On Jul 23, 2009, at 12:11 PM, Steve Atkins wrote:
> They asked me to open up my firewall to them, pointing at a fake
> server, just so they'd have something to audit, after failing our
> audit "because we only allowed access to the application from inside
> our firewall."
I'm glad it wasn't just me. We failed our audit because our firewall
correctly detected their probes as an intrusion, and shut them down.
It would be as if your home failed a security audit because no one
could get through the external fence, so "we couldn't verify that the
door was locked."