https://www.rsync.net/resources/regulatory/pci.html

The rsync.net platform is so simple that our first PCI scan vendor, in 2006, could not actually verify that we were up and running.

We offered so little attack surface for their scans that they (incorrectly) assumed we were offline.

Our platform only answers on port 22 with OpenSSH.

That's it.

I do security and I title this "Most secured platform in the world."

stavros 6 months ago [–]

Oh yeah? Well I run one where no ports are open. In fact, I haven't even connected it to the network.

xarope 6 months ago [–]

Wasn't that the joke about how the original windows NT server got it's C2/ITSEC rating?

stavros 6 months ago [–]

I haven't heard that joke!

batch12 6 months ago [–]

I'll raise you-- I have one that I keep powered off...

stavros 6 months ago [–]

I can top that: I don't have one.

krylon 6 months ago [–]

That's nothing. I don't have thousands.

rubiquity 6 months ago [–]

What are you two even talking about?

paulmd 6 months ago [–]

The three golden rules of computer security: do not own a computer, do not power it on, and do not use it.

https://en.wikipedia.org/wiki/Robert_Morris_(cryptographer)