SlideShare a Scribd company logo

Moodle security

Download as PPTX, PDF
Dilum Bandara
Dilum Bandara

Tips & best practices on securing your Moodle LMS deployment

Technology
1 of 19
Moodle Security Dilum Bandara, PhD Dept. of Computer Science & Engineering, University of Moratuwa Dilum.Bandara@uom.lk http://Dilum.Bandara.lk
Security & Privacy in LMSs  Used by many trainers & trainees  Most of them aren’t technically savvy Can be accessible from anywhere, at any time, on many devices  Lost of features    Chat, forums, pools, quizzes, etc. Many internal threats   Motivation to alter grades Motivation to know others grades 2
Outline Security review  Securing Moodle     Moodle server security Moodle site security Best practices 3
Computer Security  Objective   To protect resources of your computer system Resources      Source – http://smallbusinessindia.intuit.in Physical assets Data & software Personnel Trust A computer system is secure if you can depend upon it to behave as you expect 4
Sources of Threats  Outsiders     Hackers/crackers Associates (customers, contractors) Former employees Insiders  Users    Trainers & trainees System administrators Programmers Source – aztechnews.com Most incidents are due to insiders 5
How to Attack a System?  By impersonating a valid user  A student impersonating another student   Wiretapping   Clear passwords Searching   Human engineering Simple (username, password) pairs By exploiting bugs/weaknesses in systems    Default, test, & miss configurations Unencrypted pages Targeted attacks  Buffer overflows, SQL injection attacks 6
Possible Attacks on Moodle Tampering grades  Tampering assignment submission times  Accessing quizzes   Answers or access before allowed time Login as other users  Denial of Service (DoS) attacks  Session hijacking  SQL injection attacks  Cross-site scripting  7
Goals in Security – CIA  Key aspects of a computer related security system Confidentiality Integrity Availability 8
Achieving CIA  To achieve confidentiality, integrity, & availability, computer systems should provide      Identification Authentication Access control Accounting/Auditing Assurance 9
Achieving Security, Privacy, & Trust  Access control     File & data control     Strong passwords & secure logins Minimum access Policies that address what, by whom, when Integrity & confidentiality Separation Backups & policies System protection    Firewalls, antivirus, intruder detection systems Frequent updates Minimal services – hardened servers 10
Securing Moodle  Securing Moodle server   Server-level security (like any server on Internet) Securing Moodle site  Application-level security Source – http://www.altfire.ie/automaticserver-scans-with-security-reports/ Source – http://ifreecode.com/java/javatutorials/web-application-security 11
Securing Moodle Server  Operating System       Linux or Windows Remove unwanted services Access rights Regular security updates Antivirus Secure Network   Firewall Intruder detection system 12
Securing Moodle Server (Cont.)  Web Server    Enable https Load only required modules Access control  Moodle folder 700 (rwx------)files 600 (rw-------) Moodle data folder 750 (rwxr-x---)files 640 (rw-r-----)  Don’t place Moodle data folder on Web Root   e.g., not in www directory   Regular security updates Application-level firewalls   Blocks SQL injection attacks & cross-site scripting ModSecurity (www.modsecurity.org) for Apache, IIS, & NGINX 13
Securing Moodle Server (Cont.)  PHP & MySQL   Regular updates phpMyAdmin (www.phpmyadmin.net)    No default password Block outside local network MySQL   Use root user password Turn off network access – if database in same server as Moodle 14
Securing Moodle Site  Force users to login     Turn off user self-registration   Use registration with a key if it’s the only option Minimum access   Disable guest access If really needed, use guest access with a key Enable Captcha Some may be a student/instructor/administrator at the same time Strong password   8+ characters, lower/upper case, numbers, symbols Frequently update 15
Securing Moodle Site (Cont.)  Load only required services/plug-ins  Disable opentogoogle if not essential  Public trainer/trainee profiles Regular updates  Update via Git  Backup at all levels   Data backup      Course backups Moodle data folder SQL data Server backup Moodle software & configuration backup 16
Monitoring, Accounting, & Auditing  Moodle  Moodle log      My courses  Course Name  Reports Logs, Activity, Participant report Moodle statistics PHP log Web server Source – http://binarymuse.g ithub.io/moodle-tools/  Server log Server statistics  /usr/local/apache/logs, /var/log/apache or /var/log/httpd   Operating system log    /var/log/syslog, /var/log/messages Firewall & intruder detection system log Use log analysis tools 17
Best Practices Security first  Minimum access  Enforce login  Use https  Don't use any module just because it's available  Use mailing lists to stay updated  Use forums to find out about modules  18
Resources  Mailing lists      Forums & web sites      Moodle – https://moodle.org/security/ PHP – http://php.net/mailing-lists.php MySQL – http://lists.mysql.com/ Apache – http://httpd.apache.org/lists.html https://moodle.org/mod/forum/ http://www.moodlenews.com/tag/security/ http://www.inmotionhosting.com/support/edu/moodle/moodle-site-security http://krypted.com/mac-security/moodle-security/ Other    http://www.inmotionhosting.com/support/edu/moodle http://www.slideshare.net/moorejon/securing-your-moodle “Moodle Security” by Darko Miletić 19

Recommended

Moodle, Use and Features of Moodle ?
Moodle, Use and Features of Moodle ?Moodle, Use and Features of Moodle ?
Moodle, Use and Features of Moodle ?Central University of Haryana
 
Introduction to Moodle
Introduction to MoodleIntroduction to Moodle
Introduction to MoodleSan Diego Continuing Education
 
E-learning system
E-learning systemE-learning system
E-learning systemTomilayo Lawani
 
Moodle
MoodleMoodle
MoodleNehal Naik
 
Learning Management System
Learning Management SystemLearning Management System
Learning Management SystemShubham Singh
 
Learning management system
Learning management systemLearning management system
Learning management systemJatin Chauhan
 
Moodle Presentation
Moodle PresentationMoodle Presentation
Moodle PresentationFrank Fucile
 
Moodle: a free learning management system
Moodle: a free learning management systemMoodle: a free learning management system
Moodle: a free learning management systemKenneth Ronkowitz
 

Recommended

Moodle, Use and Features of Moodle ?
Moodle, Use and Features of Moodle ?Moodle, Use and Features of Moodle ?
Moodle, Use and Features of Moodle ?Central University of Haryana
 
Introduction to Moodle
Introduction to MoodleIntroduction to Moodle
Introduction to MoodleSan Diego Continuing Education
 
E-learning system
E-learning systemE-learning system
E-learning systemTomilayo Lawani
 
Moodle
MoodleMoodle
MoodleNehal Naik
 
Learning Management System
Learning Management SystemLearning Management System
Learning Management SystemShubham Singh
 
Learning management system
Learning management systemLearning management system
Learning management systemJatin Chauhan
 
Moodle Presentation
Moodle PresentationMoodle Presentation
Moodle PresentationFrank Fucile
 
Moodle: a free learning management system
Moodle: a free learning management systemMoodle: a free learning management system
Moodle: a free learning management systemKenneth Ronkowitz
 
E-LEARNING
E-LEARNINGE-LEARNING
E-LEARNINGBHAVNATILWANI
 
Moodle Features
Moodle FeaturesMoodle Features
Moodle FeaturesTomaz Lasic
 
The benefits of using moodle
The benefits of using moodleThe benefits of using moodle
The benefits of using moodlerpopie35
 
What is moodle ppt
What is moodle pptWhat is moodle ppt
What is moodle pptTomaz Lasic
 
Moodle Tutorials
Moodle TutorialsMoodle Tutorials
Moodle TutorialsCarole McCulloch
 
Zoom app
Zoom appZoom app
Zoom appAbdul Rehman
 
Moodle: An Open Source Course Management System
Moodle: An Open Source Course Management SystemMoodle: An Open Source Course Management System
Moodle: An Open Source Course Management SystemOffice of Instructional Development at Dawson College
 
Moodle.ppt
Moodle.pptMoodle.ppt
Moodle.pptTommye Butcher
 
Moodle Do's and Moodle Don'ts
Moodle Do's and Moodle Don'tsMoodle Do's and Moodle Don'ts
Moodle Do's and Moodle Don'tsSandy Hirtz
 
Microsoft Teams for Education Quick Start Guide
Microsoft Teams for Education Quick Start GuideMicrosoft Teams for Education Quick Start Guide
Microsoft Teams for Education Quick Start GuidePhil Vincent
 
Google classroom
Google classroomGoogle classroom
Google classroomAarti Choudhary
 
learning Management system
learning Management systemlearning Management system
learning Management systemZahida Pervaiz
 
E learning proposal
E learning proposalE learning proposal
E learning proposalhaussmannmatthew
 
Bài giảng thực hành windows server 2008 776030
Bài giảng thực hành windows server 2008 776030Bài giảng thực hành windows server 2008 776030
Bài giảng thực hành windows server 2008 776030trucmt2000
 
The benefits of moodle how to engage teaching staff
The benefits of moodle how to engage teaching staffThe benefits of moodle how to engage teaching staff
The benefits of moodle how to engage teaching staffChris Chapman
 
Presentation on zoom app
Presentation on zoom appPresentation on zoom app
Presentation on zoom appMuhammad Saleem Tahir
 
How to Use Zoom for Virtual Meetings and Webinars
How to Use Zoom for Virtual Meetings and Webinars How to Use Zoom for Virtual Meetings and Webinars
How to Use Zoom for Virtual Meetings and Webinars Learning in Bloom
 
Introduction to Google Classroom
Introduction to Google Classroom Introduction to Google Classroom
Introduction to Google Classroom Jkeigher
 
Learning management-system-lms
Learning management-system-lmsLearning management-system-lms
Learning management-system-lmsAbbhinav Nookala
 
Microsoft Teams
Microsoft TeamsMicrosoft Teams
Microsoft TeamsDavid J Rosenthal
 
VaticHub - Vehicular Data Analytics
VaticHub - Vehicular Data AnalyticsVaticHub - Vehicular Data Analytics
VaticHub - Vehicular Data AnalyticsVaticHub
 
Information System Security
Information System Security Information System Security
Information System Security Syed Asif Sherazi
 

More Related Content

What's hot

The benefits of using moodle
The benefits of using moodleThe benefits of using moodle
The benefits of using moodlerpopie35
 
What is moodle ppt
What is moodle pptWhat is moodle ppt
What is moodle pptTomaz Lasic
 
Moodle Do's and Moodle Don'ts
Moodle Do's and Moodle Don'tsMoodle Do's and Moodle Don'ts
Moodle Do's and Moodle Don'tsSandy Hirtz
 
Microsoft Teams for Education Quick Start Guide
Microsoft Teams for Education Quick Start GuideMicrosoft Teams for Education Quick Start Guide
Microsoft Teams for Education Quick Start GuidePhil Vincent
 
learning Management system
learning Management systemlearning Management system
learning Management systemZahida Pervaiz
 
Bài giảng thực hành windows server 2008 776030
Bài giảng thực hành windows server 2008 776030Bài giảng thực hành windows server 2008 776030
Bài giảng thực hành windows server 2008 776030trucmt2000
 
The benefits of moodle how to engage teaching staff
The benefits of moodle how to engage teaching staffThe benefits of moodle how to engage teaching staff
The benefits of moodle how to engage teaching staffChris Chapman
 
How to Use Zoom for Virtual Meetings and Webinars
How to Use Zoom for Virtual Meetings and Webinars How to Use Zoom for Virtual Meetings and Webinars
How to Use Zoom for Virtual Meetings and Webinars Learning in Bloom
 
Introduction to Google Classroom
Introduction to Google Classroom Introduction to Google Classroom
Introduction to Google Classroom Jkeigher
 
Learning management-system-lms
Learning management-system-lmsLearning management-system-lms
Learning management-system-lmsAbbhinav Nookala
 

What's hot (20)

E-LEARNING
E-LEARNINGE-LEARNING
E-LEARNING
 
Moodle Features
Moodle FeaturesMoodle Features
Moodle Features
 
The benefits of using moodle
The benefits of using moodleThe benefits of using moodle
The benefits of using moodle
 
What is moodle ppt
What is moodle pptWhat is moodle ppt
What is moodle ppt
 
Moodle Tutorials
Moodle TutorialsMoodle Tutorials
Moodle Tutorials
 
Zoom app
Zoom appZoom app
Zoom app
 
Moodle: An Open Source Course Management System
Moodle: An Open Source Course Management SystemMoodle: An Open Source Course Management System
Moodle: An Open Source Course Management System
 
Moodle.ppt
Moodle.pptMoodle.ppt
Moodle.ppt
 
Moodle Do's and Moodle Don'ts
Moodle Do's and Moodle Don'tsMoodle Do's and Moodle Don'ts
Moodle Do's and Moodle Don'ts
 
Microsoft Teams for Education Quick Start Guide
Microsoft Teams for Education Quick Start GuideMicrosoft Teams for Education Quick Start Guide
Microsoft Teams for Education Quick Start Guide
 
Google classroom
Google classroomGoogle classroom
Google classroom
 
learning Management system
learning Management systemlearning Management system
learning Management system
 
E learning proposal
E learning proposalE learning proposal
E learning proposal
 
Bài giảng thực hành windows server 2008 776030
Bài giảng thực hành windows server 2008 776030Bài giảng thực hành windows server 2008 776030
Bài giảng thực hành windows server 2008 776030
 
The benefits of moodle how to engage teaching staff
The benefits of moodle how to engage teaching staffThe benefits of moodle how to engage teaching staff
The benefits of moodle how to engage teaching staff
 
Presentation on zoom app
Presentation on zoom appPresentation on zoom app
Presentation on zoom app
 
How to Use Zoom for Virtual Meetings and Webinars
How to Use Zoom for Virtual Meetings and Webinars How to Use Zoom for Virtual Meetings and Webinars
How to Use Zoom for Virtual Meetings and Webinars
 
Introduction to Google Classroom
Introduction to Google Classroom Introduction to Google Classroom
Introduction to Google Classroom
 
Learning management-system-lms
Learning management-system-lmsLearning management-system-lms
Learning management-system-lms
 
Microsoft Teams
Microsoft TeamsMicrosoft Teams
Microsoft Teams
 

Viewers also liked

VaticHub - Vehicular Data Analytics
VaticHub - Vehicular Data AnalyticsVaticHub - Vehicular Data Analytics
VaticHub - Vehicular Data AnalyticsVaticHub
 
Information System Security
Information System Security Information System Security
Information System Security Syed Asif Sherazi
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
Sequential Logic Circuits
Sequential Logic CircuitsSequential Logic Circuits
Sequential Logic CircuitsDilum Bandara
 
Junli Gu at AI Frontiers: Autonomous Driving Revolution
Junli Gu at AI Frontiers: Autonomous Driving RevolutionJunli Gu at AI Frontiers: Autonomous Driving Revolution
Junli Gu at AI Frontiers: Autonomous Driving RevolutionAI Frontiers
 
Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems Haitham Ahmed
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Autonomous Vehicles: Technologies, Economics, and Opportunities
Autonomous Vehicles: Technologies, Economics, and OpportunitiesAutonomous Vehicles: Technologies, Economics, and Opportunities
Autonomous Vehicles: Technologies, Economics, and OpportunitiesJeffrey Funk
 
Driving Disrupted: Driverless Cars Change Everything
Driving Disrupted: Driverless Cars Change EverythingDriving Disrupted: Driverless Cars Change Everything
Driving Disrupted: Driverless Cars Change Everythingsparks & honey
 
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...Yole Developpement
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 

Viewers also liked (20)

VaticHub - Vehicular Data Analytics
VaticHub - Vehicular Data AnalyticsVaticHub - Vehicular Data Analytics
VaticHub - Vehicular Data Analytics
 
Information System Security
Information System Security Information System Security
Information System Security
 
Chapter 01
Chapter 01Chapter 01
Chapter 01
 
1 security goals
1 security goals1 security goals
1 security goals
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
Sequential Logic
Sequential LogicSequential Logic
Sequential Logic
 
Sequential Logic Circuits
Sequential Logic CircuitsSequential Logic Circuits
Sequential Logic Circuits
 
Junli Gu at AI Frontiers: Autonomous Driving Revolution
Junli Gu at AI Frontiers: Autonomous Driving RevolutionJunli Gu at AI Frontiers: Autonomous Driving Revolution
Junli Gu at AI Frontiers: Autonomous Driving Revolution
 
Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems
 
Security
SecuritySecurity
Security
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Security threats
Security threatsSecurity threats
Security threats
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Autonomous Vehicles: Technologies, Economics, and Opportunities
Autonomous Vehicles: Technologies, Economics, and OpportunitiesAutonomous Vehicles: Technologies, Economics, and Opportunities
Autonomous Vehicles: Technologies, Economics, and Opportunities
 
Driving Disrupted: Driverless Cars Change Everything
Driving Disrupted: Driverless Cars Change EverythingDriving Disrupted: Driverless Cars Change Everything
Driving Disrupted: Driverless Cars Change Everything
 
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
 
Network security
Network securityNetwork security
Network security
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 

Similar to Moodle security

Securing Your Moodle
Securing Your MoodleSecuring Your Moodle
Securing Your Moodlemoorejon
 
3 secure design principles
3 secure design principles3 secure design principles
3 secure design principlesdrewz lin
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesBrian Huff
 
Internet Security
Internet SecurityInternet Security
Internet SecurityAnne Adrian
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
302 Content Server Security Challenges And Best Practices
302 Content Server Security Challenges And Best Practices302 Content Server Security Challenges And Best Practices
302 Content Server Security Challenges And Best Practicesphanleson
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Security In PHP Applications
Security In PHP ApplicationsSecurity In PHP Applications
Security In PHP ApplicationsAditya Mooley
 
Drupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January MeetupDrupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January MeetupChris Hales
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxbagotjesusa
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityFredReynolds2
 
Top Ten Settings that Leave your IBM i Vulnerable
Top Ten Settings that Leave your IBM i VulnerableTop Ten Settings that Leave your IBM i Vulnerable
Top Ten Settings that Leave your IBM i VulnerablePrecisely
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend
 

Similar to Moodle security (20)

Securing Your Moodle
Securing Your MoodleSecuring Your Moodle
Securing Your Moodle
 
3 secure design principles
3 secure design principles3 secure design principles
3 secure design principles
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best Practices
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer System
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
 
302 Content Server Security Challenges And Best Practices
302 Content Server Security Challenges And Best Practices302 Content Server Security Challenges And Best Practices
302 Content Server Security Challenges And Best Practices
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating system
 
Security In PHP Applications
Security In PHP ApplicationsSecurity In PHP Applications
Security In PHP Applications
 
Drupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January MeetupDrupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January Meetup
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Security
 
WordPress Security 2018
WordPress Security 2018WordPress Security 2018
WordPress Security 2018
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
 
How You Can Keep Your Organization Secure
How You Can Keep Your Organization Secure How You Can Keep Your Organization Secure
How You Can Keep Your Organization Secure
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database Security
 
Top Ten Settings that Leave your IBM i Vulnerable
Top Ten Settings that Leave your IBM i VulnerableTop Ten Settings that Leave your IBM i Vulnerable
Top Ten Settings that Leave your IBM i Vulnerable
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 

More from Dilum Bandara

Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine LearningDilum Bandara
 
Time Series Analysis and Forecasting in Practice
Time Series Analysis and Forecasting in PracticeTime Series Analysis and Forecasting in Practice
Time Series Analysis and Forecasting in PracticeDilum Bandara
 
Introduction to Dimension Reduction with PCA
Introduction to Dimension Reduction with PCAIntroduction to Dimension Reduction with PCA
Introduction to Dimension Reduction with PCADilum Bandara
 
Introduction to Descriptive & Predictive Analytics
Introduction to Descriptive & Predictive AnalyticsIntroduction to Descriptive & Predictive Analytics
Introduction to Descriptive & Predictive AnalyticsDilum Bandara
 
Introduction to Concurrent Data Structures
Introduction to Concurrent Data StructuresIntroduction to Concurrent Data Structures
Introduction to Concurrent Data StructuresDilum Bandara
 
Hard to Paralelize Problems: Matrix-Vector and Matrix-Matrix
Hard to Paralelize Problems: Matrix-Vector and Matrix-MatrixHard to Paralelize Problems: Matrix-Vector and Matrix-Matrix
Hard to Paralelize Problems: Matrix-Vector and Matrix-MatrixDilum Bandara
 
Introduction to Map-Reduce Programming with Hadoop
Introduction to Map-Reduce Programming with HadoopIntroduction to Map-Reduce Programming with Hadoop
Introduction to Map-Reduce Programming with HadoopDilum Bandara
 
Embarrassingly/Delightfully Parallel Problems
Embarrassingly/Delightfully Parallel ProblemsEmbarrassingly/Delightfully Parallel Problems
Embarrassingly/Delightfully Parallel ProblemsDilum Bandara
 
Introduction to Warehouse-Scale Computers
Introduction to Warehouse-Scale ComputersIntroduction to Warehouse-Scale Computers
Introduction to Warehouse-Scale ComputersDilum Bandara
 
Introduction to Thread Level Parallelism
Introduction to Thread Level ParallelismIntroduction to Thread Level Parallelism
Introduction to Thread Level ParallelismDilum Bandara
 
CPU Memory Hierarchy and Caching Techniques
CPU Memory Hierarchy and Caching TechniquesCPU Memory Hierarchy and Caching Techniques
CPU Memory Hierarchy and Caching TechniquesDilum Bandara
 
Data-Level Parallelism in Microprocessors
Data-Level Parallelism in MicroprocessorsData-Level Parallelism in Microprocessors
Data-Level Parallelism in MicroprocessorsDilum Bandara
 
Instruction Level Parallelism – Hardware Techniques
Instruction Level Parallelism – Hardware TechniquesInstruction Level Parallelism – Hardware Techniques
Instruction Level Parallelism – Hardware TechniquesDilum Bandara
 
Instruction Level Parallelism – Compiler Techniques
Instruction Level Parallelism – Compiler TechniquesInstruction Level Parallelism – Compiler Techniques
Instruction Level Parallelism – Compiler TechniquesDilum Bandara
 
CPU Pipelining and Hazards - An Introduction
CPU Pipelining and Hazards - An IntroductionCPU Pipelining and Hazards - An Introduction
CPU Pipelining and Hazards - An IntroductionDilum Bandara
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
High Performance Networking with Advanced TCP
High Performance Networking with Advanced TCPHigh Performance Networking with Advanced TCP
High Performance Networking with Advanced TCPDilum Bandara
 
Introduction to Content Delivery Networks
Introduction to Content Delivery NetworksIntroduction to Content Delivery Networks
Introduction to Content Delivery NetworksDilum Bandara
 
Peer-to-Peer Networking Systems and Streaming
Peer-to-Peer Networking Systems and StreamingPeer-to-Peer Networking Systems and Streaming
Peer-to-Peer Networking Systems and StreamingDilum Bandara
 

More from Dilum Bandara (20)

Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine Learning
 
Time Series Analysis and Forecasting in Practice
Time Series Analysis and Forecasting in PracticeTime Series Analysis and Forecasting in Practice
Time Series Analysis and Forecasting in Practice
 
Introduction to Dimension Reduction with PCA
Introduction to Dimension Reduction with PCAIntroduction to Dimension Reduction with PCA
Introduction to Dimension Reduction with PCA
 
Introduction to Descriptive & Predictive Analytics
Introduction to Descriptive & Predictive AnalyticsIntroduction to Descriptive & Predictive Analytics
Introduction to Descriptive & Predictive Analytics
 
Introduction to Concurrent Data Structures
Introduction to Concurrent Data StructuresIntroduction to Concurrent Data Structures
Introduction to Concurrent Data Structures
 
Hard to Paralelize Problems: Matrix-Vector and Matrix-Matrix
Hard to Paralelize Problems: Matrix-Vector and Matrix-MatrixHard to Paralelize Problems: Matrix-Vector and Matrix-Matrix
Hard to Paralelize Problems: Matrix-Vector and Matrix-Matrix
 
Introduction to Map-Reduce Programming with Hadoop
Introduction to Map-Reduce Programming with HadoopIntroduction to Map-Reduce Programming with Hadoop
Introduction to Map-Reduce Programming with Hadoop
 
Embarrassingly/Delightfully Parallel Problems
Embarrassingly/Delightfully Parallel ProblemsEmbarrassingly/Delightfully Parallel Problems
Embarrassingly/Delightfully Parallel Problems
 
Introduction to Warehouse-Scale Computers
Introduction to Warehouse-Scale ComputersIntroduction to Warehouse-Scale Computers
Introduction to Warehouse-Scale Computers
 
Introduction to Thread Level Parallelism
Introduction to Thread Level ParallelismIntroduction to Thread Level Parallelism
Introduction to Thread Level Parallelism
 
CPU Memory Hierarchy and Caching Techniques
CPU Memory Hierarchy and Caching TechniquesCPU Memory Hierarchy and Caching Techniques
CPU Memory Hierarchy and Caching Techniques
 
Data-Level Parallelism in Microprocessors
Data-Level Parallelism in MicroprocessorsData-Level Parallelism in Microprocessors
Data-Level Parallelism in Microprocessors
 
Instruction Level Parallelism – Hardware Techniques
Instruction Level Parallelism – Hardware TechniquesInstruction Level Parallelism – Hardware Techniques
Instruction Level Parallelism – Hardware Techniques
 
Instruction Level Parallelism – Compiler Techniques
Instruction Level Parallelism – Compiler TechniquesInstruction Level Parallelism – Compiler Techniques
Instruction Level Parallelism – Compiler Techniques
 
CPU Pipelining and Hazards - An Introduction
CPU Pipelining and Hazards - An IntroductionCPU Pipelining and Hazards - An Introduction
CPU Pipelining and Hazards - An Introduction
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
High Performance Networking with Advanced TCP
High Performance Networking with Advanced TCPHigh Performance Networking with Advanced TCP
High Performance Networking with Advanced TCP
 
Introduction to Content Delivery Networks
Introduction to Content Delivery NetworksIntroduction to Content Delivery Networks
Introduction to Content Delivery Networks
 
Peer-to-Peer Networking Systems and Streaming
Peer-to-Peer Networking Systems and StreamingPeer-to-Peer Networking Systems and Streaming
Peer-to-Peer Networking Systems and Streaming
 
Mobile Services
Mobile ServicesMobile Services
Mobile Services
 

Recently uploaded

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Moodle security

  • 1. Moodle Security Dilum Bandara, PhD Dept. of Computer Science & Engineering, University of Moratuwa Dilum.Bandara@uom.lk http://Dilum.Bandara.lk
  • 2. Security & Privacy in LMSs  Used by many trainers & trainees  Most of them aren’t technically savvy Can be accessible from anywhere, at any time, on many devices  Lost of features    Chat, forums, pools, quizzes, etc. Many internal threats   Motivation to alter grades Motivation to know others grades 2
  • 3. Outline Security review  Securing Moodle     Moodle server security Moodle site security Best practices 3
  • 4. Computer Security  Objective   To protect resources of your computer system Resources      Source – http://smallbusinessindia.intuit.in Physical assets Data & software Personnel Trust A computer system is secure if you can depend upon it to behave as you expect 4
  • 5. Sources of Threats  Outsiders     Hackers/crackers Associates (customers, contractors) Former employees Insiders  Users    Trainers & trainees System administrators Programmers Source – aztechnews.com Most incidents are due to insiders 5
  • 6. How to Attack a System?  By impersonating a valid user  A student impersonating another student   Wiretapping   Clear passwords Searching   Human engineering Simple (username, password) pairs By exploiting bugs/weaknesses in systems    Default, test, & miss configurations Unencrypted pages Targeted attacks  Buffer overflows, SQL injection attacks 6
  • 7. Possible Attacks on Moodle Tampering grades  Tampering assignment submission times  Accessing quizzes   Answers or access before allowed time Login as other users  Denial of Service (DoS) attacks  Session hijacking  SQL injection attacks  Cross-site scripting  7
  • 8. Goals in Security – CIA  Key aspects of a computer related security system Confidentiality Integrity Availability 8
  • 9. Achieving CIA  To achieve confidentiality, integrity, & availability, computer systems should provide      Identification Authentication Access control Accounting/Auditing Assurance 9
  • 10. Achieving Security, Privacy, & Trust  Access control     File & data control     Strong passwords & secure logins Minimum access Policies that address what, by whom, when Integrity & confidentiality Separation Backups & policies System protection    Firewalls, antivirus, intruder detection systems Frequent updates Minimal services – hardened servers 10
  • 11. Securing Moodle  Securing Moodle server   Server-level security (like any server on Internet) Securing Moodle site  Application-level security Source – http://www.altfire.ie/automaticserver-scans-with-security-reports/ Source – http://ifreecode.com/java/javatutorials/web-application-security 11
  • 12. Securing Moodle Server  Operating System       Linux or Windows Remove unwanted services Access rights Regular security updates Antivirus Secure Network   Firewall Intruder detection system 12
  • 13. Securing Moodle Server (Cont.)  Web Server    Enable https Load only required modules Access control  Moodle folder 700 (rwx------)files 600 (rw-------) Moodle data folder 750 (rwxr-x---)files 640 (rw-r-----)  Don’t place Moodle data folder on Web Root   e.g., not in www directory   Regular security updates Application-level firewalls   Blocks SQL injection attacks & cross-site scripting ModSecurity (www.modsecurity.org) for Apache, IIS, & NGINX 13
  • 14. Securing Moodle Server (Cont.)  PHP & MySQL   Regular updates phpMyAdmin (www.phpmyadmin.net)    No default password Block outside local network MySQL   Use root user password Turn off network access – if database in same server as Moodle 14
  • 15. Securing Moodle Site  Force users to login     Turn off user self-registration   Use registration with a key if it’s the only option Minimum access   Disable guest access If really needed, use guest access with a key Enable Captcha Some may be a student/instructor/administrator at the same time Strong password   8+ characters, lower/upper case, numbers, symbols Frequently update 15
  • 16. Securing Moodle Site (Cont.)  Load only required services/plug-ins  Disable opentogoogle if not essential  Public trainer/trainee profiles Regular updates  Update via Git  Backup at all levels   Data backup      Course backups Moodle data folder SQL data Server backup Moodle software & configuration backup 16
  • 17. Monitoring, Accounting, & Auditing  Moodle  Moodle log      My courses  Course Name  Reports Logs, Activity, Participant report Moodle statistics PHP log Web server Source – http://binarymuse.g ithub.io/moodle-tools/  Server log Server statistics  /usr/local/apache/logs, /var/log/apache or /var/log/httpd   Operating system log    /var/log/syslog, /var/log/messages Firewall & intruder detection system log Use log analysis tools 17
  • 18. Best Practices Security first  Minimum access  Enforce login  Use https  Don't use any module just because it's available  Use mailing lists to stay updated  Use forums to find out about modules  18
  • 19. Resources  Mailing lists      Forums & web sites      Moodle – https://moodle.org/security/ PHP – http://php.net/mailing-lists.php MySQL – http://lists.mysql.com/ Apache – http://httpd.apache.org/lists.html https://moodle.org/mod/forum/ http://www.moodlenews.com/tag/security/ http://www.inmotionhosting.com/support/edu/moodle/moodle-site-security http://krypted.com/mac-security/moodle-security/ Other    http://www.inmotionhosting.com/support/edu/moodle http://www.slideshare.net/moorejon/securing-your-moodle “Moodle Security” by Darko Miletić 19