I have a small business with a single credit card reader connected to the internet via my cable router/modem. The credit card company is now instituting very strick security policies for people like me who have these machines connected to the internet. They want to run a scan each month to test the vulnerability. They started doing this a couple of years ago and I passed each time.
Now they have a new company running scans and they tell me the old company never actually penetrated past the firewall of the modem. They just said all was "OK". They are telling me I have to "whitelist" a whole bunch of IP addresses from where their scans may originate. I assume this means this will give them full access to my network as if they were sitting in my office on my computer... is this correct?
My question is this. If I do this and one or more of these IP addresses falls into the hands of a hacker or in fact anyone who has this same list of addresses... it's just a form letter they must have sent to millions of customers like me... what is to stop them from getting the same access?
Edited by Scooterspal, 15 February 2018 - 11:23 AM.