MongoDB provides a number of
constructs to improve the security of your data. The security of your
data in MongoDB is paramount - so it is important to leverage these
constructs to reduce your surface area. Here are 10 tips you can use to
improve the security of your MongoDB servers on premise and in the
cloud.
1. Enable auth
- Even if you have deployed your Mongodb servers in a trusted network
it is good security practice to enable auth. It provides you "Defense in
depth" if your network is compromised. Edit your mongod configuration
file to enable auth
auth = true
2. Don't expose your production db to the internet
- Restricting physical access to your database is an important aspect
of security. If it is not necessary do not expose your production
database to the internet. In case of any compromise if an attacker
cannot physically connect to your MongoDB server, your data is that much
more secure. If you are on AWS you can place your db's in a VPC private
subnet. Read the blog post Deploying MongoDB in a VPC for more information.
3. Use firewalls
- Use firewalls to restrict which other entities are allowed to connect
to your mongodb server. Best practice is to only allow your application
servers access to the database. If you are hosted on AWS use 'Security
groups' to restrict access. If you are hosted on a provider that does
not support firewall constructs you can easily configure it yourself
using 'iptables'. Refer to the mongodb documentation to configure iptables for your scenario.
4. Use key files to setup the replica set
- Specify a shared key file to enable communication between your
mongodb instances in a replica set. To enable this add the keyfile
parameter to the config file as below. The contents of the file need to
be the same on all the machines.
keyFile = /srv/mongodb/keyfile
5. Disable HTTP status interface
Mongodb by default provides a http interface running by default on port
28017 which provides the "home" status page. This interface is not
recommended for production use and is best disabled. Use the
"nohttpinterface" configuration setting to disable the http interface.
nohttpinterface = true
6. Disable the REST interface
The monogdb REST interface is not recommended for production. It does
not support any authentication. It is turned off by default. If you have
turned it on using the "rest" configuration option you should turn it
off for production systems.
rest = false
7. Configure Bind_ip
If your system has multiple network interfaces you can use the
"bind_ip" option to restrict your mongodb server to listen only on the
interfaces that are relevant. By default mongodb will bind to all the
interfaces
bind_ip = 10.10.0.25,10.10.0.26
8. Enable SSL
- If you don't use SSL your data is traveling between your Mongo client
and Mongo server unencrypted and is susceptible to eavesdropping,
tampering and "man in the middle" attacks. This is especially important
if you are connecting to your Mongodb server over unsecure networks like
the internet.
9. Role based authorization
- MongoDB supports role based authentication to give you fine grained
control over the actions that can be performed by each user. Use role
based constructs to restrict access instead of making all your users
admins. Refer to the roles documentation for more details.
10. Enterprise MongoDB & Kerberos Enterprise mongodb integrates with Kerberos for authentication. Refer to the mongodb documentation for more details. Username/password systems are inherently insecure - use kerb based authentication if possible.