Securing Your MongoDB Implementation

2,319 views
2,115 views

Published on

In this session, we'll provide a preview of the security features that we are working on for the next version of MongoDB.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,319
On SlideShare
0
From Embeds
0
Number of Embeds
249
Actions
Shares
0
Downloads
59
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Ok, so here are the presenters notes. Your first job is to add you name and other useful stuff so that your students can contact you afterwards.This is a good time to- introduce yourself- create a seating chart, get each student to say their name, company and what they want to learn... and write it on your seating chart
  • system.users collection with hash password
  • MongoD does not even need to know the password hash!You can centralize your authentication service – SPOF & SOS
  • read: access to read documentsreadWrite: access to read and write documentsuserAdmin: manage, modify user access to a dbdbAdmin: compact, repair, validate etc.clusterAdmin: stuff with shards
  • read: access to read documentsreadWrite: access to read and write documentsuserAdmin: manage, modify user access to a dbdbAdmin: compact, repair, validate etc.clusterAdmin: stuff with shards
  • With SSD, as the time spent processing data between OS and disk gets proportionally larger since SSD's are so much faster, it means the pert hit is 15%. You still get a major upgrade in speed, but encrypting and decrypting take a larger share.
  • Securing Your MongoDB Implementation

    1. 1. #MongoDBLondonSecuring your MongoDBImplementationMark Hillick - @markofuEngineer, 10gen
    2. 2. Agenda1. Securing MongoDB 2.22. Securing MongoDB 2.43. Outside of MongoDB4. Vulnerabilities5. Documentation6. Futures7. Q & A Securing your MongoDB Implementation, Mark Hillick
    3. 3. Securing MongoDB 2.2
    4. 4. Securing MongoDB 2.2Authentication – Simple user/password scheme stored in MongoDBAuthorization – Per database: no access, read, or read-writeAuditing – Authentication requests logged – Some actions / changes captured in log Securing your MongoDB Implementation, Mark Hillick
    5. 5. MongoDB SSL SSL encryption SSL encryption for client for inter-server connection traffic Primary Secondary Application Data Files Data FilesKeyfile establishes trusthttp://docs.mongodb.org/manual/administration/ssl/ Securing your MongoDB Implementation, Mark Hillick
    6. 6. Securing MongoDB 2.4
    7. 7. Authentication
    8. 8. External AuthenticationUse common / standardized authenticationSASL: Simple Authentication and Security Layer – Framework for building authenticationKerberos – GSSAPI, drivers will be updated – Mixed system.users can work during transition Securing your MongoDB Implementation, Mark Hillick
    9. 9. Authentication with only pwdhash• Use one-way function F I am “marko@10gen.com”, let me in Knows Mongod only my Prove it, here is a random # N passwor d hash Here is F(N, hash(<mypwd>)) Nobody else could know Hash never that, welcome back marko! transmitted over the network! Securing your MongoDB Implementation, Mark Hillick
    10. 10. Authentication with Kerberos(2.4) I am “mark@10gen.com”, help me prove it to mongod KDC UDP:88 - Here is a TGTTCP:27017 Welcome, heHere is a re is aKerberos ServiceTGT Ticket! UDP:8 8 Mongod { user: ”mark@10gen.com", roles: ["readWrite"], userSource: "$external" } Securing your MongoDB Implementation, Mark Hillick
    11. 11. Authenticating & Connecting# kinit mongouser….# klist…03/11/13 09:30:30 03/12/13 09:30:30…# mongo mongodb.10gen.com/$external --authenticationMechanism=GSSAPI -umongouser@10GEN.COM Securing your MongoDB Implementation, Mark Hillick
    12. 12. Starting the Database env KRB5_KTNAME=/etc/kserver1b.keytab /usr/local/bin/mongodb/bin/mongod --auth --setParameter authenticationMechanisms=GSSAPI --dbpath /data/db --fork --logpath /var/tmp/mongod_auth.log --replSet realm4 --keyFile /etc/keyfile Securing your MongoDB Implementation, Mark Hillick
    13. 13. Authorization
    14. 14. AUTHORIZATION• Issues with 2.2• 2.4 introduces roles – Admin level roles • UserAdmin – DB level roles • ClusterAdmin • User Admin • DB Admin • Read • ReadWrite
    15. 15. AUTHORIZATION Corresponding• Issues with 2.2 Admin level roles for AllDatabases – Only Read / ReadWrite  – Edge-case with possible privilege escalation• 2.4 introduces roles – Admin level roles – DB level roles • UserAdmin • User Admin • ClusterAdmin • DB Admin • Read • ReadWrite Securing your MongoDB Implementation, Mark Hillick
    16. 16. ADMIN DB• ClusterAdmin• AllDatabases Source:https://wellsted135.files.wordpress.com/2012/10/special.gif Securing your MongoDB Implementation, Mark Hillick
    17. 17. Password Admin DB Accnts DB hashes • UserAdmin • UserAdmin • ClusterAdmin App DB Product• UserAdmi DB n • UserAdmin• dbAdmin • dbAdmin Customer• ReadWrite BI DB •• Read ReadWrite DB • UserAdmi • Read • UserAdmin n • dbAdmin • dbAdmin • ReadWrite • ReadWrite • Read • Read Securing your MongoDB Implementation, Mark Hillick
    18. 18. I can do anything but I won’t be I can add and required to do much remove shardsDB Admin: UserAdmin DB Admin: ClusterAdmin I can I can grant I can create new create privileges to users but I can’t indices, set the App DB grant them profiling, co only privileges to other mpact DB’sDB Accnts: userAdmin DB App: userAdmin DB App: dbAdmin Securing your MongoDB Implementation, Mark Hillick
    19. 19. Super-UseruserAdmin & userAdminAnyDatabase areOnly these users can view details about otherusers – system.users collection Securing your MongoDB Implementation, Mark Hillick
    20. 20. I can Each DB’s userAdmin gets to I can grant create grant privileges separately privileges to indices, set the App DB profiling, co only mpact DB App: UserAdmin DB App: dbAdminIn App.system.users :{ { user: “fred” , user: “george” , usersource: “Accnts” , usersource: “Accnts” , roles: [ “userAdmin” ] roles: [ “dbAdmin“ ] ,} Credentials from Accnts DB } Securing your MongoDB Implementation, Mark Hillick
    21. 21. Auditing
    22. 22. Additional LoggingMonitor user activity: – userID added to standard output – Not currently a separate audit log – Much more coming in 2.6
    23. 23. Validation
    24. 24. ValidationObjcheck – Helps prevent DOS – Validates input – SERVER-7769 (default) Securing your MongoDB Implementation, Mark Hillick
    25. 25. JS Engine
    26. 26. JS EngineMove to V8 – Primarily performance reasons but some security benefits – Restrictions on $where & M/R/F – SERVER-8104 & Aaron Heckmann’s Blog Securing your MongoDB Implementation, Mark Hillick
    27. 27. Outside of MongoDB
    28. 28. Outside of MongoDBFirewalls – iptables & netsh – Ports, Addresses, Times, Throttle etcF/S – Encrypt (Gazzang)Best Practices – Internal Policies (Password Reuse, Scan etc)
    29. 29. MongoDB - Gazzang• File System Encryption• 5% performance hit with HDD, 10-15% with SSD Gazzang Key Mgmt OS Gazzang File System – All contents encrypted Securing your MongoDB Implementation, Mark Hillick
    30. 30. Vulnerabilities
    31. 31. Vulnerabilities (1)Notify – Let us knowHow, What, Where? – http://docs.mongodb.org/manual/administration/vulnerabili ty-notification/ – Jira (HTTPS) & (Secure) Email Securing your MongoDB Implementation, Mark Hillick
    32. 32. Vulnerabilities (2)How do YOU know? – MongoDB AlertsHow, What, Where? – Vulnerability Notification – Jira (HTTPS) & (Secure) Email Securing your MongoDB Implementation, Mark Hillick
    33. 33. Documentation
    34. 34. DocumentationManual – http://docs.mongodb.org/manual/security/ • Security Features within MongoDB • Best Practices & Management • Strategies • Tutorials • Vulnerability Notifications • References Securing your MongoDB Implementation, Mark Hillick
    35. 35. Futures
    36. 36. DisclaimerStatements about future releases, availabilitydates, and feature content reflect plans only, and10gen is under no obligation to include, developor make available, commercially orotherwise, specific feature discussed a futureMongoDB build. Information is provided forgeneral understanding only, and is subject tochange at the sole discretion of 10gen inresponse to changing market conditions, deliveryschedules, customer requirements, and/or otherfactors. Securing your MongoDB Implementation, Mark Hillick
    37. 37. FuturesAuditing – Logging to output userID associated with actionsPasswords – Stronger HashingAuthorization – User Defined & More GranularitySSL – Client Cert Validation Securing your MongoDB Implementation, Mark Hillick
    38. 38. Thank You

    ×