Review Site Security

Learning Objectives

After completing this unit, you’ll be able to:

List the common elements of a security strategy.
Describe what happens in a security assessment.
Describe three best practices that can help protect Salesforce B2C Commerce customizations.
List security tools and services that you can use for each layer of the B2C Commerce architecture.
Explain how you can limit access to Business Manager based on IP addresses.

Trust Is the Most Important Value

At Salesforce, trust is our number one value. To that end, security is built into every layer of the B2C Commerce platform to protect merchant implementations and data. And with good reason—according to Distil Network, nearly 38% of internet traffic in 2018 was not human and approximately 21% of ecommerce traffic was malicious. (Distil Network, 2019 Bad Bot Report).

The responsibility for trust is shared between Salesforce and the merchant. Safeguarding storefront and shopper data is an important job that Linda Rosenberg, Cloud Kicks admin, translates into a four-pronged security strategy.

Access: Focus on user and shopper security.
Protection: Implement eCDN to protect storefront data.
Monitoring and support: Monitor your site to ensure protection works.
Customization: Ensure new code and features meet security requirements.

Linda Rosenberg, Cloud Kicks admin

This table shows who’s responsible for each aspect of this strategy.

Salesforce	Merchant
Prepare merchants for an evolving threat landscape. Provide solutions that enable the merchant to keep their data secure. Educate merchants on the need and options for enhanced security.	Adopt the latest security controls and features available. Continually monitor user behaviors and event logs. Protect sensitive shopper data in alignment with compliance standards. Stay up to date with patching.

The Salesforce computer security incident response team (CSIRT) monitors systems 24/7. If they identify traffic behavior anomalies, they proactively contact the merchant to discuss the behavior and assist in further investigation.

If Linda detects malicious activity impacting her sites, she contacts the Salesforce technical support and security teams who can help her investigate and determine an immediate mitigation strategy. They also recommend preventative measures to reduce the risk of recurrence.

Attacks can come in many ways. Merchants must learn how each type of threat could impact their business and tailor prevention and mitigation tactics to address their specific concerns.

Security Assessments

Linda requests a B2C Commerce security assessment to help identify issues so she can correct them. To minimize unintended consequences to the production instance, they perform the assessment on a sandbox environment that mimics production.

To initiate the text, she sends an email to Salesforce at securityassessment@salesforce.com with the required information in an attached form, along with AWS approval, which has a separate process. Security assessment requests must be sent at least 7 business days prior to the test start date.

If your site uses AWS, follow their assessment request process for penetration testing.

Security and Best Practices

The B2C Commerce platform defends against attacks in many ways, from the basic platform to LINK cartridges.

The B2C Commerce security architecture includes layers for the platform, application and platform features, customization, and LINK solutions.

Platform Security

The B2C Commerce built-in embedded content delivery network (eCDN) adds another layer of protection for its point of delivery (POD) origins. With a network 15 times greater than the largest recorded distributed denial of service (DDoS) attack and trained knowledge of previous and suspect attackers from millions of sessions, this eCDN easily thwarts volumetric and protocol attacks without impact to merchant storefronts.

A POD is a collection of computing, networking, and storage services that combine to host a multitenant SAAS application.

Application and Platform Features

B2C Commerce is all about custom code and features. It’s what lets merchants like Cloud Kicks shine in the online retail market. Salesforce encourages them to take a defense in depth approach, using the built-in features of the platform and customizing their implementation to include further defenses from attacks.

The embedded CDN and web application firewall work together on this platform to thwart volumetric, protocol, and application attacks before they impact storefront availability and performance.

Customization

Merchants can fine-tune their B2C Commerce implementations in several ways. They can use custom code to implement challenges to malicious site activity. They can use the B2C Commerce Web Services framework to monitor, filter, and challenge suspicious traffic specific to their business requirements with out-of-the-box tools and recommended best practices. Here are some examples.

Best Practice	Description
CAPTCHA	Requires a shopper action for access to the site. Offers levels of interaction such as simple character entry or visual identification on tiles. Use for applications such as: Gift card balance Order tracking Login and password reset
Rate Limiting	Allows a maximum number of calls in a specified time interval. The rate limit is checked prior to every invocation of the web service. When the limit is reached, the application throws a ServiceUnavailableException.
Circuit Breaker	Suspends calls to a web service if a certain number of calls fail within a specified time interval. Checks whether the limit of failed calls is reached prior to every invocation. When the limit is reached, the application throws a ServiceUnavailableException.

LINK Solutions

The B2C Commerce partner community provides fraud prevention and bot detection solutions. The platform has an extensive portfolio of third-party certifications. In addition, Salesforce is a payment card industry data security standard (PCI-DSS) Level 1 service provider with several resources to help merchants maintain their PCI compliance.

Security at Every Layer

Security tools and services live in every layer of the B2C Commerce architecture.

Layer	Services
Application	Identity and single sign on Password policies WAF User roles and permissions Vulnerability scanning MFA Credit card encryption
Network	HTTPS encryption: TLS 1.2 Access controls Advanced threat detection Secure firewalls eCDN
Infrastructure	Secure data centers Backup and disaster recovery Real-time replication Third-party certifications 24/7 monitoring

Linda explores how B2C Commerce handles some of these at the application layer.

IP Address Access via Business Manager

Linda can limit access to Business Manager based on IP addresses via an allowlist and blocklist. These lists lock out attackers who’ve obtained valid credentials through illegitimate means. For example, a former employee obtained credentials when they were employed, or a non-employee obtained them via social engineering. These lists aren’t intended to prevent brute force attacks. They are just an easy way to block direct access. Here’s how the lists apply, depending on how the users logs in.

What the user logs in with	They are not using	The lists apply
Business Manager	Unified Authentication	Before credentials are verified
WebDAV or the agent user login process	Unified Authentication	After credentials are verified
Unified Authentication		After credentials are verified

In this module, we assume you are a Salesforce B2C Commerce admin with the proper permissions to perform these tasks. If you’re not a B2C Commerce admin, that’s OK. Read along to learn how your merchandiser would take these steps in a staging instance. Don’t try to follow our steps in your Trailhead Playground because B2C Commerce isn’t available in the Trailhead Playground.

If you have a development instance of B2C Commerce, you can try out these steps in your instance. If you don’t have a development instance, ask your manager if there is one that you can use.

Here's how to create the lists.

Open Business Manager.
Select Administration > Global Preferences > Security.
Click the Access Restriction tab.
- Enter a range of allowlisted IP addresses that are allowed to access Business Manager.
- Enter a range of blocklisted IP addresses not allowed to access Business Manager. If an IP address is both blocklisted and allowlisted, it’s denied access.
- Select if you want invalid login attempts recorded to the error log.
- Enter one or more email addresses, separated by a semicolon to have an email sent when an invalid login attempt occurs.
- Select if you want to block login access to non-specifically allowlisted IP addresses.
- Select if you want invalid login attempts to count toward the failed login count. Choosing this option can result in a user being locked out.

Secure Code via OCAPI

Security begins at the code level. Developers should not code API keys directly into their code. Instead, they should store them inside the application’s source tree. OCAPI credentials are similar to user accounts. Linda reviews them periodically along with user accounts.

Here’s what else you can do to keep OCAPI secure.

Use permissions and keep permissions to resources as tight as possible, adhering to the principle of least privilege.
Use other types of restrictions such as accepted OCAPI versions.
Delete unneeded API keys to minimize exposure to attacks and regenerate API keys periodically.
Use different OCAPI IDs for different instances and purposes, for example don’t share the same OCAPI ID across development and production instances.

Next Steps

In this unit, you learned how merchants and Salesforce share responsibility for a secure storefront. You learned about security assessments, best practices, and how there must be security at every layer of the B2C Commerce architecture. Next, explore multi-factor authentication and SSL certificates.