Timothy,

We do have MACs in our environment, but don't have a good set of Nessus
scans to identify vulnerabilities. Thus, the need for adding apple.com
hasn't come up. Can you share what Nessus scans you use?

Thanks,

Simon

>>> [log in to unmask] 11/21/2005 12:54 PM >>>
I checked our URL list just now and we had the same thing. We had
added
a lot of the URLs that were missing (nai, grisoft, etc) ourselves and
those stayed enabled, but all the Cisco created entries were turned
off.
I agree that there needs to be some system, be it email or even
something on the Summary page that says "Updates were installed as of
XX/XX/XXXX at XX:XX AM/PM". Yes, you can go and check the logs or dig
down to where it is listed under Clean Access, but you shouldn't have
to.

On a side note, does anyone have Apple users in their CCA environment?
We had to add apple.com to the allowed domains list so they could get
OS
updates when the Nessus scans found security holes. Again, not a big
deal, but surprising that it's not included in the default list.






 
Timothy Grzeczka
Network Analyst
Dominican University
[log in to unmask] 
Voice - (708) 524-6568
Fax - (708) 488-5111