Upload
habilelabs
View
53
Download
2
Embed Size (px)
Citation preview
SECURITY
Monika MathurFullStack Developer
Habilelabs.io
CONTENTS
1. Introduction MongoDB security
2. Why mongoDB security important
3. How to secure your mongodb
SECURITY
Niall Merrigan, security researcher and Microsoft developer based in norway, has been tracking the mongodb ransom incidents, and in one day, he saw the number of attacks more than double from 12,000 to 27,633.
SECURITY ATTACKS
Attackers have been accessing databases, copying files, deleting everything and leaving a ransom note promising the return of the data for a fee.
WHAT HACKER DO WITH DATABASES
SECURE YOUR DATABASE
REFERENCE ARCHITECTURE
Clients
Storage
Administrators
Authentication Authorization Auditing Encryption
AUTHENTICATION
Clients
Storage
Administrators
Authentication Authorization Auditing Encryption
Which users/apps are accessing the
DB
Which nodes are joining the cluster
Which users are accessing
the DB
AUTHENTICATION MECHANISM
Client/User Auth• SCRAM-SHA-1
• MONGODB-CR
• X.509
• LDAP
• Kerberos
Internal Auth• Keyfile (SCRAM-SHA-1)
• X.509
AUTHENTICATION MECHANISM
SCARAM-SHA-1
MONGODB-CR
X.509
LDAP
Kerberos
Community
AUTHORIZATION
Clients
Storage
Administrators
Authentication Authorization Auditing Encryption
What permissions does an App
have?
What permissions
does an Admin have?
What data can a user see?
What data can an admin see?
WHY ROLE BASE ACCESS CONTROL
BUILT IN ROLES
USER-DEFINED ROLES
ACTIONS
RESOURCES
AUDITING
Clients
Storage
Administrators
Authentication Authorization Auditing Encryption
Who made which changes
and when?
Who made which changes
and when?
AUDITING
1. Add accountability
2. Investigate suspicious activity
3. Monitor database activity
AUDITING
ENCRYPTION
Clients
Storage
Administrators
Authentication Authorization Auditing Encryption
SSL Encryption
SSL Encryption
File system Encryption
ENCRYPTION TYPE
1. Transport Encryption
2. Encryption at rest
TRANSPORT ENCRYPTION
ENCRYPTION AT REST
Thank You
CONTACT US
• Development Center :Habilelabs Pvt. Ltd.4th Floor, I.G.M. Senior Secondary Public School Campus,Sec-93 Agarwal Farm, Mansarovar, Jaipur(Raj.) – 302020
• Email : [email protected]
• Web : https://habilelabs.io
• Telephone: +91-9828247415 / +91-9887992695