de-peering for security sake

Valdis.Kletnieks at Valdis.Kletnieks at
Sun Dec 27 18:59:20 UTC 2015

On Sun, 27 Dec 2015 05:35:19 +0100, Baldur Norddahl said:

> SSH password + key file is accepted as two factor by PCI DSS auditors, so
> yes it is in fact two factor.

They also accept NAT as "security".  If anything, PCI DSS is yet another example
of a money grab masquerading as security theater (not even real security).
I remember seeing a story a while ago that stated that of companies hit
by a data breach on a system that was inside their PCI scope, something
insane like 98% or 99% were in 100% full PCI compliance at the time of
the breach.  The only conclusion to be drawn is that the PCI set of checkboxes
are missing a lot of really crucial things for real security.  (And let's
not forget the competence level of the average PCI auditor, as the ones
I've encountered have all been very nice people, but more suited to checking
boxes based on buzzwords than actual in-deopth security analysis).

So excuse me for not taking "is accepted by PCI auditors" as grounds for
a claim of strong actual security.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list