Providing internet access in a highly secured network

Started by Gunter, March 05, 2024, 09:14:38 PM

Previous topic - Next topic

Gunter

What is the proper way of providing the client machines with the needed updates and the firewall with access to update their malware signatures in a high secured network where internet access is not provided to the firewall and the client machines?

icecream-guy

in internal device is setup to provide those updates. and the clients on the secure network go to the internal device for those updates.
like for windows, one could use Windows Server Update Services (WSUS)
:professorcat:

My Moral Fibers have been cut.

deanwebb

Secure file transfer: that's where you have a system where USB drives are created and tagged with the secure file transfer system, then they are checked in at a kiosk prior to installation on the endpoint. If the endpoint has an interactive OS, the kiosk can be a service running locally that blocks untagged USBs or tagged USBs whose contents don't match the file manifest. For headless devices, a hardware kiosk would serve that function at the entry point to the secured area.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.