SlideShare a Scribd company logo

Pdc eunis 2016_en

A
Alena Zalejská

This document discusses security considerations for the Moodle learning management system (LMS). It outlines how Moodle contains valuable user and course data that needs protection. An information security management system (ISMS) is crucial for applying security policies to identify protected assets, threats, vulnerabilities, and risks. Security involves securing the physical infrastructure that hosts Moodle, as well as technical measures within Moodle like access controls, encryption, authentication, and monitoring. Partnering with an experienced Moodle certified partner can help ensure a secure implementation.

Software
1 of 14
Security in LMS Moodle Ing. Libor Soška Mgr. Michal Bajer 1
PragoData Consulting We are the certificate Moodle partner How we could help you with Moodle? • Analytic and consulting services, solution design, project management • Graphics, Moodle template, responsive design • Upgrade or unification Moodle for Schools • Customization and extension development for peace • System integration • Training accredited by the Ministry of Education, creating tailor-made courses • Hosting, operation, user support, outsourcing Moodle 23. 5. 2016, EUNIS 2016 2PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle LMS Moodle • One of the most widespread systems in the world LMS • Application across organizations of various types • It Contains valuable asset • User data • The progress and results of the study, stamps, badges • Courses that contain high value • Quiz bank  Security threats, effort on disposal of assets  The need to integrate Moodle in the ISMS 23. 5. 2016, EUNIS 2016 3PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Information Security Management System (ISMS) • Crucial for the application of security policy within the organization • Identification of assets that should be protected • Identification of threats and vulnerabilities • Assessment of the risk • Impact analysis • Design and implementation of measures 23. 5. 2016, EUNIS 2016 4PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Levels of information security LMS Moodle • IS security must be understood comprehensively • Object security • Safety operational infrastructure • Security of LMS Moodle 23. 5. 2016, EUNIS 2016 5PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Object security • Independence of Moodle in operational infrastructure • Solutions of object´s security • Location data centers outside the flood area • Access system for authorization of persons • Fire and extinguishing system • Redundant power supplies, redundancy • Dust-free, constant temperature and humidity zero rate • Cooling system, backup cooling 23. 5. 2016, EUNIS 2016 6PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Security of operationaly infrastructure • LMS Moodle is multiplatform system • The benefits of virtualization, not only in terms of safety • Backup • Mostly non-critical system • Incremental backups / full backups • DB, Moodledata, source codes • storing backups 23. 5. 2016, EUNIS 2016 7PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Security in LMS Moodle • Setting permissions on files and directories • Moodledata directory must be accessible over the web • Web server must not have the right to write to the source directory • Database accessible only from the localhost • The server runs only the necessary services • Updates, patches • Access to stored files only through API 23. 5. 2016, EUNIS 2016 8PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Security in LMS Moodle • Actuality of system • Lifecycle support period and version • Every six months a new version, support for 12 months. + 6 months • Encryption of communication • Thin client – server => HTTPS • Passwords security • One-way function using the so-called salt (64 characters) • Setting password strength rules • The escalation of efforts to "guess" passwords 23. 5. 2016, EUNIS 2016 9PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Security in LMS Moodle • Authentication methods • LDAP, MS AD, Shibboleth, RADIUS, CAS • plugins for more-factor authentication • SSO • E.G. over AD - NTLM, Kerberos or Shibboleth • Alternatively, custom development • Protecting e-mail address • Protect forms – Captcha • In GUI Moodle assembly "Security Overview" 23. 5. 2016, EUNIS 2016 10PragoData Consulting, s.r.o. www.moodlepartner.cz
Security in LMS Moodle Monitoring • Monitoring over IPS / IDS • Monitoring of servers (Zabbix, Cacti, Nagios) • Monitoring of user´s activity in LMS Moodle • Log of changes of Moodle settings • Detail log of each access to Moodle • Logs could be shown in different storage 23. 5. 2016, EUNIS 2016 11PragoData Consulting, s.r.o. www.moodlepartner.cz
Why Moodle with PragoData? • The benefits of Certified Partnership • Strong and stable company with an experienced team • Experience with the development and implementation of complex solutions (Oriflame - more than 500 thousand users, VW SK, CSI, Vysocina Region ...) • Commitment to sustainability solutions • Experience with integration with many other systems • Synergistic use of the experience with other activities PDC - consulting services and Web applications, Web IS, web graphics and 3D animation 1223. 5. 2016, EUNIS 2016 PragoData Consulting, s.r.o.
Conference MoodleMoot.cz 2016 1323. 5. 2016, EUNIS 2016 PragoData Consulting, s.r.o.
Thank you for your attention Ing. Libor Soška libor.soska@pragodata.cz www.moodlemoot.cz www.moodlepartner.cz www.pragodata.cz 14

Recommended

About LMS Moodle
About LMS MoodleAbout LMS Moodle
About LMS Moodle
faiza
 
Interactive Scotland Client Base Infographic
Interactive Scotland Client Base InfographicInteractive Scotland Client Base Infographic
Interactive Scotland Client Base Infographic
Interactive Scotland
 
Moodle as an Add-on LMS
Moodle as an Add-on LMSMoodle as an Add-on LMS
Moodle as an Add-on LMS
CommLab India – Rapid eLearning Solutions
 
Leveraging Your LMS to Meet Organizational Goals
Leveraging Your LMS to Meet Organizational GoalsLeveraging Your LMS to Meet Organizational Goals
Leveraging Your LMS to Meet Organizational Goals
Lambda Solutions
 
Future of Animation, design, visual effects Industry
Future of Animation, design, visual effects IndustryFuture of Animation, design, visual effects Industry
Future of Animation, design, visual effects Industry
Sumit Kumar Diwan
 
Designing Meaningful Animation - AIGA Design Camp 2015
Designing Meaningful Animation - AIGA Design Camp 2015Designing Meaningful Animation - AIGA Design Camp 2015
Designing Meaningful Animation - AIGA Design Camp 2015
Val Head
 
Moodle LMS Overview
Moodle LMS OverviewMoodle LMS Overview
Moodle LMS Overview
Steve Rayson
 
نظام إدارة التعلم الالكتروني Moodle lms
نظام إدارة التعلم الالكتروني Moodle lms نظام إدارة التعلم الالكتروني Moodle lms
نظام إدارة التعلم الالكتروني Moodle lms
Ali Alshourbagy
 

Recommended

About LMS Moodle
About LMS MoodleAbout LMS Moodle
About LMS Moodle
faiza
 
Interactive Scotland Client Base Infographic
Interactive Scotland Client Base InfographicInteractive Scotland Client Base Infographic
Interactive Scotland Client Base Infographic
Interactive Scotland
 
Moodle as an Add-on LMS
Moodle as an Add-on LMSMoodle as an Add-on LMS
Moodle as an Add-on LMS
CommLab India – Rapid eLearning Solutions
 
Leveraging Your LMS to Meet Organizational Goals
Leveraging Your LMS to Meet Organizational GoalsLeveraging Your LMS to Meet Organizational Goals
Leveraging Your LMS to Meet Organizational Goals
Lambda Solutions
 
Future of Animation, design, visual effects Industry
Future of Animation, design, visual effects IndustryFuture of Animation, design, visual effects Industry
Future of Animation, design, visual effects Industry
Sumit Kumar Diwan
 
Designing Meaningful Animation - AIGA Design Camp 2015
Designing Meaningful Animation - AIGA Design Camp 2015Designing Meaningful Animation - AIGA Design Camp 2015
Designing Meaningful Animation - AIGA Design Camp 2015
Val Head
 
Moodle LMS Overview
Moodle LMS OverviewMoodle LMS Overview
Moodle LMS Overview
Steve Rayson
 
نظام إدارة التعلم الالكتروني Moodle lms
نظام إدارة التعلم الالكتروني Moodle lms نظام إدارة التعلم الالكتروني Moodle lms
نظام إدارة التعلم الالكتروني Moodle lms
Ali Alshourbagy
 
Golden Krishna – The Best Interface is No Interface
Golden Krishna – The Best Interface is No InterfaceGolden Krishna – The Best Interface is No Interface
Golden Krishna – The Best Interface is No Interface
inUse
 
How to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s ProductivityHow to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s Productivity
Kissmetrics on SlideShare
 
Learning Process Theories
Learning Process Theories Learning Process Theories
Learning Process Theories
Malyn Singson
 
PPT Presentation on Facebook.com
PPT Presentation on Facebook.comPPT Presentation on Facebook.com
PPT Presentation on Facebook.com
Krishan Majumder
 
Teaching and Learning Process
Teaching and Learning ProcessTeaching and Learning Process
Teaching and Learning Process
Jaser Daher
 
How to make effective presentation
How to make effective presentationHow to make effective presentation
How to make effective presentation
Satyajeet Singh
 
Introduction to Moodle, myths and truths, perspectives for institues
Introduction to Moodle, myths and truths, perspectives for instituesIntroduction to Moodle, myths and truths, perspectives for institues
Introduction to Moodle, myths and truths, perspectives for institues
Mangesh Wagh
 
Moodle - an industry perspective, how to use & myths
Moodle - an industry perspective, how to use & mythsMoodle - an industry perspective, how to use & myths
Moodle - an industry perspective, how to use & myths
Signy IT Solutions Pvt ltd
 
Open Badges for Learning Environments
Open Badges for Learning EnvironmentsOpen Badges for Learning Environments
Open Badges for Learning Environments
Educational Technology
 
Enabling e labs experiments delivery using Moodle LMS
Enabling e labs experiments delivery using Moodle LMSEnabling e labs experiments delivery using Moodle LMS
Enabling e labs experiments delivery using Moodle LMS
Mohamed EL Zayat
 
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Concept Searching, Inc
 
Introduction lecture2 to moodle
Introduction lecture2 to moodleIntroduction lecture2 to moodle
Introduction lecture2 to moodle
daliaMaher2
 
Open edX for Corporate Learning - Open edX Conference 2016
Open edX for Corporate Learning - Open edX Conference 2016Open edX for Corporate Learning - Open edX Conference 2016
Open edX for Corporate Learning - Open edX Conference 2016
Appsembler
 
Company Profile
Company ProfileCompany Profile
Company Profile
Adiante
 
CanCred Factory: A Badging Platform for Canada
CanCred Factory: A Badging Platform for CanadaCanCred Factory: A Badging Platform for Canada
CanCred Factory: A Badging Platform for Canada
Don Presant
 
7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP 7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP
Lambda Solutions
 
Cloud Computing & Privacy Protection
Cloud Computing & Privacy ProtectionCloud Computing & Privacy Protection
Cloud Computing & Privacy Protection
Igor Zboran
 
top 5 ways sharepoint can help your business
top 5 ways sharepoint can help your businesstop 5 ways sharepoint can help your business
top 5 ways sharepoint can help your business
McOWLMarketing
 
Beyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at ScaleBeyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at Scale
Charles Severance
 
The LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt BeerThe LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt Beer
Keith Landa
 
Looking after the Open University's Moodle
Looking after the Open University's MoodleLooking after the Open University's Moodle
Looking after the Open University's Moodle
Tim Hunt
 
Learning Management System (LMS).pptx
Learning Management System (LMS).pptxLearning Management System (LMS).pptx
Learning Management System (LMS).pptx
vidhyavs9
 

More Related Content

Viewers also liked

How to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s ProductivityHow to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s Productivity
Kissmetrics on SlideShare
 
Learning Process Theories
Learning Process Theories Learning Process Theories
Learning Process Theories
Malyn Singson
 

Viewers also liked (6)

Golden Krishna – The Best Interface is No Interface
Golden Krishna – The Best Interface is No InterfaceGolden Krishna – The Best Interface is No Interface
Golden Krishna – The Best Interface is No Interface
 
How to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s ProductivityHow to 10x Your Content Team’s Productivity
How to 10x Your Content Team’s Productivity
 
Learning Process Theories
Learning Process Theories Learning Process Theories
Learning Process Theories
 
PPT Presentation on Facebook.com
PPT Presentation on Facebook.comPPT Presentation on Facebook.com
PPT Presentation on Facebook.com
 
Teaching and Learning Process
Teaching and Learning ProcessTeaching and Learning Process
Teaching and Learning Process
 
How to make effective presentation
How to make effective presentationHow to make effective presentation
How to make effective presentation
 

Similar to Pdc eunis 2016_en

Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Concept Searching, Inc
 
7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP 7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP
Lambda Solutions
 
Cloud Computing & Privacy Protection
Cloud Computing & Privacy ProtectionCloud Computing & Privacy Protection
Cloud Computing & Privacy Protection
Igor Zboran
 
top 5 ways sharepoint can help your business
top 5 ways sharepoint can help your businesstop 5 ways sharepoint can help your business
top 5 ways sharepoint can help your business
McOWLMarketing
 
The LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt BeerThe LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt Beer
Keith Landa
 
2013_Digital learning V3
2013_Digital learning V32013_Digital learning V3
2013_Digital learning V3
Randhir Mishra
 

Similar to Pdc eunis 2016_en (20)

Introduction to Moodle, myths and truths, perspectives for institues
Introduction to Moodle, myths and truths, perspectives for instituesIntroduction to Moodle, myths and truths, perspectives for institues
Introduction to Moodle, myths and truths, perspectives for institues
 
Moodle - an industry perspective, how to use & myths
Moodle - an industry perspective, how to use & mythsMoodle - an industry perspective, how to use & myths
Moodle - an industry perspective, how to use & myths
 
Open Badges for Learning Environments
Open Badges for Learning EnvironmentsOpen Badges for Learning Environments
Open Badges for Learning Environments
 
Enabling e labs experiments delivery using Moodle LMS
Enabling e labs experiments delivery using Moodle LMSEnabling e labs experiments delivery using Moodle LMS
Enabling e labs experiments delivery using Moodle LMS
 
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
Coexist or Integrate? Manage Unstructured Content from Diverse Repositories a...
 
Introduction lecture2 to moodle
Introduction lecture2 to moodleIntroduction lecture2 to moodle
Introduction lecture2 to moodle
 
Open edX for Corporate Learning - Open edX Conference 2016
Open edX for Corporate Learning - Open edX Conference 2016Open edX for Corporate Learning - Open edX Conference 2016
Open edX for Corporate Learning - Open edX Conference 2016
 
Company Profile
Company ProfileCompany Profile
Company Profile
 
CanCred Factory: A Badging Platform for Canada
CanCred Factory: A Badging Platform for CanadaCanCred Factory: A Badging Platform for Canada
CanCred Factory: A Badging Platform for Canada
 
7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP 7 Best Practices for your Moodle RFP
7 Best Practices for your Moodle RFP
 
Cloud Computing & Privacy Protection
Cloud Computing & Privacy ProtectionCloud Computing & Privacy Protection
Cloud Computing & Privacy Protection
 
top 5 ways sharepoint can help your business
top 5 ways sharepoint can help your businesstop 5 ways sharepoint can help your business
top 5 ways sharepoint can help your business
 
Beyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at ScaleBeyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at Scale
 
The LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt BeerThe LMS Delimma: Self Host or Vendor Host - Kurt Beer
The LMS Delimma: Self Host or Vendor Host - Kurt Beer
 
Looking after the Open University's Moodle
Looking after the Open University's MoodleLooking after the Open University's Moodle
Looking after the Open University's Moodle
 
Learning Management System (LMS).pptx
Learning Management System (LMS).pptxLearning Management System (LMS).pptx
Learning Management System (LMS).pptx
 
ePortfolios and Mahara
ePortfolios and MaharaePortfolios and Mahara
ePortfolios and Mahara
 
One name unify them all
One name unify them allOne name unify them all
One name unify them all
 
2013_Digital learning V3
2013_Digital learning V32013_Digital learning V3
2013_Digital learning V3
 
June 2020 Microsoft 365 Need to Know Webinar
June 2020 Microsoft 365 Need to Know WebinarJune 2020 Microsoft 365 Need to Know Webinar
June 2020 Microsoft 365 Need to Know Webinar
 

Recently uploaded

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 

Recently uploaded (20)

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 

Pdc eunis 2016_en

  • 1. Security in LMS Moodle Ing. Libor Soška Mgr. Michal Bajer 1
  • 2. PragoData Consulting We are the certificate Moodle partner How we could help you with Moodle? • Analytic and consulting services, solution design, project management • Graphics, Moodle template, responsive design • Upgrade or unification Moodle for Schools • Customization and extension development for peace • System integration • Training accredited by the Ministry of Education, creating tailor-made courses • Hosting, operation, user support, outsourcing Moodle 23. 5. 2016, EUNIS 2016 2PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 3. Security in LMS Moodle LMS Moodle • One of the most widespread systems in the world LMS • Application across organizations of various types • It Contains valuable asset • User data • The progress and results of the study, stamps, badges • Courses that contain high value • Quiz bank  Security threats, effort on disposal of assets  The need to integrate Moodle in the ISMS 23. 5. 2016, EUNIS 2016 3PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 4. Security in LMS Moodle Information Security Management System (ISMS) • Crucial for the application of security policy within the organization • Identification of assets that should be protected • Identification of threats and vulnerabilities • Assessment of the risk • Impact analysis • Design and implementation of measures 23. 5. 2016, EUNIS 2016 4PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 5. Security in LMS Moodle Levels of information security LMS Moodle • IS security must be understood comprehensively • Object security • Safety operational infrastructure • Security of LMS Moodle 23. 5. 2016, EUNIS 2016 5PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 6. Security in LMS Moodle Object security • Independence of Moodle in operational infrastructure • Solutions of object´s security • Location data centers outside the flood area • Access system for authorization of persons • Fire and extinguishing system • Redundant power supplies, redundancy • Dust-free, constant temperature and humidity zero rate • Cooling system, backup cooling 23. 5. 2016, EUNIS 2016 6PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 7. Security in LMS Moodle Security of operationaly infrastructure • LMS Moodle is multiplatform system • The benefits of virtualization, not only in terms of safety • Backup • Mostly non-critical system • Incremental backups / full backups • DB, Moodledata, source codes • storing backups 23. 5. 2016, EUNIS 2016 7PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 8. Security in LMS Moodle Security in LMS Moodle • Setting permissions on files and directories • Moodledata directory must be accessible over the web • Web server must not have the right to write to the source directory • Database accessible only from the localhost • The server runs only the necessary services • Updates, patches • Access to stored files only through API 23. 5. 2016, EUNIS 2016 8PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 9. Security in LMS Moodle Security in LMS Moodle • Actuality of system • Lifecycle support period and version • Every six months a new version, support for 12 months. + 6 months • Encryption of communication • Thin client – server => HTTPS • Passwords security • One-way function using the so-called salt (64 characters) • Setting password strength rules • The escalation of efforts to "guess" passwords 23. 5. 2016, EUNIS 2016 9PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 10. Security in LMS Moodle Security in LMS Moodle • Authentication methods • LDAP, MS AD, Shibboleth, RADIUS, CAS • plugins for more-factor authentication • SSO • E.G. over AD - NTLM, Kerberos or Shibboleth • Alternatively, custom development • Protecting e-mail address • Protect forms – Captcha • In GUI Moodle assembly "Security Overview" 23. 5. 2016, EUNIS 2016 10PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 11. Security in LMS Moodle Monitoring • Monitoring over IPS / IDS • Monitoring of servers (Zabbix, Cacti, Nagios) • Monitoring of user´s activity in LMS Moodle • Log of changes of Moodle settings • Detail log of each access to Moodle • Logs could be shown in different storage 23. 5. 2016, EUNIS 2016 11PragoData Consulting, s.r.o. www.moodlepartner.cz
  • 12. Why Moodle with PragoData? • The benefits of Certified Partnership • Strong and stable company with an experienced team • Experience with the development and implementation of complex solutions (Oriflame - more than 500 thousand users, VW SK, CSI, Vysocina Region ...) • Commitment to sustainability solutions • Experience with integration with many other systems • Synergistic use of the experience with other activities PDC - consulting services and Web applications, Web IS, web graphics and 3D animation 1223. 5. 2016, EUNIS 2016 PragoData Consulting, s.r.o.
  • 13. Conference MoodleMoot.cz 2016 1323. 5. 2016, EUNIS 2016 PragoData Consulting, s.r.o.
  • 14. Thank you for your attention Ing. Libor Soška libor.soska@pragodata.cz www.moodlemoot.cz www.moodlepartner.cz www.pragodata.cz 14

Editor's Notes

  1. Díky rozšířenosti a opensource vyšší šance na odhalení bezpečnostních problémů nachází uplatnění v mnoha typech organizací počínaje veřejnou správou (ministerstva, kraje, obce, jimi zřizované nebo zakládané organizace), školství (VŠ, SŠ a ZŠ), komerční firmy působící v nejrůznějších oborech a sektorech trhu. ISMS - systém řízení bezpečnosti informací
  2. LMS Moodle tak, jako každý jiný informační systém ve společnosti, obsahuje informace, data a další cenná aktiva. Jeho začlenění do systému řízení bezpečnosti informací (ISMS), by tedy mělo být samozřejmostí.
  3. O informační bezpečností LMS Moodle lze hovořit ve třech základních rovinách, přičemž všechny tyto roviny musí být součástí bezpečnostní politiky organizace, jsou jimi:
  4. Objektová bezpečnost řeší ochranu a oprávnění k přístupu k objektu, k HW infrastruktuře – Zcizení železa jako takového Provoz moodle jak na fyzickém železe, tak ve virtualizované infrastruktuře, tak cloudové prostředí. Jak „In-house“ datové centra, tak specializované „serverhousingy“.
  5. MS Windows i Linux – nutné držet v aktualizovaném stavu DB MS SQL, MySQL, Postgre, mariaDB virtualizace serverů - poskytuje vyšší efektivitu využití HW při současném snížení nákladů Možnost Clusteringu Snadné zálohování a snímkování Provoz LMS Moodle na virtuálním dedikovaném serveru, na kterém neběží žádné jiné webové prezentace či jiné projekty, eliminuje rizika sdíleného hostingu s agregací. zálohování jednou denně inkrementální záloha a jednou týdně úplná image celého virtuálního serveru Ukládání záloh – jiný server, NAS, geograficky oddělená lokalita
  6. Soubory vložené do Moodle nejsou dostupné přímo, díky tomu nikdy neexistuje URL např. k nějakému docx dokumentu, ale vždy je soubor vrácen skrze Moodle až po ověření, zda daný uživatel k souborů má mít přístup – tedy zda je autentizován a autorizován
  7. LMS Moodle je léty prověřen silnou komunitou a dlouhodobým vývojem, stabilně testován a laděn, čímž jsou bezpečnostní rizika minimalizována. Vývojáři LMS Moodle kladou velký důraz na bezpečnost kódu. Nejen, že publikují známé bezpečnostní chyby, ale i jejich řešení a opravné balíčky. SSL by mělo být v dnešní době standardem, veškerou komunikaci mezi klientem a aplikačním serverem Moodle lze šifrovat, zamezení Phishingu a především SSL chrání proti odposlechnutí komunikace – tedy útočník nemá možnost odchytit např. jméno/heslo uživatele, který se právě přihlašuje. Amatéři útočí na systémy, profesionálové útočí na lidi. Solení hesel – všechna hesla mají stejnou délku 64 znaků, dvě stejná hesla=různé hashe Lze nastavit počet pokusů, po kterých odejde SuperAdminovi info, že se něco děje
  8. ochrana e-mailových adres pomocí JavaScriptu znemožňujícím vyčíst emailové adresy ve zdrojovém kódu stránky. Při SSO řešení není potřeba do Moodle zadávat jméno/heslo Sestava „Přehled zabezpečení“ – zobrazuje základní info typu, zda je povolen výpis PHP chyb, zapisovatelný soubor config.php, registrace bez ověření, potvrzení změny e-mailové adresy, … Lze to brát jako kontrola nejzákladnějších nastavení
  9. Intrusion Detection/Prevention Systém Lze dohledat, kdo a jakou změnu v nastavení udělal Z logu je vidět, kdo, kdy co + info typu IP adresa V rámci GUI Moodle se lze dostat k logů v rámci Sestav a to konkrétně – Protokoly – vidět jednotlivé „akce“ uživatele Změny nastavení Aktuální protokoly – onlinmožné e zobrazovaní přístupů Logy se ukládají do db – je zvolit jinou db, než do které je Moodle nainstalován