[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] MS should point windowsupdate.com to 127.0.0.1
- To: "Schmehl, Paul L" <pauls@utdallas.edu>
- Subject: Re: [Full-Disclosure] MS should point windowsupdate.com to 127.0.0.1
- From: Blue Boar <BlueBoar@thievco.com>
- Date: Thu, 14 Aug 2003 22:14:53 -0700
Schmehl, Paul L wrote:
> I just curious how you geniuses would solve this problem. You have a
> multi-six figure scientific instrument, which is only manufactured by
> one vendor in the entire world. Your research department depends upon
> that instrument to do research for which they are being funded
> handsomely by grants and expected to produce results.
>
> There's only one problem. The instrument requires that you run Windows
> 2000 Server with IIS, and the vendor requires that you not apply *any*
> patches post SP2. The government certifies the equipment at a certain
> patch level, and if the equipment is patched then the certification no
> longer applies, the research is no longer funded and you are now staring
> a six figure boat anchor.
<snip>
> 2) Minus points if you say "Don't allow access to the Internet. It
> *requires* access to the Internet. (IOW, it has to be able to connect
> to "live" IP address ranges, not private IPs.)
What *kind* of Internet access? Any reason I can't put a firewall or proxy
of some sort between it and the Internet? Maybe an IDS running as a router?
BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html