NYTimes recently published this article which was a really interesting read about the use of encryption for student data and sessions and why institutions and other stake holders (tech-savvy and information sensitive parents) are taking a hard look at the security of the LMSes their students are using.
http://www.nytimes.com/2013/06/23/business/data-security-is-a-classroom-worry-too.html
In brief, a Cisco engineer started looking into the LMS his child was using (Edmodo) and realized that profile information was not encrypted. Upon examination of another LMS, Schoology it was found that they also were not encrypting student sessions (though the Login was encrypted). The worry?
Without that encryption he worried about the potential for a stranger to gain access to student information, and thus hypothetically be able to identify or even contact students…
But, no matter their vigilance [schools] should be transparent with parents about the potential risks of online learning networks. “It’s not the school’s decision to make,” [the parent] said. “You should let the parents know.”
At StraighterLine we use Secure Sockets Layer (SSL) for authentication, throughout our profile site and then on into Moodle as well. Student sessions in Moodle are all encrypted through SSL but not without time, effort and expertise to ensure that it was working before our site launched. Thankfully Moodlerooms, our Moodle hosting provider had a skilled staff member to help us through the implementation. Moodle does have the ability to use SSL for the login, but the same vulnerability discussed in the Times may be present on many Moodle sites.
For more on Moodle security including tips and tricks to make your site more secure check out http://docs.moodle.org/25/en/Security_recommendations.
[…] IT staff and recommendations to promote security among students. Some of the most basic ones is to add SSL certification, keeping students profiles available for logged in users only, even disabling user fields or the […]