Moodle Security. Learn how to install and configure Moodle in the most secure way possible - Helion

ebook

Autor: Moodle Trust, Darko Miletic
Tytuł oryginału: Moodle Security. Learn how to install and configure Moodle in the most secure way possible
ISBN: 9781849512657
stron: 204, Format: ebook
Data wydania: 2011-02-10
Księgarnia: Helion

Cena książki: 139,00 zł

Osoby, które kupiły tę książkę, wybierały także »

Osoby które kupowały "Moodle Security. Learn how to install and configure Moodle in the most secure way possible", wybierały także:

Cisco CCNA 200-301. Kurs video. Administrowanie bezpieczeństwem sieci. Część 3 665,00 zł, (39,90 zł -94%)
Cisco CCNA 200-301. Kurs video. Administrowanie urządzeniami Cisco. Część 2 665,00 zł, (39,90 zł -94%)
Cisco CCNA 200-301. Kurs video. Podstawy sieci komputerowych i konfiguracji. Część 1 665,00 zł, (39,90 zł -94%)
Cisco CCNP Enterprise 350-401 ENCOR. Kurs video. Programowanie i automatyzacja sieci 443,33 zł, (39,90 zł -91%)
CCNP Enterprise 350-401 ENCOR. Kurs video. Mechanizmy kierowania ruchem pakiet 443,33 zł, (39,90 zł -91%)

Spis treści

Moodle Security. Learn how to install and configure Moodle in the most secure way possible eBook -- spis treści

Moodle Security
- Table of Contents
- Moodle Security
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
  - Support files, eBooks, discount offers, and more
    - Why Subscribe?
    - Free Access for Packt account holders
- Preface
  - What this book covers
  - Who this book is for
  - Conventions
  - Reader feedback
  - Customer support
    - Errata
    - Piracy
    - Questions
- 1. Delving into the World of Security
  - Moodle and security
    - Weak points
  - The secure installation of Moodle
    - Starting from scratch
      - Installation checklist
  - Quickly securing Moodle
    - Review the Moodle security overview report
  - Summary
- 2. Securing Your Server Linux
  - Securing your Linuxthe basics
    - Firewall
    - User accounts and passwords
    - Removing unnecessary software packages
    - Patching
  - Apache configuration
    - Where to start
    - Directory browsing
    - Load only a minimal number of modules
    - Install and configure ModSecurity
  - MySQL configuration
  - PHP configuration
    - Installation
  - File security permissions
    - Discretionary Access ControlDAC
      - Directory permissions
    - Access Control Lists
    - Mandatory Access Control (MAC)
  - Adequate location for a Moodle installation
  - How to secure Moodle files
    - DAC
    - ACL
  - Summary
- 3. Securing Your ServerWindows
  - Securing Windowsthe basics
    - Firewall
    - Keeping OS updated
      - Configuring Windows update
    - Anti-virus
    - New security model
  - File security permissions
    - Adequate location for Moodle installation
  - Installing and securing PHP under Internet Information Server
    - Preparing IIS
    - Getting the right version of PHP
    - Configuring php.ini
    - Adding PHP to the IIS
      - Creating Application pool
      - Create new website
      - Adding PHP mapping
  - Securing MySQL
    - MySQL configuration wizard
    - Configure MySQL service to run under low/privileged user
      - Create a mysql account
  - Summary
- 4. Authentication
  - Basics of authentication
    - Logon procedure
  - Common authentication attacks
    - Weak passwords
    - Enforcing a good password policy
    - Protecting user logon
      - Closing the security breach
    - Password change
      - Recover a forgotten password
        
        Preventing a potential security risk
        
        Securing user profile fields
    - User model in Moodle
  - Authentication types in Moodle
    - Manual accounts
    - E-mail based self-registration
      - Specifying allowed or denied e-mail domains
      - Captcha
      - Session hijacking
    - No login
  - Summary
- 5. Roles and Permissions
  - Roles and capabilities
    - Capability
    - Context
    - Permissions
    - Role
    - How it all fits together
  - Standard Moodle roles
  - Customizing roles
    - Overriding roles
  - Best practices
    - Risky capabilities
  - Summary
- 6. Protection Against Bots
  - Internet bots
    - Search engine content indexing
    - Harvesting email addresses
    - Website scraping
    - Spam generators
  - Protecting Moodle from unwanted search bots
    - Search engines
    - Moodle and search engines
    - Moodle access check
  - Protection against spam bots
    - User profiles
    - E-mail-based self-registration
    - User blogs
    - Moodle messaging system
    - Cleaning up spam
  - Protection against brute force attacks
  - Summary
- 7. Securing User Files
  - Uploading files into Moodle
    - How Moodle stores files
    - Points of submitting user files
      - WYSIWYG HTMLArea editor
      - Upload single file simple/advanced assignment
      - Forum
      - Database activity
  - Dangers and pitfalls
    - Classic viruses
    - Macro viruses
      - Applying protection measures
        
        Disable WYSIWIG editor if you do not need it
        
        Enable file upload in forums only when you really need it
  - Anti-virus and Moodle
    - ClamAV on Linux
      - Configuring Moodle
    - ClamAV on Windows
      - Downloading
      - Configuring clamd service
      - Setting up virus signature database update
      - Scheduling updates
      - Final steps
  - Summary
- 8. Securing Moodle Data
  - User information protection
    - User profile page
      - Reaching profile page
        
        People block
        
        Forum topics
        
        Messaging system
      - Protecting user profile information
        
        Limit information exposed to all users
        
        Completely block ability to view profiles
        
        Disable View participants capability
        
        Hide messaging system
        
        Disable Messaging system
        
        Not using general forums
        
        Disable View user profiles capability
  - Course information protection
    - Course backups
      - Important information for users of Moodle prior to 1.9.7
        
        Password hashes and salt
        
        Enable password policy
        
        Enable password salt
        
        Disable teachers ability to back up and restore courses
      - Security issues with course backups
      - Scheduled backups
  - Summary
- 9. Monitoring User Activity
  - Activity monitoring using Moodle tools
    - Moodle log
    - Accessing the Moodle reports
    - Logs report
      - IP address look up page setup
      - Configuring Moodle to use GeoIP database
    - Live Logs report
    - Statistics report
    - Moodle cron
      - Moodle cron on Windows
      - Moodle cron on Linux
      - Enabling statistics report
  - Activity monitoring using OS native tools
    - Linux
      - Server load
      - Disk space
      - Web server load
      - Web server statistics
        
        Configuring The Webalizer
    - Windows
      - Server load
        
        Task manager
        
        Performance and Reliability Monitor
        
        The Webalizer on Windows
  - Summary
- 10. Backup
  - Importance of backup
  - Backup tools in Moodle
    - Manual backup
    - Automatic backup
      - Content export options for automatic backup
      - Execution configuration options
      - When to use Moodle automated backup
  - Site backup
    - Database
      - Server log
        
        Linux
        
        Windows
      - Automating database backupLinux
        
        Backup script explanation
      - Automating database backupWindows
      - Restoring database
    - Moodledata directory
      - Linux
      - Windows
    - Moodle directory
  - Disaster recovery scenario
  - Summary
- A. Authentication Plugins
  - Plugins less common in production servers
    - LDAP server
      - Configuring LDAP PHP extension
    - CAS server
    - FirstClass server
    - IMAP server
    - Moodle network authentication
    - NNTP server
    - No authentication
    - PAM (Pluggable Authentication Modules)
    - POP3 server
    - Shibboleth
    - Radius
  - Summary
- Index