[171467] in North American Network Operators' Group
Re: Dealing with auditors (was Re: We hit half-million: The Cidr
daemon@ATHENA.MIT.EDU (William Herrin)
Thu May 1 11:52:36 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <5362220F.3080201@pubnix.net>
From: William Herrin <bill@herrin.us>
Date: Thu, 1 May 2014 11:52:07 -0400
To: ahebert@pubnix.net
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, May 1, 2014 at 6:29 AM, Alain Hebert <ahebert@pubnix.net> wrote:
> Bill & Telnet...
>
> I hope that QSA didn't let you keep that telnet facing any
> public interface without any protection.
Hi Alain,
The point I made, successfully, was that it was outside the firewall
hence out of scope for the audit. What I do in a different security
domain from the one which handles the credit card transactions is none
of their business.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
