Book Image

Moodle Security

Book Image

Moodle Security

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Moodle Security
Feb, 2011 | 204 pages
No titles found
Table of Contents (17 chapters)
Moodle Security
Moodle Security
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Delving into the World of Security
Delving into the World of Security
Moodle and security
The secure installation of Moodle
Quickly securing Moodle
Summary
2
Securing Your Server Linux
Securing Your Server Linux
Securing your Linux—the basics
Apache configuration
MySQL configuration
PHP configuration
File security permissions
Adequate location for a Moodle installation
How to secure Moodle files
Summary
3
Securing Your Server—Windows
Securing Your Server—Windows
Securing Windows—the basics
File security permissions
Installing and securing PHP under Internet Information Server
Securing MySQL
Summary
4
Authentication
Authentication
Basics of authentication
Common authentication attacks
Authentication types in Moodle
Summary
5
Roles and Permissions
Roles and Permissions
Roles and capabilities
Standard Moodle roles
Customizing roles
Best practices
Summary
6
Protection Against Bots
Protection Against Bots
Internet bots
Protecting Moodle from unwanted search bots
Protection against spam bots
Protection against brute force attacks
Summary
7
Securing User Files
Securing User Files
Uploading files into Moodle
Dangers and pitfalls
Anti-virus and Moodle
Summary
8
Securing Moodle Data
Securing Moodle Data
User information protection
Course information protection
Summary
9
Monitoring User Activity
Monitoring User Activity
Activity monitoring using Moodle tools
Activity monitoring using OS native tools
Summary
10
Backup
Backup
Importance of backup
Backup tools in Moodle
Site backup
Disaster recovery scenario
Summary
Authentication Plugins
Authentication Plugins
Plugins less common in production servers
Summary

Chapter 1. Delving into the World of Security

Welcome to Moodle Security!

In the early days of the web, Internet was mostly used for academic purposes. Hence, all communications protocols had very little or no focus on security. The situation started changing as more and more public and commercial services started moving online and common users started actually using Internet in their daily routine. With the increase of user base we see the emerge of the malicious groups of users, the so-called hackers that are focused mostly on information theft and illegal usage. Nowadays it is quite common to be attacked by hacker(s). In fact it is so common and frequent that it is reported that only the USA's cyber attacks generate costs up to 10 billion dollars every year. The purpose of this book is to introduce you to web security while focusing on Moodle.

In this chapter we will cover the following topics:

  • Moodle and security

  • Weak points

  • The secure Moodle installation

  • Quickly securing Moodle

Moodle and security

Moodle is an open source CMS (Course Management System)/LMS (Learning Management System)/VLE (Virtual Learning Environment). Its primary purpose is to enable educational institutions and individuals to create and publish learning content in a coherent and pedagogically valuable manner, so that it can be used for successful knowledge transfer towards students.

That sounds harmless enough. Why would anybody want to illegally access an educational platform?

There are various motives of computer criminals. In general, they are people committed to the circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via a communication network such as the Internet. Some of the motives could be:

  • Financial: Stealing user and/or course information and selling it to other third-parties

  • Personal: Personal grudge, infantile display of power, desire to alter assigned grades, and so on

Weak points

Moodle is a web application and as such must be hosted on a computer connected to some kind of network (private or public—Internet / Intranet). This computer must have the following components:

  • Operating System (OS)

  • Web server

  • PHP

  • Database server

  • Moodle

Each of these pieces can be used as a point of attack by a malicious user(s) in order to obtain access to the protected information. Therefore, it is our task to make all of them as secure as possible. The main focus will be directed towards our Moodle and PHP configuration. At the end of the book you can find some recommended literature for additional reading.

Previous Section
End of Section 1
Next Section