What measures must be taken on the network perimeter to secure an Odoo server?
The network perimeter is not a static barrier that’s surrounding our system, rather a dynamic one. What makes it dynamic are the systems that interact with the network perimeter.
So the question is: What perimeter security measures can be taken to protect servers running Odoo ERP?
Security expert Thomas Saliou provides following guidance to companies using Odoo:
Encryption with Certificates
Encryption with Certificates
Most basic measure for every Odoo installation, is to never transmit data using HTTP, rather only HTTPS..
Open Ports Selectively
Secondly, ensure that your server is exposing only the necessary ports and services.
So if you are using HTTPS for making Odoo available and SSH for administrative purposes you don’t need to open other ports on the system to allow database connectivity or any other type of activity that is not necessary for the purpose of exposing Odoo to the internet and perhaps to other systems.
If you have a system that is connecting to Odoo to fill information in, for example POS connectivity to a store, then you need to make sure that this is secure and this would be the security perimeter around the application.
IP Whitelisting
Another way would be IP whitelisting. It’s an extreme measure, but if you know which IPs are used to connect to the system you could also whitelist those IPs to only authorized users with known IPS to connect to the system.
Connected Systems
Consider also connected systems. ERPs usually are connected to other systems, collecting database for users, a database for inventory, sales, cashier systems. If so, review and ensure that the encryption mechanisms are put in place so that information is not flying on the network, vulnerable to man-in-the-middle attacks.
Outbound Data
Data that is leaving the Odoo ERP should be protected. For example, notifications, documents and reports by outbound mail. Often there are 3rd party modules that are fetching data from the ERP. These must be protected in the scope of perimeter security.
Thomas SALIOU is a Security Architect at a major french financial services group handling online and offline consumer payments. Contact us for a Security Audit of your Odoo implementation at odoo-security@simplify-erp.com
