The defense in depth strategy
From previous chapters, you will have recognized that no single security measure can provide absolute protection for our Moodle instance, so we are implementing a combination of safeguards to mitigate the risks of various types of cyber threats.
Defense in depth is a cybersecurity strategy that involves implementing security controls and recovery plans at as many of the different layers in our organization’s information systems as possible. Any online framework that allows users to upload or embed content is at risk from cyberattacks, and Moodle is no exception. The Moodle framework does provide internal functions to sanitize input – assuming the plugin author is using them. However, it is possible even for sanitized input to deploy malicious code to a Moodle user’s computer via their browser. To mitigate this risk, our Moodle web server can be configured to instruct the browser to restrict the web domains from which it should download...