@stefano That happens when auditors are mostly idiots...

@stefano That happens when auditors are mostly idiots with little technical knowledge but with a lot of power. I had to deal with those people many times, people who don't know how to open a CLI and run a fucking ping are telling you what you have to do. When I deal with cyber security auditors with strong technical knowledge things are different but in my experience most of them just care about compliance.

Like 22 July at 10:47 | Wall-to-wall | Open on social.linux.pizza

5 comments

Stefano Marinelli

@jrballesteros05 I agree. They know that Debian with that version is compliant, and that's all. They don't probably know how ssh works at all.

22 July at 11:01 | Open on mastodon.bsd.cafe

:mastodon: Ricardo Martín

What an irony @stefano 😅
https://mastodon.social/@fluxwatcher/112819769762456071 @jrballesteros05

22 July at 11:11 | Open on mastodon.social

avi2022

@jrballesteros05 @stefano

True that! Once had an external cybersecurity auditor argue vehemently that certificate-based authentication is insecure and should not be used for MFA 😂

22 July at 11:46 | Open on masto.ai

apgarcia

@jrballesteros05 @stefano Another fun thing about some auditors - they must have screenshots. Text files are not good enough.

22 July at 14:37 | Open on fosstodon.org

Greem

@apgarcia @jrballesteros05 @stefano oh, good $DEITY.

I once had an auditor ask for screenshots from Active Directory Users & Computers.

Of the whole expanded thing. All 150k+ objects.

I explained why this wasn't possible, they repeated the demand, so I explained again and asked for escalation.

The demand was soon removed 🙂

23 July at 8:03 | Open on mastodon.social

Go Up