Moving your classes and resources online with a Learning Management System such as Moodle opens up a whole world of possibilities for teaching your students. However, it also opens up a number of threats as your students, private information, and resources become vulnerable to cyber attacks. Learn how to safeguard Moodle to keep the bad guys at bay.
Moodle Security will show you how to make sure that only authorized users can access the information on your Moodle site. This may seem simple, but every day, systems get hacked and information gets lost or misused. Imagine the consequences if that were to happen in your school. The straightforward examples in this book will help you to lock down those access routes one door at a time.
By learning about the different types of potential threats, reading this book will prepare you for the worst. Web robots can harvest your e-mail addresses to send spam e-mails from your account, which could have devastating effects. Moodle comes with a number of set roles and permissions—make sure these are assigned to the right people, and are set to keep out the spam bots, using Moodle's authentication features. Learn how to secure both Windows and Linux servers and to make sure that none of your system files are accessible to the wrong people. Many of the most dangerous web attacks come from inside your system, so once you have all of your security settings in place, you will learn to monitor user activity to make sure that there are no threats from registered users. You will learn to work with the tools that help you to do this and enable you to back up your settings so that even a crashed system can't bother you.
Chapter 1, Delving into World of Security opens the book with a basic introduction regarding the importance of security in web-based systems with total emphasis on Moodle. We expose weak points in every Moodle installation and offer a quick procedure for securely installing a new or securing an existing Moodle instance.
Chapter 2, Securing your server—Linux covers everything that helps securing typical Linux server starting with the OS basics and then moving on a web server configuration, PHP configuration, and database server configuration. Reader will be presented with a detailed explanation regarding inner workings of the file system on Linux and is offered a concrete examples on how to best utilize them regarding Moodle setup. If you do not use or plan on using Linux-based server for your Moodle setup you can skip this chapter.
Chapter 3, Securing your server—Windows covers the general subject of installing basic pieces needed for running Moodle and securing them on a server with Windows OS. We start with the basics related to the general OS issues and then offer explanation regarding file security and ways of getting, deploying, and securing Moodle files. Readers will also be presented with recommended installation and configuration process of PHP under Windows web server and recommended installation and configuration of MySQL.
Chapter 4, Authentication is dedicated to the topic of authentication. What it is and the way it is implemented in Moodle. We present the most used authentication methods and the detailed explanation regarding potential security issues and ways of handling them.
Chapter 5, Roles and Permissions explains that every complex system offers various usage patterns based on user needs and obligations. Based on such use cases we can identify specific roles. Moodle is no different in this respect. By assigning users to one of the predefined or custom roles we are defining spectrum of the options and actions available to them at every location within LMS. It is paramount for every administrator to understand the access rights as they are implemented. Therefore, in this chapter we will focus on access rights to resources and functions within Moodle starting with Roles and Capabilities, Standard Roles, ways of customizing roles, and our take on best practices regarding roles.
Chapter 6, Protection against bots explains how with search engines we—the common users, can find almost anything that is of our personal interest but as a website owner and/or administrator we must know what amount of information is available to the general public and if that amount surpasses our intention or allow boundaries, then we must know how to detect such case and remedy the situation. In this chapter we will dedicate to the exposing the danger of Internet bots. What they are and how they work and how to combat against them.
Chapter 7, Securing user files speaks about potential dangers that can be introduced into Moodle by the users. We list all points where one user can upload a custom file. How that file can affect other users (virus infection, inappropriate content, etc.). What can we do to protect our system and other users against these undesired introductions into system. We also explain in detail how to install, configure, and integrate ClamAV anti-virus in Moodle.
Chapter 8, Securing Moodle Data explains that when we talk about Moodle data we are referring to both user and course information that is within the platform. In the previous chapter we were talking about user files only. Now we will focus our attention to the protection and separation of internal Moodle data between valid platform users. The topics we will cover are user information protection, course information protection, and best practices for using and applying the techniques presented.
Chapter 9, Monitoring User Activity explains that an administrator's work does not end with installation and configuration of Moodle and an operating system. He should constantly monitor the server state and react as quickly as possible. In this chapter we will talk about ways of monitoring the status of Moodle and underlying OS components. We offer list of tools and utilities that can be used on both Linux and Windows for performing these tasks and also a separate section that deals with reports and other elements offered by Moodle for monitoring system activity. We explain how to set up and configure Google maps with Moodle, how to configure Moodle cron and how to configure and use statistics report. The reader is also offered a detailed step by step guide to setting up Webalizer—web traffic analyzer.
Chapter 10, Backup is the cornerstone of every well maintained production server. This chapter will try to explain the importance of such procedures regarding Moodle and present tools available both within the platform and outside of it. We will also try to offer some guidelines for what to do in case of total server failure. The reader will be presented with scripts for Linux and Windows that can be used for performing reliable backup procedures.
Appendix offers a list of less used authentication plugins within Moodle, with their short description and potential uses.