SlideShare a Scribd company logo

Securing Moodle LMS

A
Alena Zalejská

This document discusses security considerations for the Moodle learning management system (LMS). It outlines how Moodle contains valuable user and course data that needs protection. An information security management system (ISMS) is crucial for applying security policies to identify protected assets, threats, vulnerabilities, and risks. Security involves securing the physical infrastructure that hosts Moodle, as well as technical measures within Moodle like access controls, encryption, authentication, and monitoring. Partnering with an experienced Moodle certified partner can help ensure a secure implementation.

Software
1 of 14
Security in LMS Moodle Ing. Libor Soška Mgr. Michal Bajer 1
PragoData Consulting We are the certificate Moodle partner How we could help you with Moodle? • Analytic and consulting services, solution design, project management • Graphics, Moodle template, responsive design • Upgrade or unification Moodle for Schools • Customization and extension development for peace • System integration • Training accredited by the Ministry of Education, creating tailor-made courses • Hosting, operation, user support, outsourcing Moodle 23. 5. 2016, EUNIS 2016 2PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle LMS Moodle • One of the most widespread systems in the world LMS • Application across organizations of various types • It Contains valuable asset • User data • The progress and results of the study, stamps, badges • Courses that contain high value • Quiz bank  Security threats, effort on disposal of assets  The need to integrate Moodle in the ISMS 23. 5. 2016, EUNIS 2016 3PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Information Security Management System (ISMS) • Crucial for the application of security policy within the organization • Identification of assets that should be protected • Identification of threats and vulnerabilities • Assessment of the risk • Impact analysis • Design and implementation of measures 23. 5. 2016, EUNIS 2016 4PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Levels of information security LMS Moodle • IS security must be understood comprehensively • Object security • Safety operational infrastructure • Security of LMS Moodle 23. 5. 2016, EUNIS 2016 5PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Object security • Independence of Moodle in operational infrastructure • Solutions of object´s security • Location data centers outside the flood area • Access system for authorization of persons • Fire and extinguishing system • Redundant power supplies, redundancy • Dust-free, constant temperature and humidity zero rate • Cooling system, backup cooling 23. 5. 2016, EUNIS 2016 6PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Security of operationaly infrastructure • LMS Moodle is multiplatform system • The benefits of virtualization, not only in terms of safety • Backup • Mostly non-critical system • Incremental backups / full backups • DB, Moodledata, source codes • storing backups 23. 5. 2016, EUNIS 2016 7PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Security in LMS Moodle • Setting permissions on files and directories • Moodledata directory must be accessible over the web • Web server must not have the right to write to the source directory • Database accessible only from the localhost • The server runs only the necessary services • Updates, patches • Access to stored files only through API 23. 5. 2016, EUNIS 2016 8PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Security in LMS Moodle • Actuality of system • Lifecycle support period and version • Every six months a new version, support for 12 months. + 6 months • Encryption of communication • Thin client – server => HTTPS • Passwords security • One-way function using the so-called salt (64 characters) • Setting password strength rules • The escalation of efforts to "guess" passwords 23. 5. 2016, EUNIS 2016 9PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Security in LMS Moodle • Authentication methods • LDAP, MS AD, Shibboleth, RADIUS, CAS • plugins for more-factor authentication • SSO • E.G. over AD - NTLM, Kerberos or Shibboleth • Alternatively, custom development • Protecting e-mail address • Protect forms – Captcha • In GUI Moodle assembly "Security Overview" 23. 5. 2016, EUNIS 2016 10PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Monitoring • Monitoring over IPS / IDS • Monitoring of servers (Zabbix, Cacti, Nagios) • Monitoring of user´s activity in LMS Moodle • Log of changes of Moodle settings • Detail log of each access to Moodle • Logs could be shown in different storage 23. 5. 2016, EUNIS 2016 11PragoData Consulting, s.r.o. www.moodlepartner.cz
Why Moodle with PragoData? • The benefits of Certified Partnership • Strong and stable company with an experienced team • Experience with the development and implementation of complex solutions (Oriflame - more than 500 thousand users, VW SK, CSI, Vysocina Region ...) • Commitment to sustainability solutions • Experience with integration with many other systems • Synergistic use of the experience with other activities PDC - consulting services and Web applications, Web IS, web graphics and 3D animation 1223. 5. 2016, EUNIS 2016 PragoData Consulting, s.r.o.
Conference MoodleMoot.cz 2016 1323. 5. 2016, EUNIS 2016 PragoData Consulting, s.r.o.
Thank you for your attention Ing. Libor Soška libor.soska@pragodata.cz www.moodlemoot.cz www.moodlepartner.cz www.pragodata.cz 14

Recommended

About LMS Moodle
About LMS MoodleAbout LMS Moodle
About LMS Moodlefaiza
 
Interactive Scotland Client Base Infographic
Interactive Scotland Client Base InfographicInteractive Scotland Client Base Infographic
Interactive Scotland Client Base InfographicInteractive Scotland
 
Moodle as an Add-on LMS
Moodle as an Add-on LMSMoodle as an Add-on LMS
Moodle as an Add-on LMSCommLab India – Rapid eLearning Solutions
 
Leveraging Your LMS to Meet Organizational Goals
Leveraging Your LMS to Meet Organizational GoalsLeveraging Your LMS to Meet Organizational Goals
Leveraging Your LMS to Meet Organizational GoalsLambda Solutions
 
Future of Animation, design, visual effects Industry
Future of Animation, design, visual effects IndustryFuture of Animation, design, visual effects Industry
Future of Animation, design, visual effects IndustrySumit Kumar Diwan
 
Designing Meaningful Animation - AIGA Design Camp 2015
Designing Meaningful Animation - AIGA Design Camp 2015Designing Meaningful Animation - AIGA Design Camp 2015
Designing Meaningful Animation - AIGA Design Camp 2015Val Head
 
Moodle LMS Overview
Moodle LMS OverviewMoodle LMS Overview
Moodle LMS OverviewSteve Rayson
 
نظام إدارة التعلم الالكتروني Moodle lms
نظام إدارة التعلم الالكتروني Moodle lms نظام إدارة التعلم الالكتروني Moodle lms
نظام إدارة التعلم الالكتروني Moodle lmsAli Alshourbagy
 

Recommended

About LMS Moodle
About LMS MoodleAbout LMS Moodle
About LMS Moodlefaiza
 
Interactive Scotland Client Base Infographic
Interactive Scotland Client Base InfographicInteractive Scotland Client Base Infographic
Interactive Scotland Client Base InfographicInteractive Scotland
 
Moodle as an Add-on LMS
Moodle as an Add-on LMSMoodle as an Add-on LMS
Moodle as an Add-on LMSCommLab India – Rapid eLearning Solutions
 
Leveraging Your LMS to Meet Organizational Goals
Leveraging Your LMS to Meet Organizational GoalsLeveraging Your LMS to Meet Organizational Goals
Leveraging Your LMS to Meet Organizational GoalsLambda Solutions
 
Future of Animation, design, visual effects Industry
Future of Animation, design, visual effects IndustryFuture of Animation, design, visual effects Industry
Future of Animation, design, visual effects IndustrySumit Kumar Diwan
 
Designing Meaningful Animation - AIGA Design Camp 2015
Designing Meaningful Animation - AIGA Design Camp 2015Designing Meaningful Animation - AIGA Design Camp 2015
Designing Meaningful Animation - AIGA Design Camp 2015Val Head
 
Moodle LMS Overview
Moodle LMS OverviewMoodle LMS Overview
Moodle LMS OverviewSteve Rayson
 
نظام إدارة التعلم الالكتروني Moodle lms
نظام إدارة التعلم الالكتروني Moodle lms نظام إدارة التعلم الالكتروني Moodle lms
نظام إدارة التعلم الالكتروني Moodle lmsAli Alshourbagy
 
Golden Krishna – The Best Interface is No Interface
Golden Krishna – The Best Interface is No InterfaceGolden Krishna – The Best Interface is No Interface
Golden Krishna – The Best Interface is No InterfaceinUse
 
How to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s ProductivityHow to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s ProductivityKissmetrics on SlideShare
 
Learning Process Theories
Learning Process Theories Learning Process Theories
Learning Process Theories Malyn Singson
 
PPT Presentation on Facebook.com
PPT Presentation on Facebook.comPPT Presentation on Facebook.com
PPT Presentation on Facebook.comKrishan Majumder
 
Teaching and Learning Process
Teaching and Learning ProcessTeaching and Learning Process
Teaching and Learning ProcessJaser Daher
 
How to make effective presentation
How to make effective presentationHow to make effective presentation
How to make effective presentationSatyajeet Singh
 
Introduction to Moodle, myths and truths, perspectives for institues
Introduction to Moodle, myths and truths, perspectives for instituesIntroduction to Moodle, myths and truths, perspectives for institues
Introduction to Moodle, myths and truths, perspectives for instituesMangesh Wagh
 
Moodle - an industry perspective, how to use & myths
Moodle - an industry perspective, how to use & mythsMoodle - an industry perspective, how to use & myths
Moodle - an industry perspective, how to use & mythsSigny IT Solutions Pvt ltd
 
Open Badges for Learning Environments
Open Badges for Learning EnvironmentsOpen Badges for Learning Environments
Open Badges for Learning EnvironmentsEducational Technology
 
Enabling e labs experiments delivery using Moodle LMS
Enabling e labs experiments delivery using Moodle LMSEnabling e labs experiments delivery using Moodle LMS
Enabling e labs experiments delivery using Moodle LMSMohamed EL Zayat
 
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...Concept Searching, Inc
 
Introduction lecture2 to moodle
Introduction lecture2 to moodleIntroduction lecture2 to moodle
Introduction lecture2 to moodledaliaMaher2
 
Open edX for Corporate Learning - Open edX Conference 2016
Open edX for Corporate Learning - Open edX Conference 2016Open edX for Corporate Learning - Open edX Conference 2016
Open edX for Corporate Learning - Open edX Conference 2016Appsembler
 
Company Profile
Company ProfileCompany Profile
Company ProfileAdiante
 
CanCred Factory: A Badging Platform for Canada
CanCred Factory: A Badging Platform for CanadaCanCred Factory: A Badging Platform for Canada
CanCred Factory: A Badging Platform for CanadaDon Presant
 
7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP 7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP Lambda Solutions
 
Cloud Computing & Privacy Protection
Cloud Computing & Privacy ProtectionCloud Computing & Privacy Protection
Cloud Computing & Privacy ProtectionIgor Zboran
 
top 5 ways sharepoint can help your business
top 5 ways sharepoint can help your businesstop 5 ways sharepoint can help your business
top 5 ways sharepoint can help your businessMcOWLMarketing
 
Beyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at ScaleBeyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at ScaleCharles Severance
 
The LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt BeerThe LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt BeerKeith Landa
 
Looking after the Open University's Moodle
Looking after the Open University's MoodleLooking after the Open University's Moodle
Looking after the Open University's MoodleTim Hunt
 
Learning Management System (LMS).pptx
Learning Management System (LMS).pptxLearning Management System (LMS).pptx
Learning Management System (LMS).pptxvidhyavs9
 

More Related Content

Viewers also liked

Golden Krishna – The Best Interface is No Interface
Golden Krishna – The Best Interface is No InterfaceGolden Krishna – The Best Interface is No Interface
Golden Krishna – The Best Interface is No InterfaceinUse
 
How to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s ProductivityHow to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s ProductivityKissmetrics on SlideShare
 
Learning Process Theories
Learning Process Theories Learning Process Theories
Learning Process Theories Malyn Singson
 
PPT Presentation on Facebook.com
PPT Presentation on Facebook.comPPT Presentation on Facebook.com
PPT Presentation on Facebook.comKrishan Majumder
 
Teaching and Learning Process
Teaching and Learning ProcessTeaching and Learning Process
Teaching and Learning ProcessJaser Daher
 
How to make effective presentation
How to make effective presentationHow to make effective presentation
How to make effective presentationSatyajeet Singh
 

Viewers also liked (6)

Golden Krishna – The Best Interface is No Interface
Golden Krishna – The Best Interface is No InterfaceGolden Krishna – The Best Interface is No Interface
Golden Krishna – The Best Interface is No Interface
 
How to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s ProductivityHow to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s Productivity
 
Learning Process Theories
Learning Process Theories Learning Process Theories
Learning Process Theories
 
PPT Presentation on Facebook.com
PPT Presentation on Facebook.comPPT Presentation on Facebook.com
PPT Presentation on Facebook.com
 
Teaching and Learning Process
Teaching and Learning ProcessTeaching and Learning Process
Teaching and Learning Process
 
How to make effective presentation
How to make effective presentationHow to make effective presentation
How to make effective presentation
 

Similar to Securing Moodle LMS

Introduction to Moodle, myths and truths, perspectives for institues
Introduction to Moodle, myths and truths, perspectives for instituesIntroduction to Moodle, myths and truths, perspectives for institues
Introduction to Moodle, myths and truths, perspectives for instituesMangesh Wagh
 
Moodle - an industry perspective, how to use & myths
Moodle - an industry perspective, how to use & mythsMoodle - an industry perspective, how to use & myths
Moodle - an industry perspective, how to use & mythsSigny IT Solutions Pvt ltd
 
Enabling e labs experiments delivery using Moodle LMS
Enabling e labs experiments delivery using Moodle LMSEnabling e labs experiments delivery using Moodle LMS
Enabling e labs experiments delivery using Moodle LMSMohamed EL Zayat
 
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...Concept Searching, Inc
 
Introduction lecture2 to moodle
Introduction lecture2 to moodleIntroduction lecture2 to moodle
Introduction lecture2 to moodledaliaMaher2
 
Open edX for Corporate Learning - Open edX Conference 2016
Open edX for Corporate Learning - Open edX Conference 2016Open edX for Corporate Learning - Open edX Conference 2016
Open edX for Corporate Learning - Open edX Conference 2016Appsembler
 
Company Profile
Company ProfileCompany Profile
Company ProfileAdiante
 
CanCred Factory: A Badging Platform for Canada
CanCred Factory: A Badging Platform for CanadaCanCred Factory: A Badging Platform for Canada
CanCred Factory: A Badging Platform for CanadaDon Presant
 
7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP 7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP Lambda Solutions
 
Cloud Computing & Privacy Protection
Cloud Computing & Privacy ProtectionCloud Computing & Privacy Protection
Cloud Computing & Privacy ProtectionIgor Zboran
 
top 5 ways sharepoint can help your business
top 5 ways sharepoint can help your businesstop 5 ways sharepoint can help your business
top 5 ways sharepoint can help your businessMcOWLMarketing
 
Beyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at ScaleBeyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at ScaleCharles Severance
 
The LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt BeerThe LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt BeerKeith Landa
 
Looking after the Open University's Moodle
Looking after the Open University's MoodleLooking after the Open University's Moodle
Looking after the Open University's MoodleTim Hunt
 
Learning Management System (LMS).pptx
Learning Management System (LMS).pptxLearning Management System (LMS).pptx
Learning Management System (LMS).pptxvidhyavs9
 
One name unify them all
One name unify them allOne name unify them all
One name unify them allBizTalk360
 
2013_Digital learning V3
2013_Digital learning V32013_Digital learning V3
2013_Digital learning V3Randhir Mishra
 
June 2020 Microsoft 365 Need to Know Webinar
June 2020 Microsoft 365 Need to Know WebinarJune 2020 Microsoft 365 Need to Know Webinar
June 2020 Microsoft 365 Need to Know WebinarRobert Crane
 

Similar to Securing Moodle LMS (20)

Introduction to Moodle, myths and truths, perspectives for institues
Introduction to Moodle, myths and truths, perspectives for instituesIntroduction to Moodle, myths and truths, perspectives for institues
Introduction to Moodle, myths and truths, perspectives for institues
 
Moodle - an industry perspective, how to use & myths
Moodle - an industry perspective, how to use & mythsMoodle - an industry perspective, how to use & myths
Moodle - an industry perspective, how to use & myths
 
Open Badges for Learning Environments
Open Badges for Learning EnvironmentsOpen Badges for Learning Environments
Open Badges for Learning Environments
 
Enabling e labs experiments delivery using Moodle LMS
Enabling e labs experiments delivery using Moodle LMSEnabling e labs experiments delivery using Moodle LMS
Enabling e labs experiments delivery using Moodle LMS
 
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
 
Introduction lecture2 to moodle
Introduction lecture2 to moodleIntroduction lecture2 to moodle
Introduction lecture2 to moodle
 
Open edX for Corporate Learning - Open edX Conference 2016
Open edX for Corporate Learning - Open edX Conference 2016Open edX for Corporate Learning - Open edX Conference 2016
Open edX for Corporate Learning - Open edX Conference 2016
 
Company Profile
Company ProfileCompany Profile
Company Profile
 
CanCred Factory: A Badging Platform for Canada
CanCred Factory: A Badging Platform for CanadaCanCred Factory: A Badging Platform for Canada
CanCred Factory: A Badging Platform for Canada
 
7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP 7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP
 
Cloud Computing & Privacy Protection
Cloud Computing & Privacy ProtectionCloud Computing & Privacy Protection
Cloud Computing & Privacy Protection
 
top 5 ways sharepoint can help your business
top 5 ways sharepoint can help your businesstop 5 ways sharepoint can help your business
top 5 ways sharepoint can help your business
 
Beyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at ScaleBeyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at Scale
 
The LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt BeerThe LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt Beer
 
Looking after the Open University's Moodle
Looking after the Open University's MoodleLooking after the Open University's Moodle
Looking after the Open University's Moodle
 
Learning Management System (LMS).pptx
Learning Management System (LMS).pptxLearning Management System (LMS).pptx
Learning Management System (LMS).pptx
 
ePortfolios and Mahara
ePortfolios and MaharaePortfolios and Mahara
ePortfolios and Mahara
 
One name unify them all
One name unify them allOne name unify them all
One name unify them all
 
2013_Digital learning V3
2013_Digital learning V32013_Digital learning V3
2013_Digital learning V3
 
June 2020 Microsoft 365 Need to Know Webinar
June 2020 Microsoft 365 Need to Know WebinarJune 2020 Microsoft 365 Need to Know Webinar
June 2020 Microsoft 365 Need to Know Webinar
 

Recently uploaded

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 

Recently uploaded (20)

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 

Securing Moodle LMS

  • 1. Security in LMS Moodle Ing. Libor Soška Mgr. Michal Bajer 1
  • 2. PragoData Consulting We are the certificate Moodle partner How we could help you with Moodle? • Analytic and consulting services, solution design, project management • Graphics, Moodle template, responsive design • Upgrade or unification Moodle for Schools • Customization and extension development for peace • System integration • Training accredited by the Ministry of Education, creating tailor-made courses • Hosting, operation, user support, outsourcing Moodle 23. 5. 2016, EUNIS 2016 2PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 3. Security in LMS Moodle LMS Moodle • One of the most widespread systems in the world LMS • Application across organizations of various types • It Contains valuable asset • User data • The progress and results of the study, stamps, badges • Courses that contain high value • Quiz bank  Security threats, effort on disposal of assets  The need to integrate Moodle in the ISMS 23. 5. 2016, EUNIS 2016 3PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 4. Security in LMS Moodle Information Security Management System (ISMS) • Crucial for the application of security policy within the organization • Identification of assets that should be protected • Identification of threats and vulnerabilities • Assessment of the risk • Impact analysis • Design and implementation of measures 23. 5. 2016, EUNIS 2016 4PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 5. Security in LMS Moodle Levels of information security LMS Moodle • IS security must be understood comprehensively • Object security • Safety operational infrastructure • Security of LMS Moodle 23. 5. 2016, EUNIS 2016 5PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 6. Security in LMS Moodle Object security • Independence of Moodle in operational infrastructure • Solutions of object´s security • Location data centers outside the flood area • Access system for authorization of persons • Fire and extinguishing system • Redundant power supplies, redundancy • Dust-free, constant temperature and humidity zero rate • Cooling system, backup cooling 23. 5. 2016, EUNIS 2016 6PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 7. Security in LMS Moodle Security of operationaly infrastructure • LMS Moodle is multiplatform system • The benefits of virtualization, not only in terms of safety • Backup • Mostly non-critical system • Incremental backups / full backups • DB, Moodledata, source codes • storing backups 23. 5. 2016, EUNIS 2016 7PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 8. Security in LMS Moodle Security in LMS Moodle • Setting permissions on files and directories • Moodledata directory must be accessible over the web • Web server must not have the right to write to the source directory • Database accessible only from the localhost • The server runs only the necessary services • Updates, patches • Access to stored files only through API 23. 5. 2016, EUNIS 2016 8PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 9. Security in LMS Moodle Security in LMS Moodle • Actuality of system • Lifecycle support period and version • Every six months a new version, support for 12 months. + 6 months • Encryption of communication • Thin client – server => HTTPS • Passwords security • One-way function using the so-called salt (64 characters) • Setting password strength rules • The escalation of efforts to "guess" passwords 23. 5. 2016, EUNIS 2016 9PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 10. Security in LMS Moodle Security in LMS Moodle • Authentication methods • LDAP, MS AD, Shibboleth, RADIUS, CAS • plugins for more-factor authentication • SSO • E.G. over AD - NTLM, Kerberos or Shibboleth • Alternatively, custom development • Protecting e-mail address • Protect forms – Captcha • In GUI Moodle assembly "Security Overview" 23. 5. 2016, EUNIS 2016 10PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 11. Security in LMS Moodle Monitoring • Monitoring over IPS / IDS • Monitoring of servers (Zabbix, Cacti, Nagios) • Monitoring of user´s activity in LMS Moodle • Log of changes of Moodle settings • Detail log of each access to Moodle • Logs could be shown in different storage 23. 5. 2016, EUNIS 2016 11PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 12. Why Moodle with PragoData? • The benefits of Certified Partnership • Strong and stable company with an experienced team • Experience with the development and implementation of complex solutions (Oriflame - more than 500 thousand users, VW SK, CSI, Vysocina Region ...) • Commitment to sustainability solutions • Experience with integration with many other systems • Synergistic use of the experience with other activities PDC - consulting services and Web applications, Web IS, web graphics and 3D animation 1223. 5. 2016, EUNIS 2016 PragoData Consulting, s.r.o.
  • 13. Conference MoodleMoot.cz 2016 1323. 5. 2016, EUNIS 2016 PragoData Consulting, s.r.o.
  • 14. Thank you for your attention Ing. Libor Soška libor.soska@pragodata.cz www.moodlemoot.cz www.moodlepartner.cz www.pragodata.cz 14

Editor's Notes

  1. Díky rozšířenosti a opensource vyšší šance na odhalení bezpečnostních problémů nachází uplatnění v mnoha typech organizací počínaje veřejnou správou (ministerstva, kraje, obce, jimi zřizované nebo zakládané organizace), školství (VŠ, SŠ a ZŠ), komerční firmy působící v nejrůznějších oborech a sektorech trhu. ISMS - systém řízení bezpečnosti informací
  2. LMS Moodle tak, jako každý jiný informační systém ve společnosti, obsahuje informace, data a další cenná aktiva. Jeho začlenění do systému řízení bezpečnosti informací (ISMS), by tedy mělo být samozřejmostí.
  3. O informační bezpečností LMS Moodle lze hovořit ve třech základních rovinách, přičemž všechny tyto roviny musí být součástí bezpečnostní politiky organizace, jsou jimi:
  4. Objektová bezpečnost řeší ochranu a oprávnění k přístupu k objektu, k HW infrastruktuře – Zcizení železa jako takového Provoz moodle jak na fyzickém železe, tak ve virtualizované infrastruktuře, tak cloudové prostředí. Jak „In-house“ datové centra, tak specializované „serverhousingy“.
  5. MS Windows i Linux – nutné držet v aktualizovaném stavu DB MS SQL, MySQL, Postgre, mariaDB virtualizace serverů - poskytuje vyšší efektivitu využití HW při současném snížení nákladů Možnost Clusteringu Snadné zálohování a snímkování Provoz LMS Moodle na virtuálním dedikovaném serveru, na kterém neběží žádné jiné webové prezentace či jiné projekty, eliminuje rizika sdíleného hostingu s agregací. zálohování jednou denně inkrementální záloha a jednou týdně úplná image celého virtuálního serveru Ukládání záloh – jiný server, NAS, geograficky oddělená lokalita
  6. Soubory vložené do Moodle nejsou dostupné přímo, díky tomu nikdy neexistuje URL např. k nějakému docx dokumentu, ale vždy je soubor vrácen skrze Moodle až po ověření, zda daný uživatel k souborů má mít přístup – tedy zda je autentizován a autorizován
  7. LMS Moodle je léty prověřen silnou komunitou a dlouhodobým vývojem, stabilně testován a laděn, čímž jsou bezpečnostní rizika minimalizována. Vývojáři LMS Moodle kladou velký důraz na bezpečnost kódu. Nejen, že publikují známé bezpečnostní chyby, ale i jejich řešení a opravné balíčky. SSL by mělo být v dnešní době standardem, veškerou komunikaci mezi klientem a aplikačním serverem Moodle lze šifrovat, zamezení Phishingu a především SSL chrání proti odposlechnutí komunikace – tedy útočník nemá možnost odchytit např. jméno/heslo uživatele, který se právě přihlašuje. Amatéři útočí na systémy, profesionálové útočí na lidi. Solení hesel – všechna hesla mají stejnou délku 64 znaků, dvě stejná hesla=různé hashe Lze nastavit počet pokusů, po kterých odejde SuperAdminovi info, že se něco děje
  8. ochrana e-mailových adres pomocí JavaScriptu znemožňujícím vyčíst emailové adresy ve zdrojovém kódu stránky. Při SSO řešení není potřeba do Moodle zadávat jméno/heslo Sestava „Přehled zabezpečení“ – zobrazuje základní info typu, zda je povolen výpis PHP chyb, zapisovatelný soubor config.php, registrace bez ověření, potvrzení změny e-mailové adresy, … Lze to brát jako kontrola nejzákladnějších nastavení
  9. Intrusion Detection/Prevention Systém Lze dohledat, kdo a jakou změnu v nastavení udělal Z logu je vidět, kdo, kdy co + info typu IP adresa V rámci GUI Moodle se lze dostat k logů v rámci Sestav a to konkrétně – Protokoly – vidět jednotlivé „akce“ uživatele Změny nastavení Aktuální protokoly – onlinmožné e zobrazovaní přístupů Logy se ukládají do db – je zvolit jinou db, než do které je Moodle nainstalován