Diode Applications: Secure Windows Updates

August 2013

In this blog series, I have been exploring applications for Data Diodes.  This week, I look at the issue of getting Windows Updates into a segregated network — securely.

It is widely reported that 80% or higher of all security attacks can be prevented by implementing basic security hygiene. The majority of such attacks take advantage of publicly known vulnerabilities in software. Once identified, these vulnerabilities are usually quickly fixed and updates made available by the vendor to their customer base. The updates need to be applied equally quickly — left unprotected for more than a few hours, the targeted vulnerabilities may be freshly attacked and infected. Consequently, it is vital to ensure regular updating of systems with all available fixes and patches relating to operating systems, applications and anti-virus software to mitigate the risk of a security attack to a known vulnerability.

Diode Applications: Secure Windows Updates

The routine method of applying system updates is to use an automated vendor mechanism. For secure networks not connected to the Internet, this approach is not suitable. Update strategies for these unconnected networks often rely on a manual process; the updates are obtained from the Internet, then securely transferred to the segregated network before being applied. This process is typically unreliable, prone to error and costly.

For organisations with secure networks or networks isolated from the Internet, a Data Diode based solution can automate the process. The diode enable the transfer of Windows Updates from the Internet to a Windows Update Server in the secure network, while ensuring there is no route back from the secure network to the Internet.
Diode Applications: Secure Windows Updates
While I’ve used the example of Windows updates, the concept can be used for most operating system, anti-virus and application update mechanisms.

Interested in finding out more details about getting operating system updates into your secure network?  Contact me, or leave a comment below.


This article was originally posted on the Cyber Matters blog – which gives “bite-size insight on cyber security for the not too technical”.

Author Bio - Colin Robbins

COLIN ROBBINSColin Robbins is a Principal Security Consultant at Nexor. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.

Subscribe to our RSS feeds


Our Accreditations; Investors in people; ISO 9001; Cyber Essentials; ISO 27001; TickIT Plus; HM Government.

Be the first to know about developments in secure information exchange

Share This