What's wrong with outbound ftp?...I assume these machines are only doing the virus
scanning they were intended to perform. If this is the case, harden the OS, and let
them ftp to where ever they need to go...
Chris
Bryan Porter wrote:
> I have a network administrator using Norton Corporate Anti-virus. This box
> gets its updates from liveupdate.symantec.com or ftp.symantec.com. If I do
> an nslookup query for these names I see that Symantec is round robining
> these names between ten boxes and four boxes respectively. Since this update
> service runs on an important server in our network I don't want to give it
> open access through FTP and HTTP to the entire internet, so I opened up only
> these fourteen boxes. The problem is Symantec will add or change IP's in
> this round robin, then I have to revisit this rule, add the boxes. Symantec
> has not made this easy for firewall admins.
> Has anyone found a better way of doing this? I have considered putting an
> entry in the host file of the server so that it only tries to access one box
> for ftp.syamntec.com and one for liveupdate.syamntec.com. Am I missing
> something, is there a better/easier way of doing this?
>
> TIA
> Bryan
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
Chris Trudeau
Partner-Managed Security Services
DigitalMoJo Inc.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
