Tony Sceats <[email protected]> writes:
> IMHO something like this is best done by hiring professionals, as some
> random person may or may not have the experience and skills they may or may
> not suggest, giving you a false sense of security in their findings.
Rick enquired about professionals. Just sayin'
[...]
> PPTP is generally not considered secure anymore anyway, although I don't
> have any details at hand, and again, my info is all very old.
Are you sure you should be giving advice about it, then, rather than
confirming your suspicions before you say something worrying?
In this case your memory is correct, however: MPPE encryption is fatally
flawed, and no other common encryption method exists. This means that, in
theory, a motivated attacker with full access to the link between the client
and the server can decrypt the session as it passes.
> I should say this again - if you are not using these extra services turn
> them off! It will not look good if some pen tester breaks in here and is
> then able to say the setup is insecure, despite this having no relation to
> Moodle itself.
*nod* This is good advice, IMO.
Daniel
--
✣ Daniel Pittman ✉ [email protected] ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
Looking for work? Love Perl? In Melbourne, Australia? We are hiring.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
