firewall and a select few vendors.
Cheers,
Rand
--
Rand P. Hall * Director, Network Services
Merrimack College * SunGard Higher Education
315 Turnpike Street, North Andover MA 01845 * Tel 978-837-5000
Fax 978-837-5383 * [EMAIL PROTECTED] * www.sungardhe.com
CONFIDENTIALITY: This e-mail (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited. If you received this e-mail in
error,
please notify the sender and delete this e-mail from your system.
Michael Grinnell
Information Security Engineer
The American University
