During the last year of the pandemic, many people have been working remotely, or on the road. In well managed environments this creates some support issues, as we like to use an allowed IP list to grant access to website control panels.
For example, a Magento store control panel should be locked down so that random “script kiddies” can’t try to brute force logins. This type of attack can have a significant impact if successful, but even the existence of such an attack can hurt site performance.
On the developer side, this is even more critical, as ssh access is closer to the core of the infrastructure, so we restrict ssh access at the Virtual Private Cloud (VPC) firewall level.
In Webscale’s case, it only takes a ticket to the support team to update these allow lists, but we also provide customers with access to the admin panel allow list via the Webscale Customer Portal to update the list themselves.
One way to avoid the need to do this, is to use a virtual private network, also called a VPN. A VPN allows remote workers and developers to virtually make themselves part of the company’s private network. Hence the term VPN.
Another advantage of a VPN is that it encrypts and conceals all network traffic, so that if you are working from a coffee shop, or hotel, an attacker cannot see anything except the traffic between the client computer and the VPN endpoint, giving another layer of protection.
What the? Virtual Net?
Now you are going to wonder how to accomplish this wonderful virtual network. Fortunately it’s a pretty easy question to answer, however there are varying degrees of complexity.
We have one customer who has a grand total of 3 IP addresses in their allow list. 2 are corporate office addresses and one is a static IP address provided by a commercial VPN company. There is a lot of information out there about this type of VPN, but https://pixelprivacy.com/VPN/dedicated-ip-VPN/ might be a good starting point. Please note that Webscale is not making a specific recommendation as there is so much variation in needs and costs.
The next option would be a VPN hardware appliance. Covered here: https://www.lifewire.com/best-VPN-enabling-devices-4140254
Lastly, and most complex would be to self host a VPN server on a system installed in your office. This system could be Windows or Linux based. Most of the Webscale Site Reliability Engineering (SRE) staff would probably go this route, as it is most flexible and powerful. It’s also the most complex, so make sure you have the right personnel available to get the job done.
Selecting the best option is a question of return on investment – any of them will improve your efficiency and security, which at the end of the day will help you sell more on your storefront.
Webscale protects thousands of ecommerce storefronts every day, and we’d be happy to help you figure out the best security solution for your site as we all traverse this new normal. To learn more, reach out to us at info@webscale.com
