Moodle 4 Security – A Review
Introduction
“Moodle 4 Security” is a new book by Ian Wild and published by Packt, available on Amazon: www.amazon.com/dp/1804611662. In this post I review the book and share my thoughts with you. For this purpose I have been given a free copy of the book, both print and digital by Packt. However I am independent and all my views and opinions are my own.
Disclaimers
Names / logos can be trademarks of their respective owners. Please review their website for details.
I am independent from the organisations mentioned and am in no way writing for (except in terms of a review of their publication) or endorsed by them.
The information presented in this article is written according to my own understanding, there could be technical inaccuracies, so please do undertake your own research.
The featured image is copyright of Packt, used with permission.
Overview
When I was first asked to review Ian’s book I was intrigued. I’ve been a Moodle plugin (sometimes core) developer for quite some time and run several local Moodle installations. But they are development ones, only accessible within my own small network. Apart from being a facilitator of the MoodleBites Server Administrator course (www.moodlebites.com/course/index.php?categoryid=22) I spend most of my time developing with security considerations relating to the code I write, and that of my general day to day use of computers as a work tool. Previously I have gained an appreciation of computer security on my MSc. Critically though, I believe that there is always something new to learn and discover, to understand what others have to say and appreciate their experience.
The review
The book has 288 pages with 11 chapters and 4 parts. Each chapter covers a different aspect of the overall umbrella of the subject and is contained within a distinct part. Ian establishes a flow through the book between the chapters, employing the use of an imaginary company / Moodle instance “Mathaholics”, https://mathaholics.co.uk/, to form a basis upon which to understand the material being presented in a real world situation.
The initial focus, part 1, however is not Moodle, but a primer to security itself. It is a basis for all whom are involved, technical and non-technical, in the operation of a Moodle site to appreciate the ‘why’ security of the installation is required and necessary. The words make you think, question and analyse your own situation. The need to bring all of those involved together and really consider the process that needs to be undertaken.
Part 2, ‘Moodle Server Security’ is definitely aimed at those with technical knowledge and understanding. It is a real ‘how’ rather than a ‘why’ this is done. But needs to be appreciated at the same time by those whom are non-techincal and ‘hold the purse strings’ to know why the investment needs to be made, combined with the amount of effort to do so. Especially in relation to backup and disaster recovery.
Part 3, ‘Moodle Application Security’ is again, technical in implementation but there is a focus for discussion with others on the results in terms of what is found and what needs to be done about it.
Part 4, ‘Moodle Infrastructure Monitoring’ is focused on now monitoring your site to detect issues before they become a problem.
Overall the ‘key’ word that sticks in my mind is ‘comprehensive’. There is a lot to understand here with many, many different elements and tools. The book is an ‘umbrella’ for the subject but by no means all of the subject. There are places where Ian states along the lines of ‘beyond the scope’ and leads you to consider other more detailed sources of information. Not because the book is lacking, but rather because of the complexity and scale of security in relation to running an online website that is exposed to the world with all its dangers.
I feel that even though I have read the book as a single person, that in fact it would be purchased by a business for their use. Each specific aspect to be read by specific individuals, then come together as a team and discuss the overall strategy for implementation. Then after a while, revisited to confirm that what has been implemented is still working, that the procedures put in place are operational, effective and up to date. A reference that you’ll make use of for many years to come.
I don’t doubt that the information and concepts are discussed elsewhere, but what the book does do is bring them all elegantly and precisely related to the Moodle context. It makes you think, question your installation and then go on to consider ‘What more can I do’?
Conclusion
Overall I’m impressed and believe that if I hadn’t have been given a copy to review that I would have still purchased the book myself.
- Moodle 4 Security – A Review – 16th April 2024
- A little bit #fab – 16th March 2024
- Static framework – 16th February 2024
