Moodle 4 Security : Enhance Security, Regulation, and Compliance Within Your Moodle Infrastructure

Moodle 4 Security Enhance Security, Regulation, and Compliance Within Your Moodle Infrastructure

Tackle advanced platform security challenges with this practical Moodle guide complete with expert tips and techniques Key Features Demonstrate the security of your Moodle architecture for compliance purposes Assess and strengthen the security of your Moodle platform proactively Explore Moodle'...

Descripción completa

Detalles Bibliográficos
Otros Autores: Wild, Ian, author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham, England : Packt Publishing Ltd [2024]
Edición:First edition
Materias:
Distance education > Computer-assisted instruction.
Open source software.
Computer security.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009805221606719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright
  • Dedication
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Moodle Security Primer
  • Chapter 1: Moodle Security - First Steps
  • Technical requirements
  • A short history of hacking
  • The Watergate scandal - a man-in-the-middle attack
  • Phreaking - VoIP fraud
  • Cracking encryption - SSL attacks
  • Fundamental security requirements
  • Understanding risk
  • The regulatory environment
  • Statutory requirements
  • Insurance requirements
  • Service License Agreement (SLA) requirements
  • ITT requirements
  • Creating a risk register
  • Description of risk
  • Probability
  • Impact
  • Mitigation action
  • Summary
  • Chapter 2: Moodle Threat Modeling
  • Technical requirements
  • Cybersecurity terminology
  • What are we working on?
  • Data flow diagrams
  • Microsoft Threat Modeling Tool
  • Identifying threats with STRIDE
  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege
  • What are we going to do about it?
  • Transferring threat risks
  • Eliminating risks
  • Accepting risks
  • Mitigating risks
  • Did we do a good job?
  • Summary
  • Chapter 3: Security Industry Standards
  • Technical requirements
  • The Open Web Application Security Project - OWASP
  • The OWASP Top 10 Web Application Security Risks
  • OWASP Top 10 - conclusions
  • The Center for Internet Security (CIS), Inc.
  • The CIS Critical Security Controls
  • The CIS Benchmarks
  • The Center for Internet Security - conclusions
  • Federal agency recommendations
  • The NIST Cybersecurity Framework - overview
  • The Framework Core
  • Bringing security industry standards together - the CIA triad
  • Summary
  • Part 2: Moodle Server Security
  • Chapter 4: Building a Secure Linux Server
  • Technical requirements
  • Creating your first cloud-based VM
  • Adding a new super user.
  • Authentication using SSH keys
  • How secure is SSH?
  • Linux server multi-factor authentication (MFA)
  • Server patching
  • Enabling TLS/SSL
  • Installing an SSL certificate
  • Configuring SSL/TLS client connections
  • SSL certificate validation
  • Alternatives to Let's Encrypt SSL certificates
  • Investigating firewalls
  • Linux server firewalls
  • Uncomplicated Firewall
  • fail2ban
  • Learning about exfiltration
  • Exploring server immutability
  • CI/CD with GitLab
  • An introduction to containerization
  • Summary
  • Chapter 5: Endpoint Protection
  • Technical requirements
  • Malware
  • What are rootkits?
  • Defending against rootkits
  • What are viruses?
  • Protecting against viruses
  • Understanding the Apache access logs
  • Logging geolocation data
  • Implementing a new Apache log format
  • ModSecurity WAF
  • What is ModSecurity?
  • Configuring ModSecurity for Moodle
  • Tuning ModSecurity using the audit log
  • Going further with ModSecurity
  • Summary
  • Chapter 6: Denial of Service Protection
  • Technical requirements
  • The Apache web server
  • What is PHP-FPM?
  • Configuring Apache to use PHP-FPM
  • Tuning PHP-FPM
  • Introduction to Apache JMeter
  • Installing JMeter
  • Creating a test plan
  • Running load tests
  • Analyzing test data
  • Going further with JMeter load tests
  • mod_evasive
  • Installing mod_evasive
  • Testing mod_evasive
  • Identifying threat actors from server access logs
  • Summary
  • Chapter 7: Backup and Disaster Recovery
  • Technical requirements
  • Understanding backup requirements
  • Data backup and restore
  • Database backup to file
  • MySQL database binary log replication
  • Cloud provider database replication solutions
  • MySQL point-in-time recovery
  • File backup and restore
  • Rsync
  • BorgBackup
  • Deployment using backups
  • Disaster recovery
  • Backup data storage locations
  • Disaster recovery scenarios.
  • Disaster recovery drill
  • Summary
  • Part 3: Moodle Application Security
  • Chapter 8: Meeting Data Protection Requirements
  • Technical requirements
  • Background and concepts of data protection
  • Implementing a privacy officer role
  • Specifying a privacy policy
  • The Default (core) policy handler
  • Using the Policies (tool_policy) handler
  • The digital age of consent
  • Data retention
  • Managing data requests and data deletion
  • Creating data requests
  • Creating subject access and data deletion requests
  • Summary
  • Chapter 9: Moodle Security Audit
  • Technical requirements
  • The defense in depth strategy
  • Content Security Policy configuration
  • Testing content security policy restrictions
  • HTTP/2
  • Exploring Moodle security checks
  • Using Kali Linux
  • Information gathering tools
  • Vulnerability scanning tools
  • Exploitation tools
  • Summary
  • Chapter 10: Understanding Vulnerabilities
  • Technical requirements
  • Tracking vulnerabilities
  • Moodle security management and protocols
  • Vulnerability scanners
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Third-party vulnerability scanners
  • PHP_CodeSniffer (phpcs)
  • MDLCode - Moodle development plugin
  • Black Duck, Coverity, and the Synopsys Polaris platform
  • Exploring cloud host-specific security tools
  • Amazon Web Services (AWS)
  • Azure Front Door
  • Cloudflare
  • Summary
  • Part 4: Moodle Infrastructure Monitoring
  • Chapter 11: Infrastructure Monitoring
  • Technical requirements
  • What is infrastructure monitoring?
  • Investigating Grafana
  • Installing the Grafana agent
  • Configuring Grafana data sources and data sinks
  • Grafana dashboards
  • Reports and alerts
  • Alternative infrastructure monitoring tools
  • Nagios
  • New Relic
  • AWS CloudTrail and CloudWatch
  • Microsoft Azure Monitor
  • Summary
  • Index.
  • About PACKT
  • Other Books You May Enjoy.

Ejemplares similares