[186663] in North American Network Operators' Group
Re: de-peering for security sake
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sun Dec 27 14:00:12 2015
X-Original-To: nanog@nanog.org
To: Baldur Norddahl <baldur.norddahl@gmail.com>
From: Valdis.Kletnieks@vt.edu
In-Reply-To: <CAPkb-7CJ1K-=7k1qM+HEujPP0=qcSY1EPQiKU5SUOQzKGDRLug@mail.gmail.com>
Date: Sun, 27 Dec 2015 13:59:20 -0500
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1451242760_10192P
Content-Type: text/plain; charset=us-ascii
On Sun, 27 Dec 2015 05:35:19 +0100, Baldur Norddahl said:
> SSH password + key file is accepted as two factor by PCI DSS auditors, so
> yes it is in fact two factor.
They also accept NAT as "security". If anything, PCI DSS is yet another example
of a money grab masquerading as security theater (not even real security).
I remember seeing a story a while ago that stated that of companies hit
by a data breach on a system that was inside their PCI scope, something
insane like 98% or 99% were in 100% full PCI compliance at the time of
the breach. The only conclusion to be drawn is that the PCI set of checkboxes
are missing a lot of really crucial things for real security. (And let's
not forget the competence level of the average PCI auditor, as the ones
I've encountered have all been very nice people, but more suited to checking
boxes based on buzzwords than actual in-deopth security analysis).
So excuse me for not taking "is accepted by PCI auditors" as grounds for
a claim of strong actual security.
--==_Exmh_1451242760_10192P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBVoA1CAdmEQWDXROgAQIZgBAAuJCWTKgC5wxQYSWSBw16zVpAJZimPLek
7gE7XC6KkwuYQEOaqGk6dMwNlOVJUzfJyxSsUz33faHjQGVgeEzTfOlXXEdMe8qy
Uad6Me8pVw4s8zwO6RKTjMkK0y0Bt+MKi3tOp8ToolN9uMxessXoP1Lj9jFJAnvn
zpfs3X6SYJVmujj4nTyQzvTfdM71XiOAVmrKII1w1vIH0MuSblQoyaGVHBwxKrYm
M4jnBfb+ZJZNVJvmwcrlQhjt6A4Pt3xfARxoZ/1O4rbtRl3bDIloib5eTOouagsd
nsV29Gf7nrb6QT2kkk4qs6I5UZZmQwdw/urH3CTCtTB0g3KprdnNTuFDBCB2HLdI
sX5FDHMCHb/j+m51j2G62d+I8BvXdOLTPVzqYVM1GQUZ+pHtvdDaakMtA/T36PBk
3AIHvjBW5Ci9FLKSLcNsgG2h3HS8wwbJPzftYpr3Zx0IYBAnrog36W47HD2Apw//
B/b8EqGUvMujNRD8RMreYScKJfuaT+I4Y1xRLP1VhpaMoUqAqk2xSXimP1Tce3dU
aH7CyoYAb6ppCvsxvWPaILJzzgbweIcUSGwieD3Gw5SP4j59BFxnMRmZyY/3VTBr
d8k8q0dishqXJcFBQA+HyTKFhEGOgZ9xRd7H7my7BK+832KVz52xz8yKdO5FTPRY
o99F/2E45U4=
=oCcU
-----END PGP SIGNATURE-----
--==_Exmh_1451242760_10192P--
