2022.09.16
【Moodle Basic Course】Moodle Security Measures
Table of Contents
1. What is Moodle?
2. Are Moodle's security measures sufficient?
2-1 What is open source?
2-2 Characteristics of open source
3. Basic settings to enhance Moodle's security
3-1 Regularly update Moodle upon version releases
3-2 Set strong passwords
3-3 Grant permissions (teacher accounts) only to trusted users
3-4 Implement cloud packages
4. Summary
4-1 What is human science?
4-2 Implementation design
4-3 Operational support
1. What is Moodle?
Moodle is a free and open-source all-in-one learning platform with no licensing fees.
According to Moodle HQ's statistics, it is used in over 170,000 sites, with over 300 million users in 243 countries and regions, making it the largest learning platform in the world. (*As of 2022) It is the number one share in universities in Europe and Japan, and is widely used not only in educational settings but also in global companies, government agencies, and other organizations around the world.
One of the main features is its high level of customization. It is possible to flexibly customize each course according to its specific purpose and needs, making it suitable for classes of any size, from small to large.
In addition, it is equipped with a highly versatile editor, making it easy to insert images and videos, allowing for easy creation of teaching materials. Furthermore, it is compatible with smartphones and tablets, allowing students to comfortably attend lectures anytime, anywhere.
The main reason Moodle continues to be chosen around the world is because it is the world standard LMS※2, meaning it has been refined and standardized by universities and other organizations around the world.
By using this world standard system and implementing organizational reforms tailored to the system, it is possible to review the structure and existence of the organization and improve its international competitiveness.
※1e-learning is a general term for educational systems that utilize IT technology centered around personal computers and the internet. This includes watching videos on video sharing sites, solving problems with learning apps, and all forms of remote learning through web conferencing tools.
※2LMS stands for Learning Management System and is translated as "learning management system" in Japanese. LMS is a system that centrally manages information such as learners, materials, progress, and grades that are necessary for e-learning. In recent years, there has been an increase in systems that not only manage but also integrate with employee performance management and can be operated as a Learning Experience Platform (LXP) that provides personalized learning experiences for each employee.
> [Moodle Basic Course] What can Moodle, the e-learning management system, do?
> [Moodle Basic Course] What is Moodle?
> [Moodle Basic Course] What can be done with Moodle's default features?
2. Is Moodle's security sufficient?
By reading this section, you will understand that Moodle has strong security measures compared to other open source and commercial LMS.
First, in order to understand Moodle's security, it is necessary to understand open source, so let's take a look.
2-1. What is Open Source?
Open source refers to software where the source code is publicly available.
The source is like a "blueprint" that instructs the operation of software, and is written in a programming language used by engineers. The alphabet sequence that comes to mind when we hear "software code" is the source, and what is widely available to the public is called "open source".
2-2. Features of Open Source
・License fees are free
It is provided for free under the conditions of GPL※ as open source software. There is no need for a license fee to use it.
Although it is open source software, it has all the necessary functions as an LMS.
※GPL (GNU General Public License) is a license that sets the conditions for using software, also known as a general public license in Japanese. There are mainly two contents. ① It is possible to freely use, redistribute, modify, and distribute derivative software. ② For derivative software (modified software or integrated software), the source code must be made public and it is specified that it can be used, redistributed, modified, etc. based on the GNU GPL license.
・Flexible customization
In addition to using Moodle's basic functions, you can customize it to fit your organization's needs. With flexible customization tailored to the specific goals and needs of each course, it can accommodate classes of any size, from small to large.
It is possible to add necessary functions through plugin development. Anyone can freely obtain, use, modify, and redistribute them.
> Moodle plugin customization
・Even if the developer ends the service, the software will survive
If it is not open source, when the developer goes bankrupt or ends the service, the software will no longer be updated and will eventually become unusable.
However, if it is open source, the source code is publicly available, so we can continue to use it while maintaining it ourselves. If there are many users of open source, we can also expect other users to publish various updates and fixes.
Moodle has three current versions, and each one is updated six times a year, continuously improving security measures.
On the other hand, there are cases where commercial LMSs that have not been updated for many years are still being used.
・When introducing Moodle, it may not be possible to ensure the operating environment when using a rental server.
If you operate on-premises, you will need technical knowledge of servers such as hardware specifications and middleware installation.
As a countermeasure, Moodle's official partner also provides cloud services.
You can use a fully built environment with complete security measures for Moodle, so there is no need for customers to prepare, build, install, or set up servers, networks, etc.
> Moodle Cloud Service (e-CoreLea)
・Maintenance and operation, including security measures, must be taken by the user.
While there is a Moodle operation manual, customization and plugin development functions are not covered and will be fixed with each version upgrade. Therefore, it is necessary to consider measures such as setting up a support center to handle manual management and inquiries from students.
> Moodle Maintenance and Operation
3. Basic Settings to Improve Moodle Security
There is also a security manual on the Moodle site, which is always updated but not complete. Therefore, users need to take measures.
3-1. Regularly update Moodle when releasing new versions
Please update Moodle regularly as new versions are released periodically.
The older the version, the higher the likelihood of containing vulnerabilities.
3-2. Set a Strong Password
By setting a "difficult" password, you can protect against brute force account cracking.
You can set password policies under "Settings > Site Management > Security > Site Policies". You can also make the following conditions mandatory: password length, numbers, lowercase letters, uppercase letters, non-alphanumeric characters, and prohibition of consecutive identical characters.
3-3. Only give permission (teacher account) to trusted users
Teacher accounts have extremely free authority, so it is easy to create situations where data can be misused and stolen.
3-4. Implementing Cloud Packages
Using different passwords for different systems, using different machines for different services, etc. By doing this, even if one account is compromised or one server is breached, it prevents damage from spreading to a wide range.
4. Summary
In the previous chapter, we described the basic precautions to take with Moodle security.
Of course, it is possible to operate Moodle on your own,
but to make the most of Moodle, it is best to seek the help of an official Moodle partner.
In Japan, there are several official Moodle partners, but this time we will introduce Human Science Co., Ltd., which has a wealth of experience.
4-1. What is Human Science?
Human Science is an official partner of Moodle. In 2017, we were certified by the Australian headquarters of Moodle and became an official partner. Only companies with expertise and achievements in building and developing Moodle are certified. Certified companies exist all over the world, but there are only a few in Japan.
We utilize our expertise and track record as the number one provider in Japan (over 700 projects and more than 80 cases for companies, schools, and organizations) to offer a total solution for the implementation and operation support of Moodle.
Next, we will explain the services provided by Human Science Co., Ltd. in stages.
4-2. Introduction Design
<Client Situation Hearing and Proposal>
We will support the setting of Moodle in order to realize the education flow that the client wants to perform.
Moodle has a wealth of features, so we will make it easy for learners to use by assuming how to use it. With Moodle settings, you can show/hide functions.
- ・Requirements Definition
We will listen to what the customer wants to achieve when introducing e-learning and finalize the specifications. - ・e-Learning Operation Process Construction Support
e-Learning operations involve various tasks such as course registration, user communication, delivery, and effectiveness measurement. We assist in building the workflow to ensure successful implementation and operation. - ・Building a demo site
We will launch a demo site and have our customers confirm the actual movement of Moodle while tuning the settings and functions.
> Moodle Implementation Support and Operation
<Moodle Construction>
Install Moodle and make it available for use.
We also provide construction to the cloud, such as AWS and Azure, in addition to on-premises (self-owned, self-operated).
We also perform replacements from existing systems to Moodle while in use.
- ・Hardware specification selection
Determined by the number of users and usage. - ・Middleware Installation
Install open source middleware such as apache (Nginx), php (php-fpm), and postgresql. - ・ Moodle Installation
- ・ Moodle Settings
Configure Moodle based on usage assumptions. - ・Customization, Plugin Development
We provide customization and plugin development services for features that are difficult to achieve with Moodle's standard functions.
In addition, we also offer a cloud service called e-CoreLea.
You can use an environment with Moodle already installed and configured, so there is no need for you to prepare, build, install, or set up servers, networks, etc.
We also have plans that include video distribution and course materials. Please contact us for more details.
4-3. Operational Support
Usage Seminar
We will hold a seminar on how to use Moodle.
The lecture will be conducted in a web conference system (such as Zoom) and is expected to last about 5 hours per day. The explanation will cover preparation, user registration, course registration, creating quizzes, downloading grades, and creating surveys.
Operation Manual
We will create a tutorial manual on how to use Moodle.
> Moodle Introduction, Seminar, and Manual
Regular Maintenance (Version Upgrade)
Moodle has many versions available.
Human Science Co., Ltd. supports version upgrades.
> Moodle Version Upgrade
Contact Support
We provide support services for Moodle via phone and email.
Moodle is open source and free, but maintenance and operation are the responsibility of the user.
The main services include the following:
- ・Support via phone and email for inquiries regarding Moodle operations
- ・Deliver a monthly report summarizing the contents of inquiries as a monthly report
- ・Investigation of Moodle bugs (fixes will be done separately)
※Support for operating and managing Moodle, as well as regular maintenance such as server environment updates and new information on new features will be provided.
> Moodle Maintenance and Operation
> Frequently Asked Questions about Moodle Implementation and Operation Support
From the above, it can be understood that Human Science Co., Ltd. provides support for the implementation and operation of Moodle. For those who want to know more details, you can obtain materials from the link below.
At Human Science Co., Ltd., we offer various services to help our clients introduce and operate e-learning.
If you have any concerns, please feel free to contact us.
> eLearning Material Production
> eLearning Material Translation
> In-house Material Production Support
> Articulate Storyline, Studio Implementation and Creation Support Service
> Microlearning Implementation Support
> Flash to HTML5 Migration and Conversion
> Moodle and Totara Learn (Open Source LMS) Implementation and Operation Support
Contact Form: (https://hs-learning.jp/contact/)
Moodle Implementation and Operation Guide
We explain the process of introducing and operating Moodle.
For the introduction and operation of Moodle, please leave it to Human Science, the official partner. We also introduce many achievements in Moodle implementation support.
Projects: Over 866
Companies, Schools, Organizations: Over 80 cases
Moodle Related Information
- 2024.04.02
- English Learning Using Moodle and ChatGPT