Windows updates, Anti-virus updates for Air gapped hosts

security networking anti-virus update

If people are using their own usb drives on these PCs it certainly is an issue.

I would set them up on an isolated LAN along with a WSUS server and whatever software you antivirus provides for distributing patches. The new server could either have a second connection to the internet, or stay isolated and have you manually transfer updates to it on a regular basis to distribute to the rest.

Related

Chasis reset button vs remote power recycle
How can I prevent attacks on my SQL Server installation?
Plesk HTTPS setup and directory problems [closed]
SSL stops working on IIS7 after a reboot
SSH: Configure ssh_config to use specific key file for a specific server fingerprint
Does adding an user to the apache group creates a security hole?
Is there any way to build a linux software raid system without all drives?
How do I prevent one IP from creating a DNS entry on a multi-homed server?
Connecting to SQL server instance on VM via host-only network
IP Table, what does this construct mean ::INPUT ACCEPT [0:0]
Varnish purge on POST or PUT
How to disable ICMP redirect packets in Cisco IOS?