Details zum E-Book

Moodle Security. Learn how to install and configure Moodle in the most secure way possible

Moodle Security. Learn how to install and configure Moodle in the most secure way possible

Moodle Trust, Darko Miletic

E-book
  • Moodle Security
    • Table of Contents
    • Moodle Security
    • Credits
    • About the Author
    • About the Reviewers
    • www.PacktPub.com
      • Support files, eBooks, discount offers, and more
        • Why Subscribe?
        • Free Access for Packt account holders
    • Preface
      • What this book covers
      • Who this book is for
      • Conventions
      • Reader feedback
      • Customer support
        • Errata
        • Piracy
        • Questions
    • 1. Delving into the World of Security
      • Moodle and security
        • Weak points
      • The secure installation of Moodle
        • Starting from scratch
          • Installation checklist
      • Quickly securing Moodle
        • Review the Moodle security overview report
      • Summary
    • 2. Securing Your Server Linux
      • Securing your Linuxthe basics
        • Firewall
        • User accounts and passwords
        • Removing unnecessary software packages
        • Patching
      • Apache configuration
        • Where to start
        • Directory browsing
        • Load only a minimal number of modules
        • Install and configure ModSecurity
      • MySQL configuration
      • PHP configuration
        • Installation
      • File security permissions
        • Discretionary Access ControlDAC
          • Directory permissions
        • Access Control Lists
        • Mandatory Access Control (MAC)
      • Adequate location for a Moodle installation
      • How to secure Moodle files
        • DAC
        • ACL
      • Summary
    • 3. Securing Your ServerWindows
      • Securing Windowsthe basics
        • Firewall
        • Keeping OS updated
          • Configuring Windows update
        • Anti-virus
        • New security model
      • File security permissions
        • Adequate location for Moodle installation
      • Installing and securing PHP under Internet Information Server
        • Preparing IIS
        • Getting the right version of PHP
        • Configuring php.ini
        • Adding PHP to the IIS
          • Creating Application pool
          • Create new website
          • Adding PHP mapping
      • Securing MySQL
        • MySQL configuration wizard
        • Configure MySQL service to run under low/privileged user
          • Create a mysql account
      • Summary
    • 4. Authentication
      • Basics of authentication
        • Logon procedure
      • Common authentication attacks
        • Weak passwords
        • Enforcing a good password policy
        • Protecting user logon
          • Closing the security breach
        • Password change
          • Recover a forgotten password
            • Preventing a potential security risk
            • Securing user profile fields
        • User model in Moodle
      • Authentication types in Moodle
        • Manual accounts
        • E-mail based self-registration
          • Specifying allowed or denied e-mail domains
          • Captcha
          • Session hijacking
        • No login
      • Summary
    • 5. Roles and Permissions
      • Roles and capabilities
        • Capability
        • Context
        • Permissions
        • Role
        • How it all fits together
      • Standard Moodle roles
      • Customizing roles
        • Overriding roles
      • Best practices
        • Risky capabilities
      • Summary
    • 6. Protection Against Bots
      • Internet bots
        • Search engine content indexing
        • Harvesting email addresses
        • Website scraping
        • Spam generators
      • Protecting Moodle from unwanted search bots
        • Search engines
        • Moodle and search engines
        • Moodle access check
      • Protection against spam bots
        • User profiles
        • E-mail-based self-registration
        • User blogs
        • Moodle messaging system
        • Cleaning up spam
      • Protection against brute force attacks
      • Summary
    • 7. Securing User Files
      • Uploading files into Moodle
        • How Moodle stores files
        • Points of submitting user files
          • WYSIWYG HTMLArea editor
          • Upload single file simple/advanced assignment
          • Forum
          • Database activity
      • Dangers and pitfalls
        • Classic viruses
        • Macro viruses
          • Applying protection measures
            • Disable WYSIWIG editor if you do not need it
            • Enable file upload in forums only when you really need it
      • Anti-virus and Moodle
        • ClamAV on Linux
          • Configuring Moodle
        • ClamAV on Windows
          • Downloading
          • Configuring clamd service
          • Setting up virus signature database update
          • Scheduling updates
          • Final steps
      • Summary
    • 8. Securing Moodle Data
      • User information protection
        • User profile page
          • Reaching profile page
            • People block
            • Forum topics
            • Messaging system
          • Protecting user profile information
            • Limit information exposed to all users
            • Completely block ability to view profiles
              • Disable View participants capability
              • Hide messaging system
              • Disable Messaging system
              • Not using general forums
              • Disable View user profiles capability
      • Course information protection
        • Course backups
          • Important information for users of Moodle prior to 1.9.7
            • Password hashes and salt
            • Enable password policy
            • Enable password salt
            • Disable teachers ability to back up and restore courses
          • Security issues with course backups
          • Scheduled backups
      • Summary
    • 9. Monitoring User Activity
      • Activity monitoring using Moodle tools
        • Moodle log
        • Accessing the Moodle reports
        • Logs report
          • IP address look up page setup
          • Configuring Moodle to use GeoIP database
        • Live Logs report
        • Statistics report
        • Moodle cron
          • Moodle cron on Windows
          • Moodle cron on Linux
          • Enabling statistics report
      • Activity monitoring using OS native tools
        • Linux
          • Server load
          • Disk space
          • Web server load
          • Web server statistics
            • Configuring The Webalizer
        • Windows
          • Server load
            • Task manager
            • Performance and Reliability Monitor
            • The Webalizer on Windows
      • Summary
    • 10. Backup
      • Importance of backup
      • Backup tools in Moodle
        • Manual backup
        • Automatic backup
          • Content export options for automatic backup
          • Execution configuration options
          • When to use Moodle automated backup
      • Site backup
        • Database
          • Server log
            • Linux
            • Windows
          • Automating database backupLinux
            • Backup script explanation
          • Automating database backupWindows
          • Restoring database
        • Moodledata directory
          • Linux
          • Windows
        • Moodle directory
      • Disaster recovery scenario
      • Summary
    • A. Authentication Plugins
      • Plugins less common in production servers
        • LDAP server
          • Configuring LDAP PHP extension
        • CAS server
        • FirstClass server
        • IMAP server
        • Moodle network authentication
        • NNTP server
        • No authentication
        • PAM (Pluggable Authentication Modules)
        • POP3 server
        • Shibboleth
        • Radius
      • Summary
    • Index
  • Titel: Moodle Security. Learn how to install and configure Moodle in the most secure way possible
  • Autor: Moodle Trust, Darko Miletic
  • Originaler Titel: Moodle Security. Learn how to install and configure Moodle in the most secure way possible
  • ISBN: 9781849512657, 9781849512657
  • Veröffentlichungsdatum: 2011-02-10
  • Format: E-book
  • Artikelkennung: e_3cv1
  • Verleger: Packt Publishing