Firewall help (hardware or software)
Posted on 2015-02-19
I'm looking to setup a firewall to place in front of our ecommerce shop and associated servers. I have a general understanding of firewalls but I'm not experienced with business level / hardware firewalls and I'm hoping someone can help me understand these better so that I make the right choice for our application.
Recently, our Magento shop was exploited due to a 3rd party extension (Magmi) and the hacker ended up installing a web shell and modifying some core files to skim credit card details of unsuspecting customers. We found their malicious code and disabled credit card processing in the meantime but we don't really know what else they were able to do with that web shell.
Right now we're basically rebuilding our shop on a new server and we'll be moving the data over to it. We're also going to step up our game with security as much as possible at the server level (filesystem monitoring, disabling dangerous functions in php, frequent scanning for malicious files, and more) but I want to go further than that.
What I'm trying to understand is if these business level firewalls would have been able to catch this type of activity and block it. In simpler terms, do these firewalls add rules to protect against known exploits like the Magmi one that affected us? I.e., would they catch this type of stuff going in and out? I'm assuming that's what they charge monthly subscription rates for, right?
If so, what's an economical but reliable route to go? We have 2 web shops that do anywhere from 20-80 transactions per day but there are days (new product launches) where transactions can spike up to 1000+ over the course of a 24 hour period.
Are there good software solutions that we can use if we have our own hardware (we have a bunch of machines and components laying around) or should we focus on only using a hardware solution from a known company?
I hope I'm clear with what I'm after, thanks for your help!