SAVLINUX - LiveUpdating DMZ Hosts Securely
We are are currently using SAVLINUX on our DMZ webservers and in order to get these to update with the latest virus definition files, we need to pull down the latest updates from Symantec.
Here's the dilema:
1) Option: Having DMZ hosts connect directly to Symantec
Issue: Our sysadmins/network guys are hesitent on letting the DMZ servers connect directly to Symantec Liveupdate Servers
2) Option: Utilize LiveUpdate Administrator (already installed) for pushing updates to DMZ hosts
Issue: Since LiveUpdate Administrator already exists on an internal server, the DMZ servers would need to connect to it to get the updates. This concerns our network guys as the DMZ touches the internal, protected network.
Our requirement is to have daily updates, so manually updating is not in question.
I am wondering if you have other options, or if you have the most secure way to get updates to the DMZ webservers using either method. Can someone please provide some insight? Thanks in advance!