e-Learning Blog

Blog

2022.09.16

Moodle
Know-how

[Moodle Basic Course] Security Measures for Moodle

  • Category

  • Recommended Articles

  •  

    Moodle Implementation Support and Operation Services
    e-Learning Material Production Services


    1. What is Moodle?

    Moodle is a free, open-source all-in-one learning platform.

    According to statistics from Moodle HQ, there are over 170,000 sites and more than 300 million users, making it the largest learning platform in the world, used in 243 countries and regions. (*As of 2022) It holds the number one share in universities in Europe and Japan, and is widely adopted not only in educational settings but also by global companies, government agencies, and other organizations around the world.

    A major feature is its high level of customization. Flexible customization tailored to the individual goals and needs of each course is possible, allowing it to accommodate any class size, from small courses to large ones.

    In addition, it comes with a highly versatile editor that allows for easy incorporation of images and videos, making it simple to create teaching materials. Furthermore, it is compatible with smartphones and tablets, enabling participants to comfortably attend lectures anytime and anywhere.

    The biggest reason Moodle continues to be chosen worldwide is that it is a world-standard LMS※2, which means it is a system refined and standardized by universities and other organizations around the globe.
    By using a world-standard system and implementing organizational reforms tailored to the system, it becomes possible to reassess the structure and nature of the organization, thereby enhancing international competitiveness.

    *1 E-learning refers broadly to educational systems that utilize IT technologies centered around computers and the internet. This includes everything from viewing videos on sharing sites and solving problems on learning apps to remote classes conducted through web conferencing tools.
    *2 LMS stands for Learning Management System, which is translated into Japanese as Learning Management System. An LMS is a system that centrally manages information such as participants, materials, progress, and grades necessary for e-learning. In recent years, there has been an increase in systems that not only manage but also integrate employee performance management and provide tailored learning experiences as Learning Experience Platforms (LXP).

    > [Moodle Basic Course] What can you do with the e-learning management system Moodle?
    > [Moodle Basic Course] What is Moodle?
    > [Moodle Basic Course] What can you do with Moodle's default features?


    2. Are Moodle's security measures sufficient?

    By reading this section, you will understand that Moodle has robust security measures compared to other open-source and commercial LMS.
    First, to understand Moodle's security, we need to understand open source, so let's take a look.

    2-1. What is Open Source?

    Open source refers to software whose source code is publicly available.

    Source refers to something like a "blueprint" that instructs the operation of software, written in programming languages used by engineers. The string of letters that we think of when we hear "software code" is the source, and when it is widely made available to the public, it is called "open source."

    2-2. Features of Open Source

    ・License fees are free
    It is provided free of charge under the terms of the GPL as open-source software. No license fees are required for use.
    Although it is open-source software, it has all the necessary features as an LMS.
    *GPL (GNU General Public License) is a license that stipulates the conditions for the use of software, known in Japanese as a general public use license. It mainly consists of two points: 1) You can freely use, redistribute, modify, and create/distribute derivative software. 2) For derivative software (modified software or software used in combination), the GNU GPL license also stipulates the publication, use, redistribution, and modification of the source code.

    ・Flexible Customization Available
    In addition to using Moodle's basic features, it can be customized to meet the needs of your organization. Flexible customization tailored to the individual objectives and needs of courses is possible, allowing for adaptation to any class size, from small courses to large ones.
    It is possible to add necessary features through plugin development. Anyone can freely obtain, use, modify, and redistribute it.
    > Moodle Plugin Customization

    ・Software survives even if the developer discontinues the service
    If it is not open source, when the developer goes bankrupt or discontinues the service, the software will no longer be updated and will eventually become unusable.
    However, if it is open source, since the source is publicly available, it can continue to be used while being maintained by ourselves. If there are many users of the open source, it is also expected that other users will publish various updates and fixes.
    Moodle currently has three versions, all of which receive updates six times a year, and security measures continue to improve.
    On the other hand, there are cases where commercial LMS that stopped updating years ago are still being used as is.

    ・When implementing Moodle, using a rental server may not ensure the operating environment.
    If operating on-premises, technical knowledge of server hardware specifications and middleware installation is required.
    As a countermeasure, Moodle's official partners also provide cloud services.
    You can use a pre-built environment with robust Moodle security measures, so there is no need for customers to prepare or build servers, networks, or perform installation and initial setup.
    > Moodle Cloud Service (e-CoreLea)

    ・Users must take measures for maintenance and operation, including security measures.
    There is an operation manual for Moodle, but it does not cover customization and plugin development features, and it will be updated with each version upgrade. Therefore, measures such as establishing a support center for manual management and responding to inquiries from students must also be considered.
    > Moodle Maintenance and Operation


    3. Basic Settings to Enhance Moodle Security

    There is also a security manual on the Moodle site, which is constantly updated, but it is not complete. Therefore, users need to take measures.

    3-1. Regularly update Moodle during version releases

    Moodle is regularly updated with new versions, so please update it regularly.
    Older versions are more likely to contain vulnerabilities.

    > Moodle Version Upgrade

    3-2. Set a Strong Password

    Setting a "difficult" password serves as a countermeasure against aggressive account cracking.
    The password policy can be set under "Settings > Site Management > Security > Site Policy." The following conditions can be made mandatory as options: password length, numbers, lowercase letters, uppercase letters, non-alphanumeric characters, and prohibition of consecutive identical characters.

    3-3. Grant permissions (teacher account) only to trusted users

    Teacher accounts have extremely flexible permissions, making it easy to create situations where data can be misused and stolen.

    3-4. Implementing the Cloud Package

    Using different passwords for different systems, using different machines for different services, etc. This prevents damage from spreading widely even if one account is misused or one server is breached.

    > Moodle Cloud Service (e-CoreLea)


    4. Summary

    In the previous chapter, we discussed the basic points to be aware of regarding Moodle's security.
    Of course, it is possible to operate Moodle solely within your company,
    but to make the most of Moodle, it is advisable to seek the assistance of an official Moodle partner.
    There are several official Moodle partners in Japan, and this time we will introduce Human Science Co., Ltd., which has a wealth of experience.

    4-1. What is Human Science?

    Human Science is an official partner of Moodle. In 2017, we were certified by the Moodle headquarters in Australia and became an official Moodle partner. Only companies with expertise and a proven track record in building and developing Moodle are certified. While certified companies exist around the world, there are only a few in Japan.
    Utilizing the know-how we have cultivated and our number one domestic operational track record (over 700 projects, more than 80 cases with companies, schools, and organizations), we provide total solutions from the introduction to operational support of Moodle.

    Next, we will explain the services provided by Human Science step by step.

    4-2. Implementation Design

    <Client Situation Hearing and Proposal>
    We will assist in configuring Moodle to realize the educational flow that the client wants to implement.
    Since Moodle has a wealth of features, we will make it user-friendly for learners by anticipating how it will be used. The configuration of Moodle allows for features to be shown or hidden.

    • ・Requirements Definition
      We will listen to what the customer wants to achieve with the implementation of e-learning and finalize the specifications.
    • ・Support for Building e-Learning Operation Business Processes
      Various tasks arise in e-learning operations, such as course registration, communication with users, distribution, and effectiveness measurement. We assist in constructing business flows to ensure the success of implementation and operation.
    • ・Building a demo site
      We will launch a demo site, allowing customers to see the actual operation of Moodle while tuning the settings and features.

    > Moodle Implementation Support and Operation

    <Moodle Construction>
    We will install Moodle and make it ready for use.
    We can build it on-premises (owned and operated by your company) as well as on cloud platforms like AWS and Azure.
    We also perform replacements from your existing systems to Moodle.

    • ・ Selection of hardware specifications
      Determined by the number of users and the way it is used.
    • ・ Installation of Middleware
      We will install open-source middleware such as apache (Nginx), php (php-fpm), and postgresql.
    • ・ Installation of Moodle
    • ・ Moodle Configuration
      Configuration of Moodle will be done based on the intended use.
    • ・Customization, Plugin Development
      We will develop customizations and plugins for features that are difficult to achieve with Moodle's standard functionality.

    We also offer a cloud service called e-CoreLea.
    You can use an environment where Moodle is already installed and configured, so there is no need for customers to prepare or build servers, networks, or perform installation and initial setup.
    We also have video distribution plans and plans that include educational content. Please contact us for more details.

    > Moodle Construction
    > Moodle Cloud Service (e-CoreLea)

    4-3. Operational Support

    <How to Use Seminar>
    We will hold a seminar on the basic usage of Moodle.
    It is expected to be in a lecture format using a web conferencing system (such as Zoom) for about 5 hours a day. The content will cover preparation, user registration, course registration, quiz creation, downloading grades, and creating surveys.

    <Operation Manual>
    We will create a tutorial manual on how to use Moodle.
    > Moodle Implementation, Seminars, Manuals

    <Regular Maintenance (Version Upgrade)>
    Moodle has many versions available.
    Human Science supports version upgrades.
    > Moodle Version Upgrade

    <Inquiry Support>
    We provide Moodle support services via phone and email.
    The biggest advantage of Moodle is that it is open source and free, but maintenance and operation are the user's responsibility.
    The main contents include the following.

    • ・Phone and email support for inquiries regarding Moodle operations
    • ・Delivery of a report summarizing the inquiry details as a monthly report
    • ・Investigation into the cause of the Moodle bug (fix will be handled separately)

    We provide support for Moodle operations and management, as well as regular maintenance such as server environment upgrades that accompany frequent Moodle updates, and we also offer new information about new features.

    > Moodle Maintenance and Operations
    > Frequently Asked Questions about Moodle Implementation and Operations Support

    From the above, it is clear that Human Science provides support from the introduction to the operation of Moodle. For those who would like to know more details, you can obtain the materials from the link below.

    > Introduction to Moodle Implementation Support Services | Case Studies and Useful Material Downloads | Over 2,693 Achievements of Human Science (hs-learning.jp)

    Human Science offers a variety of services to help our clients implement and operate e-learning.
    If you have any concerns, please feel free to contact us.

    > e-learning material production
    > e-learning material translation
    > in-house material support
    > Articulate Storyline, Studio implementation support and creation agency services
    > microlearning implementation support
    > Flash to HTML5 migration and conversion
    > Moodle and Totara Learn (open-source LMS) implementation and operational support

    For the contact form, click herehttps://hs-learning.jp/contact/

    Contact Information:

    Phone Number: 03-5321-3111
    hsweb_inquiry@science.co.jp