SlideShare una empresa de Scribd logo

Securing Your MongoDB Implementation

Descargar como PPTX, PDF
MongoDB
MongoDB

In this session, we'll provide a preview of the security features that we are working on for the next version of MongoDB.

TecnologíaEducación
1 de 38
#MongoDBLondon Securing your MongoDB Implementation Mark Hillick - @markofu Engineer, 10gen
Agenda 1. Securing MongoDB 2.2 2. Securing MongoDB 2.4 3. Outside of MongoDB 4. Vulnerabilities 5. Documentation 6. Futures 7. Q & A Securing your MongoDB Implementation, Mark Hillick
Securing MongoDB 2.2
Securing MongoDB 2.2 Authentication – Simple user/password scheme stored in MongoDB Authorization – Per database: no access, read, or read-write Auditing – Authentication requests logged – Some actions / changes captured in log Securing your MongoDB Implementation, Mark Hillick
MongoDB SSL SSL encryption SSL encryption for client for inter-server connection traffic Primary Secondary Application Data Files Data Files Keyfile establishes trust http://docs.mongodb.org/manual/administration/ssl/ Securing your MongoDB Implementation, Mark Hillick
Securing MongoDB 2.4
Authentication
External Authentication Use common / standardized authentication SASL: Simple Authentication and Security Layer – Framework for building authentication Kerberos – GSSAPI, drivers will be updated – Mixed system.users can work during transition Securing your MongoDB Implementation, Mark Hillick
Authentication with only pwd hash • Use one-way function F I am “marko@10gen.com”, let me in Knows Mongod only my Prove it, here is a random # N passwor d hash Here is F(N, hash(<mypwd>)) Nobody else could know Hash never that, welcome back marko! transmitted over the network! Securing your MongoDB Implementation, Mark Hillick
Authentication with Kerberos (2.4) I am “mark@10gen.com”, help me prove it to mongod KDC UDP:88 - Here is a TGT TCP:27017 Welcome, he Here is a re is a Kerberos Service TGT Ticket! UDP:8 8 Mongod { user: ”mark@10gen.com", roles: ["readWrite"], userSource: "$external" } Securing your MongoDB Implementation, Mark Hillick
Authenticating & Connecting # kinit mongouser …. # klist … 03/11/13 09:30:30 03/12/13 09:30:30 … # mongo mongodb.10gen.com/$external - -authenticationMechanism=GSSAPI -u mongouser@10GEN.COM Securing your MongoDB Implementation, Mark Hillick
Starting the Database env KRB5_KTNAME=/etc/kserver1b.keytab /usr/local/bin/mongodb/bin/mongod --auth --setParameter authenticationMechanisms=GSSAPI --dbpath /data/db --fork --logpath /var/tmp/mongod_auth.log --replSet realm4 --keyFile /etc/keyfile Securing your MongoDB Implementation, Mark Hillick
Authorization
AUTHORIZATION • Issues with 2.2 • 2.4 introduces roles – Admin level roles • UserAdmin – DB level roles • ClusterAdmin • User Admin • DB Admin • Read • ReadWrite
AUTHORIZATION Corresponding • Issues with 2.2 Admin level roles for AllDatabases – Only Read / ReadWrite  – Edge-case with possible privilege escalation • 2.4 introduces roles – Admin level roles – DB level roles • UserAdmin • User Admin • ClusterAdmin • DB Admin • Read • ReadWrite Securing your MongoDB Implementation, Mark Hillick
ADMIN DB • ClusterAdmin • AllDatabases Source:https://wellsted135.files.wordpress.com/2012/10/special.gif Securing your MongoDB Implementation, Mark Hillick
Password Admin DB Accnts DB hashes • UserAdmin • UserAdmin • ClusterAdmin App DB Product • UserAdmi DB n • UserAdmin • dbAdmin • dbAdmin Customer • ReadWrite BI DB • • Read ReadWrite DB • UserAdmi • Read • UserAdmin n • dbAdmin • dbAdmin • ReadWrite • ReadWrite • Read • Read Securing your MongoDB Implementation, Mark Hillick
I can do anything but I won’t be I can add and required to do much remove shards DB Admin: UserAdmin DB Admin: ClusterAdmin I can I can grant I can create new create privileges to users but I can’t indices, set the App DB grant them profiling, co only privileges to other mpact DB’s DB Accnts: userAdmin DB App: userAdmin DB App: dbAdmin Securing your MongoDB Implementation, Mark Hillick
Super-User userAdmin & userAdminAnyDatabase are Only these users can view details about other users – system.users collection Securing your MongoDB Implementation, Mark Hillick
I can Each DB’s userAdmin gets to I can grant create grant privileges separately privileges to indices, set the App DB profiling, co only mpact DB App: UserAdmin DB App: dbAdmin In App.system.users : { { user: “fred” , user: “george” , usersource: “Accnts” , usersource: “Accnts” , roles: [ “userAdmin” ] roles: [ “dbAdmin“ ] , } Credentials from Accnts DB } Securing your MongoDB Implementation, Mark Hillick
Auditing
Additional Logging Monitor user activity: – userID added to standard output – Not currently a separate audit log – Much more coming in 2.6
Validation
Validation Objcheck – Helps prevent DOS – Validates input – SERVER-7769 (default) Securing your MongoDB Implementation, Mark Hillick
JS Engine
JS Engine Move to V8 – Primarily performance reasons but some security benefits – Restrictions on $where & M/R/F – SERVER-8104 & Aaron Heckmann’s Blog Securing your MongoDB Implementation, Mark Hillick
Outside of MongoDB
Outside of MongoDB Firewalls – iptables & netsh – Ports, Addresses, Times, Throttle etc F/S – Encrypt (Gazzang) Best Practices – Internal Policies (Password Reuse, Scan etc)
MongoDB - Gazzang • File System Encryption • 5% performance hit with HDD, 10-15% with SSD Gazzang Key Mgmt OS Gazzang File System – All contents encrypted Securing your MongoDB Implementation, Mark Hillick
Vulnerabilities
Vulnerabilities (1) Notify – Let us know How, What, Where? – http://docs.mongodb.org/manual/administration/vulnerabili ty-notification/ – Jira (HTTPS) & (Secure) Email Securing your MongoDB Implementation, Mark Hillick
Vulnerabilities (2) How do YOU know? – MongoDB Alerts How, What, Where? – Vulnerability Notification – Jira (HTTPS) & (Secure) Email Securing your MongoDB Implementation, Mark Hillick
Documentation
Documentation Manual – http://docs.mongodb.org/manual/security/ • Security Features within MongoDB • Best Practices & Management • Strategies • Tutorials • Vulnerability Notifications • References Securing your MongoDB Implementation, Mark Hillick
Futures
Disclaimer Statements about future releases, availability dates, and feature content reflect plans only, and 10gen is under no obligation to include, develop or make available, commercially or otherwise, specific feature discussed a future MongoDB build. Information is provided for general understanding only, and is subject to change at the sole discretion of 10gen in response to changing market conditions, delivery schedules, customer requirements, and/or other factors. Securing your MongoDB Implementation, Mark Hillick
Futures Auditing – Logging to output userID associated with actions Passwords – Stronger Hashing Authorization – User Defined & More Granularity SSL – Client Cert Validation Securing your MongoDB Implementation, Mark Hillick
Thank You

Recomendados

Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Mdb dn 2016_11_ops_mgr
Mdb dn 2016_11_ops_mgrMdb dn 2016_11_ops_mgr
Mdb dn 2016_11_ops_mgrDaniel M. Farrell
 
MongoDB 2.4 Security Features
MongoDB 2.4 Security FeaturesMongoDB 2.4 Security Features
MongoDB 2.4 Security FeaturesMongoDB
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesMongoDB
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4MongoDB
 
Beyond the Basics 4: How to secure your MongoDB database
Beyond the Basics 4: How to secure your MongoDB databaseBeyond the Basics 4: How to secure your MongoDB database
Beyond the Basics 4: How to secure your MongoDB databaseMongoDB
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...MongoDB
 

Recomendados

Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Mdb dn 2016_11_ops_mgr
Mdb dn 2016_11_ops_mgrMdb dn 2016_11_ops_mgr
Mdb dn 2016_11_ops_mgrDaniel M. Farrell
 
MongoDB 2.4 Security Features
MongoDB 2.4 Security FeaturesMongoDB 2.4 Security Features
MongoDB 2.4 Security FeaturesMongoDB
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesMongoDB
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4MongoDB
 
Beyond the Basics 4: How to secure your MongoDB database
Beyond the Basics 4: How to secure your MongoDB databaseBeyond the Basics 4: How to secure your MongoDB database
Beyond the Basics 4: How to secure your MongoDB databaseMongoDB
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...MongoDB
 
Engineering an Encrypted Storage Engine
Engineering an Encrypted Storage EngineEngineering an Encrypted Storage Engine
Engineering an Encrypted Storage EngineMongoDB
 
MongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationMongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationHabilelabs
 
Beyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationBeyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationMongoDB
 
MongoDB Launchpad 2016: Moving Cybersecurity to the Cloud
MongoDB Launchpad 2016: Moving Cybersecurity to the CloudMongoDB Launchpad 2016: Moving Cybersecurity to the Cloud
MongoDB Launchpad 2016: Moving Cybersecurity to the CloudMongoDB
 
NoSQL - No Security? - The BSides Edition
NoSQL - No Security? - The BSides EditionNoSQL - No Security? - The BSides Edition
NoSQL - No Security? - The BSides EditionGavin Holt
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?wurbanski
 
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...44CON
 
Introducing Stitch
Introducing Stitch Introducing Stitch
Introducing Stitch MongoDB
 
Distributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerDistributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerLDAPCon
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
A Backend to tie them all?
A Backend to tie them all?A Backend to tie them all?
A Backend to tie them all?LDAPCon
 
Containerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesContainerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesBrian McNamara
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
MongoDB 3.4: Deep Dive on Views, Zones, and MongoDB Compass
MongoDB 3.4: Deep Dive on Views, Zones, and MongoDB CompassMongoDB 3.4: Deep Dive on Views, Zones, and MongoDB Compass
MongoDB 3.4: Deep Dive on Views, Zones, and MongoDB CompassMongoDB
 
Exploiting NoSQL Like Never Before
Exploiting NoSQL Like Never BeforeExploiting NoSQL Like Never Before
Exploiting NoSQL Like Never BeforeFrancis Alexander
 
Kerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetKerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetJ.D. Wade
 
Fluent 2012 v2
Fluent 2012 v2Fluent 2012 v2
Fluent 2012 v2Shalendra Chhabra
 
MongoDB World 2015 - A Technical Introduction to WiredTiger
MongoDB World 2015 - A Technical Introduction to WiredTigerMongoDB World 2015 - A Technical Introduction to WiredTiger
MongoDB World 2015 - A Technical Introduction to WiredTigerWiredTiger
 
Hadoop Security Preview
Hadoop Security PreviewHadoop Security Preview
Hadoop Security PreviewHadoop User Group
 
Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBMongoDB
 
Mongo db security guide
Mongo db security guideMongo db security guide
Mongo db security guideDeysi Gmarra
 

Más contenido relacionado

La actualidad más candente

Engineering an Encrypted Storage Engine
Engineering an Encrypted Storage EngineEngineering an Encrypted Storage Engine
Engineering an Encrypted Storage EngineMongoDB
 
MongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationMongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationHabilelabs
 
Beyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationBeyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationMongoDB
 
MongoDB Launchpad 2016: Moving Cybersecurity to the Cloud
MongoDB Launchpad 2016: Moving Cybersecurity to the CloudMongoDB Launchpad 2016: Moving Cybersecurity to the Cloud
MongoDB Launchpad 2016: Moving Cybersecurity to the CloudMongoDB
 
NoSQL - No Security? - The BSides Edition
NoSQL - No Security? - The BSides EditionNoSQL - No Security? - The BSides Edition
NoSQL - No Security? - The BSides EditionGavin Holt
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?wurbanski
 
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...44CON
 
Introducing Stitch
Introducing Stitch Introducing Stitch
Introducing Stitch MongoDB
 
Distributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerDistributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerLDAPCon
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
A Backend to tie them all?
A Backend to tie them all?A Backend to tie them all?
A Backend to tie them all?LDAPCon
 
Containerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesContainerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesBrian McNamara
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
MongoDB 3.4: Deep Dive on Views, Zones, and MongoDB Compass
MongoDB 3.4: Deep Dive on Views, Zones, and MongoDB CompassMongoDB 3.4: Deep Dive on Views, Zones, and MongoDB Compass
MongoDB 3.4: Deep Dive on Views, Zones, and MongoDB CompassMongoDB
 
Exploiting NoSQL Like Never Before
Exploiting NoSQL Like Never BeforeExploiting NoSQL Like Never Before
Exploiting NoSQL Like Never BeforeFrancis Alexander
 
Kerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetKerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetJ.D. Wade
 
MongoDB World 2015 - A Technical Introduction to WiredTiger
MongoDB World 2015 - A Technical Introduction to WiredTigerMongoDB World 2015 - A Technical Introduction to WiredTiger
MongoDB World 2015 - A Technical Introduction to WiredTigerWiredTiger
 

La actualidad más candente (20)

Engineering an Encrypted Storage Engine
Engineering an Encrypted Storage EngineEngineering an Encrypted Storage Engine
Engineering an Encrypted Storage Engine
 
MongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationMongoDB Security Introduction - Presentation
MongoDB Security Introduction - Presentation
 
Beyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationBeyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and Authentication
 
MongoDB Launchpad 2016: Moving Cybersecurity to the Cloud
MongoDB Launchpad 2016: Moving Cybersecurity to the CloudMongoDB Launchpad 2016: Moving Cybersecurity to the Cloud
MongoDB Launchpad 2016: Moving Cybersecurity to the Cloud
 
NoSQL - No Security? - The BSides Edition
NoSQL - No Security? - The BSides EditionNoSQL - No Security? - The BSides Edition
NoSQL - No Security? - The BSides Edition
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?
 
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
 
Introducing Stitch
Introducing Stitch Introducing Stitch
Introducing Stitch
 
Distributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerDistributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory Server
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active Directory
 
A Backend to tie them all?
A Backend to tie them all?A Backend to tie them all?
A Backend to tie them all?
 
Containerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesContainerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetes
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting Revisited
 
MongoDB 3.4: Deep Dive on Views, Zones, and MongoDB Compass
MongoDB 3.4: Deep Dive on Views, Zones, and MongoDB CompassMongoDB 3.4: Deep Dive on Views, Zones, and MongoDB Compass
MongoDB 3.4: Deep Dive on Views, Zones, and MongoDB Compass
 
Exploiting NoSQL Like Never Before
Exploiting NoSQL Like Never BeforeExploiting NoSQL Like Never Before
Exploiting NoSQL Like Never Before
 
Kerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetKerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .Net
 
Fluent 2012 v2
Fluent 2012 v2Fluent 2012 v2
Fluent 2012 v2
 
MongoDB World 2015 - A Technical Introduction to WiredTiger
MongoDB World 2015 - A Technical Introduction to WiredTigerMongoDB World 2015 - A Technical Introduction to WiredTiger
MongoDB World 2015 - A Technical Introduction to WiredTiger
 
Hadoop Security Preview
Hadoop Security PreviewHadoop Security Preview
Hadoop Security Preview
 

Destacado

Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBMongoDB
 
Mongo db security guide
Mongo db security guideMongo db security guide
Mongo db security guideDeysi Gmarra
 
MongoDB Administration 101
MongoDB Administration 101MongoDB Administration 101
MongoDB Administration 101MongoDB
 
Automating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and GazzangAutomating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and GazzangMongoDB
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentMongoDB
 
Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101MongoDB
 
Replication and Replica Sets
Replication and Replica SetsReplication and Replica Sets
Replication and Replica SetsMongoDB
 
MongoDB in a Mainframe World
MongoDB in a Mainframe WorldMongoDB in a Mainframe World
MongoDB in a Mainframe WorldMongoDB
 
Mongo Performance Optimization Using Indexing
Mongo Performance Optimization Using IndexingMongo Performance Optimization Using Indexing
Mongo Performance Optimization Using IndexingChinmay Naik
 
Back to Basics, webinar 5: Introduzione ad Aggregation Framework
Back to Basics, webinar 5: Introduzione ad Aggregation FrameworkBack to Basics, webinar 5: Introduzione ad Aggregation Framework
Back to Basics, webinar 5: Introduzione ad Aggregation FrameworkMongoDB
 
MongoDB Europe 2016 - Debugging MongoDB Performance
MongoDB Europe 2016 - Debugging MongoDB PerformanceMongoDB Europe 2016 - Debugging MongoDB Performance
MongoDB Europe 2016 - Debugging MongoDB PerformanceMongoDB
 
Webinar: Performance Tuning + Optimization
Webinar: Performance Tuning + OptimizationWebinar: Performance Tuning + Optimization
Webinar: Performance Tuning + OptimizationMongoDB
 
Back to Basics Webinar 4: Advanced Indexing, Text and Geospatial Indexes
Back to Basics Webinar 4: Advanced Indexing, Text and Geospatial IndexesBack to Basics Webinar 4: Advanced Indexing, Text and Geospatial Indexes
Back to Basics Webinar 4: Advanced Indexing, Text and Geospatial IndexesMongoDB
 
Back to Basics Webinar 5: Introduction to the Aggregation Framework
Back to Basics Webinar 5: Introduction to the Aggregation FrameworkBack to Basics Webinar 5: Introduction to the Aggregation Framework
Back to Basics Webinar 5: Introduction to the Aggregation FrameworkMongoDB
 
Webinar: 10-Step Guide to Creating a Single View of your Business
Webinar: 10-Step Guide to Creating a Single View of your BusinessWebinar: 10-Step Guide to Creating a Single View of your Business
Webinar: 10-Step Guide to Creating a Single View of your BusinessMongoDB
 

Destacado (17)

Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDB
 
Mongo db security guide
Mongo db security guideMongo db security guide
Mongo db security guide
 
MongoDB Administration 101
MongoDB Administration 101MongoDB Administration 101
MongoDB Administration 101
 
Automating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and GazzangAutomating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and Gazzang
 
Indexing In MongoDB
Indexing In MongoDBIndexing In MongoDB
Indexing In MongoDB
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB Deployment
 
Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101
 
Replication and Replica Sets
Replication and Replica SetsReplication and Replica Sets
Replication and Replica Sets
 
MongoDB in a Mainframe World
MongoDB in a Mainframe WorldMongoDB in a Mainframe World
MongoDB in a Mainframe World
 
Mongo Performance Optimization Using Indexing
Mongo Performance Optimization Using IndexingMongo Performance Optimization Using Indexing
Mongo Performance Optimization Using Indexing
 
Phplx mongodb
Phplx mongodbPhplx mongodb
Phplx mongodb
 
Back to Basics, webinar 5: Introduzione ad Aggregation Framework
Back to Basics, webinar 5: Introduzione ad Aggregation FrameworkBack to Basics, webinar 5: Introduzione ad Aggregation Framework
Back to Basics, webinar 5: Introduzione ad Aggregation Framework
 
MongoDB Europe 2016 - Debugging MongoDB Performance
MongoDB Europe 2016 - Debugging MongoDB PerformanceMongoDB Europe 2016 - Debugging MongoDB Performance
MongoDB Europe 2016 - Debugging MongoDB Performance
 
Webinar: Performance Tuning + Optimization
Webinar: Performance Tuning + OptimizationWebinar: Performance Tuning + Optimization
Webinar: Performance Tuning + Optimization
 
Back to Basics Webinar 4: Advanced Indexing, Text and Geospatial Indexes
Back to Basics Webinar 4: Advanced Indexing, Text and Geospatial IndexesBack to Basics Webinar 4: Advanced Indexing, Text and Geospatial Indexes
Back to Basics Webinar 4: Advanced Indexing, Text and Geospatial Indexes
 
Back to Basics Webinar 5: Introduction to the Aggregation Framework
Back to Basics Webinar 5: Introduction to the Aggregation FrameworkBack to Basics Webinar 5: Introduction to the Aggregation Framework
Back to Basics Webinar 5: Introduction to the Aggregation Framework
 
Webinar: 10-Step Guide to Creating a Single View of your Business
Webinar: 10-Step Guide to Creating a Single View of your BusinessWebinar: 10-Step Guide to Creating a Single View of your Business
Webinar: 10-Step Guide to Creating a Single View of your Business
 

Similar a Securing Your MongoDB Implementation

Discover MongoDB - Israel
Discover MongoDB - IsraelDiscover MongoDB - Israel
Discover MongoDB - IsraelMichael Fiedler
 
Using Spring with NoSQL databases (SpringOne China 2012)
Using Spring with NoSQL databases (SpringOne China 2012)Using Spring with NoSQL databases (SpringOne China 2012)
Using Spring with NoSQL databases (SpringOne China 2012)Chris Richardson
 
A flexible plugin like data layer - decouple your -_application logic from yo...
A flexible plugin like data layer - decouple your -_application logic from yo...A flexible plugin like data layer - decouple your -_application logic from yo...
A flexible plugin like data layer - decouple your -_application logic from yo...MongoDB
 
MongoDB in FS
MongoDB in FSMongoDB in FS
MongoDB in FSMongoDB
 
Azure doc db (slideshare)
Azure doc db (slideshare)Azure doc db (slideshare)
Azure doc db (slideshare)David Green
 
Getting started with MariaDB with Docker
Getting started with MariaDB with DockerGetting started with MariaDB with Docker
Getting started with MariaDB with DockerMariaDB plc
 
Practical solutions for connections administrators lite
Practical solutions for connections administrators litePractical solutions for connections administrators lite
Practical solutions for connections administrators liteSharon James
 
MongoDB Europe 2016 - Powering Microservices with Docker, Kubernetes, and Kafka
MongoDB Europe 2016 - Powering Microservices with Docker, Kubernetes, and KafkaMongoDB Europe 2016 - Powering Microservices with Docker, Kubernetes, and Kafka
MongoDB Europe 2016 - Powering Microservices with Docker, Kubernetes, and KafkaMongoDB
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBRavi Teja
 
Achieving Infrastructure Portability with Chef
Achieving Infrastructure Portability with ChefAchieving Infrastructure Portability with Chef
Achieving Infrastructure Portability with ChefMatt Ray
 
Developing polyglot persistence applications #javaone 2012
Developing polyglot persistence applications #javaone 2012Developing polyglot persistence applications #javaone 2012
Developing polyglot persistence applications #javaone 2012Chris Richardson
 
BDD approaches for web development at Agile Testing Days 2009
BDD approaches for web development at Agile Testing Days 2009BDD approaches for web development at Agile Testing Days 2009
BDD approaches for web development at Agile Testing Days 2009Thomas Lundström
 
Ruby on-rails-101-presentation-slides-for-a-five-day-introductory-course-1194...
Ruby on-rails-101-presentation-slides-for-a-five-day-introductory-course-1194...Ruby on-rails-101-presentation-slides-for-a-five-day-introductory-course-1194...
Ruby on-rails-101-presentation-slides-for-a-five-day-introductory-course-1194...Nilesh Panchal
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionHao Fan
 
Developing polyglot persistence applications (SpringOne China 2012)
Developing polyglot persistence applications (SpringOne China 2012)Developing polyglot persistence applications (SpringOne China 2012)
Developing polyglot persistence applications (SpringOne China 2012)Chris Richardson
 
Hybrid MongoDB and RDBMS Applications
Hybrid MongoDB and RDBMS ApplicationsHybrid MongoDB and RDBMS Applications
Hybrid MongoDB and RDBMS ApplicationsSteven Francia
 
MariaDB Server Compatibility with MySQL
MariaDB Server Compatibility with MySQLMariaDB Server Compatibility with MySQL
MariaDB Server Compatibility with MySQLColin Charles
 

Similar a Securing Your MongoDB Implementation (20)

Discover MongoDB - Israel
Discover MongoDB - IsraelDiscover MongoDB - Israel
Discover MongoDB - Israel
 
Using Spring with NoSQL databases (SpringOne China 2012)
Using Spring with NoSQL databases (SpringOne China 2012)Using Spring with NoSQL databases (SpringOne China 2012)
Using Spring with NoSQL databases (SpringOne China 2012)
 
A flexible plugin like data layer - decouple your -_application logic from yo...
A flexible plugin like data layer - decouple your -_application logic from yo...A flexible plugin like data layer - decouple your -_application logic from yo...
A flexible plugin like data layer - decouple your -_application logic from yo...
 
MongoDB in FS
MongoDB in FSMongoDB in FS
MongoDB in FS
 
MongoDB
MongoDBMongoDB
MongoDB
 
20120306 dublin js
20120306 dublin js20120306 dublin js
20120306 dublin js
 
Azure doc db (slideshare)
Azure doc db (slideshare)Azure doc db (slideshare)
Azure doc db (slideshare)
 
Getting started with MariaDB with Docker
Getting started with MariaDB with DockerGetting started with MariaDB with Docker
Getting started with MariaDB with Docker
 
Practical solutions for connections administrators lite
Practical solutions for connections administrators litePractical solutions for connections administrators lite
Practical solutions for connections administrators lite
 
MongoDB Europe 2016 - Powering Microservices with Docker, Kubernetes, and Kafka
MongoDB Europe 2016 - Powering Microservices with Docker, Kubernetes, and KafkaMongoDB Europe 2016 - Powering Microservices with Docker, Kubernetes, and Kafka
MongoDB Europe 2016 - Powering Microservices with Docker, Kubernetes, and Kafka
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDB
 
Achieving Infrastructure Portability with Chef
Achieving Infrastructure Portability with ChefAchieving Infrastructure Portability with Chef
Achieving Infrastructure Portability with Chef
 
Developing polyglot persistence applications #javaone 2012
Developing polyglot persistence applications #javaone 2012Developing polyglot persistence applications #javaone 2012
Developing polyglot persistence applications #javaone 2012
 
BDD approaches for web development at Agile Testing Days 2009
BDD approaches for web development at Agile Testing Days 2009BDD approaches for web development at Agile Testing Days 2009
BDD approaches for web development at Agile Testing Days 2009
 
Ruby on-rails-101-presentation-slides-for-a-five-day-introductory-course-1194...
Ruby on-rails-101-presentation-slides-for-a-five-day-introductory-course-1194...Ruby on-rails-101-presentation-slides-for-a-five-day-introductory-course-1194...
Ruby on-rails-101-presentation-slides-for-a-five-day-introductory-course-1194...
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Developing polyglot persistence applications (SpringOne China 2012)
Developing polyglot persistence applications (SpringOne China 2012)Developing polyglot persistence applications (SpringOne China 2012)
Developing polyglot persistence applications (SpringOne China 2012)
 
Hybrid MongoDB and RDBMS Applications
Hybrid MongoDB and RDBMS ApplicationsHybrid MongoDB and RDBMS Applications
Hybrid MongoDB and RDBMS Applications
 
MariaDB Server Compatibility with MySQL
MariaDB Server Compatibility with MySQLMariaDB Server Compatibility with MySQL
MariaDB Server Compatibility with MySQL
 
MediaGlu and Mongo DB
MediaGlu and Mongo DBMediaGlu and Mongo DB
MediaGlu and Mongo DB
 

Más de MongoDB

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump StartMongoDB
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB
 

Más de MongoDB (20)

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Securing Your MongoDB Implementation

  • 1. #MongoDBLondon Securing your MongoDB Implementation Mark Hillick - @markofu Engineer, 10gen
  • 2. Agenda 1. Securing MongoDB 2.2 2. Securing MongoDB 2.4 3. Outside of MongoDB 4. Vulnerabilities 5. Documentation 6. Futures 7. Q & A Securing your MongoDB Implementation, Mark Hillick
  • 4. Securing MongoDB 2.2 Authentication – Simple user/password scheme stored in MongoDB Authorization – Per database: no access, read, or read-write Auditing – Authentication requests logged – Some actions / changes captured in log Securing your MongoDB Implementation, Mark Hillick
  • 5. MongoDB SSL SSL encryption SSL encryption for client for inter-server connection traffic Primary Secondary Application Data Files Data Files Keyfile establishes trust http://docs.mongodb.org/manual/administration/ssl/ Securing your MongoDB Implementation, Mark Hillick
  • 8. External Authentication Use common / standardized authentication SASL: Simple Authentication and Security Layer – Framework for building authentication Kerberos – GSSAPI, drivers will be updated – Mixed system.users can work during transition Securing your MongoDB Implementation, Mark Hillick
  • 9. Authentication with only pwd hash • Use one-way function F I am “marko@10gen.com”, let me in Knows Mongod only my Prove it, here is a random # N passwor d hash Here is F(N, hash(<mypwd>)) Nobody else could know Hash never that, welcome back marko! transmitted over the network! Securing your MongoDB Implementation, Mark Hillick
  • 10. Authentication with Kerberos (2.4) I am “mark@10gen.com”, help me prove it to mongod KDC UDP:88 - Here is a TGT TCP:27017 Welcome, he Here is a re is a Kerberos Service TGT Ticket! UDP:8 8 Mongod { user: ”mark@10gen.com", roles: ["readWrite"], userSource: "$external" } Securing your MongoDB Implementation, Mark Hillick
  • 11. Authenticating & Connecting # kinit mongouser …. # klist … 03/11/13 09:30:30 03/12/13 09:30:30 … # mongo mongodb.10gen.com/$external - -authenticationMechanism=GSSAPI -u mongouser@10GEN.COM Securing your MongoDB Implementation, Mark Hillick
  • 12. Starting the Database env KRB5_KTNAME=/etc/kserver1b.keytab /usr/local/bin/mongodb/bin/mongod --auth --setParameter authenticationMechanisms=GSSAPI --dbpath /data/db --fork --logpath /var/tmp/mongod_auth.log --replSet realm4 --keyFile /etc/keyfile Securing your MongoDB Implementation, Mark Hillick
  • 14. AUTHORIZATION • Issues with 2.2 • 2.4 introduces roles – Admin level roles • UserAdmin – DB level roles • ClusterAdmin • User Admin • DB Admin • Read • ReadWrite
  • 15. AUTHORIZATION Corresponding • Issues with 2.2 Admin level roles for AllDatabases – Only Read / ReadWrite  – Edge-case with possible privilege escalation • 2.4 introduces roles – Admin level roles – DB level roles • UserAdmin • User Admin • ClusterAdmin • DB Admin • Read • ReadWrite Securing your MongoDB Implementation, Mark Hillick
  • 16. ADMIN DB • ClusterAdmin • AllDatabases Source:https://wellsted135.files.wordpress.com/2012/10/special.gif Securing your MongoDB Implementation, Mark Hillick
  • 17. Password Admin DB Accnts DB hashes • UserAdmin • UserAdmin • ClusterAdmin App DB Product • UserAdmi DB n • UserAdmin • dbAdmin • dbAdmin Customer • ReadWrite BI DB • • Read ReadWrite DB • UserAdmi • Read • UserAdmin n • dbAdmin • dbAdmin • ReadWrite • ReadWrite • Read • Read Securing your MongoDB Implementation, Mark Hillick
  • 18. I can do anything but I won’t be I can add and required to do much remove shards DB Admin: UserAdmin DB Admin: ClusterAdmin I can I can grant I can create new create privileges to users but I can’t indices, set the App DB grant them profiling, co only privileges to other mpact DB’s DB Accnts: userAdmin DB App: userAdmin DB App: dbAdmin Securing your MongoDB Implementation, Mark Hillick
  • 19. Super-User userAdmin & userAdminAnyDatabase are Only these users can view details about other users – system.users collection Securing your MongoDB Implementation, Mark Hillick
  • 20. I can Each DB’s userAdmin gets to I can grant create grant privileges separately privileges to indices, set the App DB profiling, co only mpact DB App: UserAdmin DB App: dbAdmin In App.system.users : { { user: “fred” , user: “george” , usersource: “Accnts” , usersource: “Accnts” , roles: [ “userAdmin” ] roles: [ “dbAdmin“ ] , } Credentials from Accnts DB } Securing your MongoDB Implementation, Mark Hillick
  • 22. Additional Logging Monitor user activity: – userID added to standard output – Not currently a separate audit log – Much more coming in 2.6
  • 24. Validation Objcheck – Helps prevent DOS – Validates input – SERVER-7769 (default) Securing your MongoDB Implementation, Mark Hillick
  • 26. JS Engine Move to V8 – Primarily performance reasons but some security benefits – Restrictions on $where & M/R/F – SERVER-8104 & Aaron Heckmann’s Blog Securing your MongoDB Implementation, Mark Hillick
  • 28. Outside of MongoDB Firewalls – iptables & netsh – Ports, Addresses, Times, Throttle etc F/S – Encrypt (Gazzang) Best Practices – Internal Policies (Password Reuse, Scan etc)
  • 29. MongoDB - Gazzang • File System Encryption • 5% performance hit with HDD, 10-15% with SSD Gazzang Key Mgmt OS Gazzang File System – All contents encrypted Securing your MongoDB Implementation, Mark Hillick
  • 31. Vulnerabilities (1) Notify – Let us know How, What, Where? – http://docs.mongodb.org/manual/administration/vulnerabili ty-notification/ – Jira (HTTPS) & (Secure) Email Securing your MongoDB Implementation, Mark Hillick
  • 32. Vulnerabilities (2) How do YOU know? – MongoDB Alerts How, What, Where? – Vulnerability Notification – Jira (HTTPS) & (Secure) Email Securing your MongoDB Implementation, Mark Hillick
  • 34. Documentation Manual – http://docs.mongodb.org/manual/security/ • Security Features within MongoDB • Best Practices & Management • Strategies • Tutorials • Vulnerability Notifications • References Securing your MongoDB Implementation, Mark Hillick
  • 36. Disclaimer Statements about future releases, availability dates, and feature content reflect plans only, and 10gen is under no obligation to include, develop or make available, commercially or otherwise, specific feature discussed a future MongoDB build. Information is provided for general understanding only, and is subject to change at the sole discretion of 10gen in response to changing market conditions, delivery schedules, customer requirements, and/or other factors. Securing your MongoDB Implementation, Mark Hillick
  • 37. Futures Auditing – Logging to output userID associated with actions Passwords – Stronger Hashing Authorization – User Defined & More Granularity SSL – Client Cert Validation Securing your MongoDB Implementation, Mark Hillick

Notas del editor

  1. Ok, so here are the presenters notes. Your first job is to add you name and other useful stuff so that your students can contact you afterwards.This is a good time to- introduce yourself- create a seating chart, get each student to say their name, company and what they want to learn... and write it on your seating chart
  2. system.users collection with hash password
  3. MongoD does not even need to know the password hash!You can centralize your authentication service – SPOF &amp; SOS
  4. read: access to read documentsreadWrite: access to read and write documentsuserAdmin: manage, modify user access to a dbdbAdmin: compact, repair, validate etc.clusterAdmin: stuff with shards
  5. read: access to read documentsreadWrite: access to read and write documentsuserAdmin: manage, modify user access to a dbdbAdmin: compact, repair, validate etc.clusterAdmin: stuff with shards
  6. With SSD, as the time spent processing data between OS and disk gets proportionally larger since SSD&apos;s are so much faster, it means the pert hit is 15%. You still get a major upgrade in speed, but encrypting and decrypting take a larger share.