Question : Block Windows Updates at Firewall

Hello,

Does anyone know where I can get a comprehensive list of the servers that are accessed for Windows Updates?

I have a situation where I need to limit access to Windows Update to a single device among hundreds from a firewall at the edge of the network.  As I understand it Windows Update traffic is all port 80.

Realistically, I only need to block the servers enough to stop the update happening, not necessarily every single server.

I think it is likely that MS is using Akamai or some other service to manage its update load so the solution needs to *only* block Window Update.

Yeah, I realise there are countless more strategic ways to lock this down than a block rule on a firewall but this is what I need to do, so don't feel you have to list alternatives that don't include some sort of rules  on a firewall :)

Cheers,

Paul

Answer : Block Windows Updates at Firewall

Hello Russell124, sorry for not responding to this comment in a while - as you can imagine, the problem went away.

Blocking by dns name would be a simple approach, but no the firewall does not allow dns names in the rules.  Additionally, we would never (unless for some reason the risk was worth it) deploy a firewall that permitted dns names in the rules.

The reason for this is that if a firewall rule uses a DNS based named rule then the firewall is not deciding the IP addresses in use, but the DNS server.  So if someone wanted to manipulate the firewall rules, this could be done by poisoning the DNS server.  You wouldn't even need to attempt an attack on the firewall itself.  This is a pretty firm "no".


Random Solutions  
 
programming4us programming4us