nanog mailing list archives
Re: de-peering for security sake
From: Valdis.Kletnieks () vt edu
Date: Sun, 27 Dec 2015 13:59:20 -0500
On Sun, 27 Dec 2015 05:35:19 +0100, Baldur Norddahl said:
SSH password + key file is accepted as two factor by PCI DSS auditors, so yes it is in fact two factor.
They also accept NAT as "security". If anything, PCI DSS is yet another example of a money grab masquerading as security theater (not even real security). I remember seeing a story a while ago that stated that of companies hit by a data breach on a system that was inside their PCI scope, something insane like 98% or 99% were in 100% full PCI compliance at the time of the breach. The only conclusion to be drawn is that the PCI set of checkboxes are missing a lot of really crucial things for real security. (And let's not forget the competence level of the average PCI auditor, as the ones I've encountered have all been very nice people, but more suited to checking boxes based on buzzwords than actual in-deopth security analysis). So excuse me for not taking "is accepted by PCI auditors" as grounds for a claim of strong actual security.
Attachment:
_bin
Description:
Current thread:
- Re: de-peering for security sake, (continued)
- Re: de-peering for security sake Joe Abley (Dec 26)
- Re: de-peering for security sake William Waites (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Matthew Petach (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Valdis . Kletnieks (Dec 26)
- Re: de-peering for security sake Baldur Norddahl (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Baldur Norddahl (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 27)
- Re: de-peering for security sake Valdis . Kletnieks (Dec 27)
- Re: de-peering for security sake Christopher Morrow (Dec 27)
- Re: de-peering for security sake Mike Hale (Dec 27)
- Re: de-peering for security sake Christopher Morrow (Dec 27)
- Re: de-peering for security sake Mike Hale (Dec 27)
- Re: de-peering for security sake Randy Bush (Dec 27)
- Re: de-peering for security sake Christopher Morrow (Dec 27)
- Re: de-peering for security sake Mike Hale (Dec 27)
- Re: de-peering for security sake Randy Bush (Dec 27)
- Re: de-peering for security sake Owen DeLong (Dec 27)
- Re: de-peering for security sake Baldur Norddahl (Dec 27)