November 29, 2018

When we talk about Magento security, the focus is often on securing the server and the eCommerce application itself. That makes sense because it is where most attacks are directed. Script injection, brute force, and remote code execution attacks are aimed squarely at the server. But there are other attack vectors to take into account, particularly endpoints.
eCommerce stores have a client-server architecture. The server is the application itself. Magento trusts authenticated clients, but these endpoints are not always trustworthy. A simple example of this problem is a logged-in mobile device. If an employee with an administrator account loses an insecure mobile device, whoever finds it may be able to access the store.
Endpoints can be used to circumvent even the best designed security strategies because they are trusted. In addition to ensuring that Magento is secure, everyone with admin permissions on a store or an SSH account on the server must follow endpoint security best practices.

Use two-factor authentication

Once a computing device — a laptop, perhaps — is stolen, it is best to assume that the thief has access to every password stored on it. Two-factor authentication, provided by an extension like Sentry, will stop an attacker who only has access to the password.

Secure endpoint devices

Modern devices and operating systems provide strong security and authentication systems. The MacBook I am writing this article on uses full-disk encryption and fingerprint authentication. Most mobile devices provide similar encryption and biometric authentication.
These security measures are only effective if they are used. Anyone with an admin account on a Magento store should take full advantage of their device’s built-in security.

Access your store over a VPN

A Virtual Private Network (VPN) encrypts information that moves between the endpoint device and a Magento store. This prevents a third-party from intercepting sensitive information with a man-in-the-middle attack.
A VPN is particularly important when site owners use insecure protocols such as FTP to transfer data to their server.

Remove unused accounts

Retailers often provide accounts for employees or freelancers so that they can work on the Magento store or its server. When the employee no longer needs access, the accounts should be deleted as soon as possible.
On a related note, if you do need to give access to a developer, designer, or other professional, create a new account for them. Don’t use the same account for more than one person. If everyone uses the same account, revoking access will be a huge headache.

Minimum necessary access

Give people the least access they need to get their work done. If they don’t need an administrator account, don’t provide one. If a developer doesn’t need access to your server’s root account, don’t let them have it. Magento includes powerful Access Control Lists so that store owners can specify which parts of a site an account can access. Familiarize yourself with how ACLs work and use them to restrict the access of account holders.
Endpoint security is too often neglected, but Magento store owners should be aware of the risks and what they can do to keep their store safe.

Miguel Balparda
Miguel Balparda

Who is Miguel? If you’re part of the Magento community, chances are you already know. As a Magento Master and open source Community Maintainer, Miguel can be found traveling the world imparting his Magento wisdom at events and approving pull requests everywhere else.

We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.