MongoDB 2.4 Security Features

1,691 views

Published on

1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total views
1,691
On SlideShare
0
From Embeds
0
Number of Embeds
212
Actions
Shares
0
Downloads
50
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide
  • Ok, so here are the presenters notes. Your first job is to add you name and other useful stuff so that your students can contact you afterwards.This is a good time to- introduce yourself- create a seating chart, get each student to say their name, company and what they want to learn... and write it on your seating chart
  • MongoD does not even need to know the password hash!You can centralize your authentication service
  • MongoDB 2.4 Security Features

    1. 1. #MongoDBdaysMongoDB SecurityEdouard Servan-Schreiber, Ph.D.Director of Solution Architecture10gen
    2. 2. Security against Trespassing• Data in flight• Data at rest
    3. 3. MongoDB SSL SSL encryption SSL encryption for client for inter-server connection traffic Primary Secondary Application Data Files Data FilesKeyfile establishes trust domainhttp://docs.mongodb.org/manual/administration/ssl/
    4. 4. MongoDB - Gazzang• File System Encryption• 5% performance hit with HDD, 10-15% with SSD Gazzang Key Mgmt OS Gazzang File System – All contents encrypted
    5. 5. Security against Insider Abuse• Authentication – Are you who you claim to be?• Authorization – Do you have access privileges to do what you want to do?• Auditing – Can I trace your activities for future verification?
    6. 6. New with MongoDB 2.4• Authentication – External authentication with kerberos• Authorization – Improved granularity of powers within a cluster to contain abuse• Auditing – Userid’s added to audit logs
    7. 7. Authentication• 2.2 – Admin users and single db users – No external auth – No sense of user across databases • Had to redefine user in several databases• 2.4 – External authentication with kerberos – Can “source” users from different databases
    8. 8. Authentication with only pwdhash• Use one-way function F I am “edouard@10gen.com”, let me in Knows Mongod only my Prove it, here is a random # N passwor d hash Here is F(N, hash(<mypwd>)) Nobody else could know Hash never that, welcome back edouard! transmitted over the network!
    9. 9. Authentication with Kerberos(2.4) I am “edouard@10gen.com”, help me prove it to mongod KDC Here is a ticket for mongodHere is aKerberos Welcome!ticket Mongod { user: ”edouard@10gen.com", roles: ["read"], userSource: "$external" }
    10. 10. AUTHORIZATIONAvoiding hierarchical powers Building Regional powers VS
    11. 11. AUTHORIZATION• Issues with 2.2 – No roles --- No access / Read / ReadWrite – Hard to separate powers• 2.4 introduces roles – Admin level roles – DB level roles • UserAdmin • User Admin • ClusterAdmin • DB Admin • Read • ReadWrite
    12. 12. AUTHORIZATION Corresponding• Issues with 2.2 Admin level roles for AllDatabases – No roles --- No access / Read / ReadWrite – Hard to separate powers• 2.4 introduces roles – Admin level roles – DB level roles • UserAdmin • User Admin • ClusterAdmin • DB Admin • Read • ReadWrite
    13. 13. Only useful Admin DB Accnts DB to hold pwd hashes • UserAdmin • UserAdmin • ClusterAdmin App DB Product• UserAdmi DB n • UserAdmin• dbAdmin • dbAdmin Customer• ReadWrite BI DB •• Read ReadWrite DB • UserAdmi • Read • UserAdmin n • dbAdmin • dbAdmin • ReadWrite • ReadWrite • Read • Read
    14. 14. I can do anything. I can add and But I won’t be remove required to do much shards, control the balancerDB Admin: UserAdmin DB Admin: ClusterAdmin I can I can grant I can create new create privileges to users but I can’t indices, set the App DB grant them profiling, only privileges to other compact DB’sDB Accnts: userAdmin DB App: userAdmin DB App: dbAdmin
    15. 15. Only required to intervene if I can do anything. cluster admin or any other But I won’t be admin has to change. required to do much Can create new databases Is not on the critical path of any other activity.DB Admin: UserAdmin In Admin.system.users : { { user: “edouard@10gen.com” , user: “edouard” , usersource: “$external” pwd: <hash> OR roles: [ “userAdmin” ] , roles: [ “userAdmin”, otherDBroles: { } “userAdminAllDatabase” ] , } otherDBroles: { } }
    16. 16. I can add and Manages the number of remove shards, shards and the balancer control the balancer, update replSet Cannot act on other DBs configs directly (e.g. cannot enable sharding on a collection) Cannot see any dataDB Admin: ClusterAdmin Can be also the admin of allIn Admin.system.users : other databases with “dbAdminAnyDatabase”{ user: “edouard@10gen.com” , { usersource: “$external” user: “edouard@10gen.com” , roles: [ “clusterAdmin” ] , usersource: “$external” , otherDBroles: { } roles: [ “clusterAdmin”,} “dbAdminAnyDatabase“ ] , otherDBroles: { } }
    17. 17. Manages the user list for the I can create new cluster. users but I can’t grant them All users should have an privileges on other entry in Accnts.system.users DB’s and this role is able to create them, while not letting them see the user list.DB Accnts: UserAdmin The Accnts DB is the authentication centerIn Accnts.system.users : {{ user: “richard” , user: “edouard”, pwd: <hash> , pwd: <hash>, roles: [ “read” ] roles: [“userAdmin”] }} { user: “asya” , pwd: <hash> , roles: [ ] }
    18. 18. Manages the user list for the I can create new cluster. users but I can’t grant them All users should have an privileges on other entry in Accnts.system.users DB’s and this role is able to create them, while not letting them see the user list.DB Accnts: UserAdmin The Accnts DB is the authentication centerIn Accnts.system.users : {{ user: “richard” , Richard can user: “edouard”, pwd: <hash> , see the pwd: <hash>, roles: [ “read” ] information roles: [“userAdmin”] } about other} users…. { user: “asya” , pwd: <hash> , roles: [ ] }
    19. 19. Manages the user list for the I can create new cluster. users but I can’t grant them All users should have an privileges on other entry in Accnts.system.users DB’s and this role is able to create them, while not letting them see the user list.DB Accnts: UserAdmin The Accnts DB is the authentication centerIn Accnts.system.users : {{ user: “richard” , user: “edouard”, pwd: <hash> , Only the pwd: <hash>, roles: [ ] UserAdmin roles: [“userAdmin”] } should see} details about { other users user: “asya” , pwd: <hash> , roles: [ ] }
    20. 20. I can I can grant Each DB’s userAdmin gets to create privileges to grant privileges separately indices, set the App DB profiling, only compactDB App: userAdmin DB App: dbAdminIn App.system.users :{ { user: “richard” , user: “asya” , usersource: “Accnts” , usersource: “Accnts” , roles: [ “userAdmin” ] roles: [ “dbAdmin“ ] ,} Credentials from Accnts DB }
    21. 21. I do BI and I am the app. The BI user needs to read only need I read and from the app DB in order to to read write to the access the data to be from this DB analyzed DB And needs to read/write in another database dedicated to BI resultsDB App: readWrite DB App: readIn App.system.users : In BI.system.users :{ { { user: “appUser” , user: “BIUser” , user: “BIUser” , usersource: “Accnts” , usersource: “Accnts” , usersource: “Accnts” , roles: [ “readWrite” ] roles: [ “read“ ] , roles: [ “readWrite” ]} } }
    22. 22. Simplifications• No need for Accnts DB if all users are externally authenticating• UserAdmin of AdminDB can manage and assign all the roles through {read, readWrite, dbAdmin, userAdmin}AnyDatabase – Roles: [“dbAdminAnyDatabase”, “readAnyDatabase”]• Can assign otherDBRoles in Admin.system.users, to grant privileges to only some DB’s – OtherDBRoles: { App: [ “Read”] BI: [“UserAdmin”, “ReadWrite”] }
    23. 23. Case: one super user, one appadmin, one app regular userADMIN.system.users:{ user: ”SuperUser", userSource: "$external", roles: [ APP.system.users:“userAdmin”,"clusterAdmin"],} { user: “AppUser”, userSource: “$external”,{ user: “ AppAdmin”, roles: [“readWrite”] userSource:”$external”, } roles: [ ], otherDBRoles: { app: [ “useradmin”, ”dbadmin" ] }}
    24. 24. Auditing - LoggingMonitor user activity: – Logging to output userID associated with actions, when available – Sharded and single-node configurations – Not a separate audit logFuture – Partnership / ecosystem opportunities
    25. 25. DisclaimerStatements about future releases, availabilitydates, and feature content reflect plans only, and10gen is under no obligation to include, developor make available, commercially or otherwise,specific feature discussed a future MongoDBbuild. Information is provided for generalunderstanding only, and is subject to change atthe sole discretion of 10gen in response tochanging market conditions, delivery schedules,customer requirements, and/or other factors.
    26. 26. Future• Field level obfuscation – Blocking PPI data in documents from some users.• Improved auditing• More external authentication protocols• External access control privileges – Central management of ACL and MongoDB able to externally read them
    27. 27. Thank You

    ×