This is a guest post by Graeme Caldwell. Graeme is is a writer and content marketer at Nexcess, a global provider of hosting services, who has a knack for making tech-heavy topics interesting and engaging to all readers. His articles have been featured on top publications across the net, TechCrunch to TemplateMonster. For more content, visit the Nexcess blog and give them a follow at @nexcess.
Web application firewalls help to keep Magento stores safe from compromise and data loss by blocking suspicious requests before they reach the eCommerce application itself.
Online stores are a prime target for criminals, including Magento stores. To sell online, eCommerce retailers rely on the trust of their customers, who hand over personal data including credit card numbers and physical addresses. In the private sector, only banks and healthcare providers hold more sensitive information. That makes eCommerce stores a valuable prize, and it’s why Magento store owners should take advantage of the security tools and best practices available to them.
Web application firewalls are one such tool. A firewall is a software application or hardware device that monitors traffic flowing across networks. It examines the data it receives and makes decisions about whether to let it continue its journey.
For example, when we use a firewall to block access to a port, it looks at all incoming data and drops everything addressed to that port. But firewalls are specialized to handle specific types of network traffic and protocols.
Networks Upon Networks
Networks can be thought of as divided into layers, each of which supports the layer above it. The OSI model divides networks into seven layers: the physical, data link, network, transport, session, presentation, and application layers.
IPtables, a firewall found on most Linux web hosting servers, works at the network layer. It can block inbound and outbound data for ports and IP addresses according to rules supplied by the user, but it doesn’t do much for attacks against the application layer — attacks against Magento itself.
These attacks include cross-site scripting attacks, injection attacks, and attacks that seek to exploit vulnerabilities in the application, attacks that are delivered over HTTP, an application layer protocol. As far as iptables is concerned, these attacks are legitimate requests to the application.
Web Application Firewalls
Web application firewalls work at Layer 7 — the application layer. WAFs monitor HTTP requests for patterns that match known attacks. If an attacker tries to create a request that might result in an SQL injection the WAF can drop it before it hits the application itself. Web application firewalls work in concert with tools like iptables to prevent a wide range of attacks.
A major benefit of WAFs is that they can be updated, often in real time, to block emerging threats against the application layer. In this way, a WAF can protect a Magento store from known vulnerabilities for which it has not yet been patched. WAFs can also monitor outgoing data for suspicious patterns, such as credit card information being sent to an attacker.
In its guide to Security Best Practices, Magento recommends that store owners use a web application firewall.
Web Application Firewalls And Magento
There are several web application firewalls that can be used with Magento. ModSecurity is an open source WAF that provides real time application security monitoring, HTTP traffic logging, and web application hardening.
Without a web application firewall, a Magento store is exposed to a wide range of attacks. An up-to-date and properly secured Magento store is likely to be immune to most attacks, but the extra layer of security provided by a web application firewall is justified, given the sensitivity of the data submitted by eCommerce customers.
Feel free to ask them in the comment section below.