Yes, content hashing is one security mechanism and works essentially as you've described.
J From: [email protected] [mailto:[email protected]] On Behalf Of Barnes,Chris Sent: Monday, July 22, 2013 9:11 AM To: [email protected] Subject: [mssms] Securing data from Distribution Points Hey guys - Question for you. My SCCM environment is undergoing additional scrutiny from our Security and Compliance department due to our business requirement of being PCI complaint. Long story short, I am trying to argue that the content that the clients pull down from the Distribution Point is secure because the client will be able to compare the expected hash of the content vs. the actual hash of the content. This would apply both to software distribution packages, as well as software update packages. So if the distribution point was compromised, and the package data was altered, the client would reject the content as it does not match the expected hash that the clients would obtain from the MP, as long as the MP was not compromised as well. Is this correct? I am attempting to keep my 90 DPs from having to whitelist every port and IP that they need to talk to. Chris Barnes Senior Technical Specialist - Penske Automotive Group [email protected]<mailto:[email protected]> Desk: (248) 648-2528 Cell: (248) 767-4415 ________________________________ Penske Automotive Group and its affiliates will never sell or rent your email address in violation of applicable law. This email and any files transmitted with it are confidential and intended solely for use of the individual or entity to whom they are addressed. Please delete all copies if you are not the intended recipient.
