[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

WSUS (Windows Server Update Services) SSL discussion

Posted on 2014-01-28
4
Medium Priority
?
749 Views
Last Modified: 2014-01-31
I have an internal implementation of WSUS 3.0 SP2 and it is working great for my internal users.  I would like to allow my full time remote users to benefit from this so that I can manage MS patches going to them.  I know what I need to change in GPO's and firewall configuration to allow this.  My question is, why would I want to configure SSL for the user laptops (clients) to connect to my WSUS server?  What data am I worried about securing and why not just use non-SSL for that connection?  Secondary question, if I do setup SSL are there any know issues or specific configuration changes to allow the use of a wildcard certificate from a trusted SSL cert authority?
0
Comment
Question by:clm000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 39817565
You should setup a separate instance for the remote users that will be a replica of the existing WSUS server but will direct the remote clients to retrieve the approved updates from microsoft rather than from your WSUS server. No reason to have remote system consume your bandwidth unnecessarily.

The difficulty lies in configuring remote clients.
0
 
LVL 1

Author Comment

by:clm000
ID: 39821655
Thank you , that is helpful and confirms what I just figured out.  I would still like to understand why I need SSL on the connections between the clients and my (dedicated for remote users) WSUS server to approve updates.  What data is passed through that connection that I need to be concerned about securing?
0
 
LVL 80

Accepted Solution

by:
arnold earned 1000 total points
ID: 39821698
You do not have to use SSL.  It is recommended. Each system transmits specific information to it as well as gets what updates it needs.  Capturing this information could provide an attacker information about an attack vector to which this system is susceptible.
I.e. systemA checks in and gets info that it needs KB123456 that is a TCP/IP stack dealing with stack overflow attack.  i.e. a ping of a particular size with a specific payload, will grant the attacker a foot hold.  While this system is of little consequence (workstation) it has access to the entire network and could be used to attack more sensitive systems (network is using flat design every system on the same segment). VLAN, firewalled systems are more complex dealing with step by step attacks via existing access points.
workstation to serverA via service1
                   to serverA via another service
etc.

Using SSL would enable you to limit the systems that can query this WSUS.

IF the users connect via VPN, there is no external exposure of the WSUS an SSL is a lu
0
 
LVL 1

Author Closing Comment

by:clm000
ID: 39824832
Thanks for both your responses, they were very helpful
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: Sometimes when I receive a call from my users to solve their problems it is very difficult for me to found their computer IP address. Even finding their computer Host to provide remote support can be a problem.  So I resorted to Goo…
Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question