Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

MongoDB 2.4 Security Features

1,955 views

Published on

MongoDB 2.4 Security Features

  1. 1. #MongoDBdaysMongoDB SecurityEdouard Servan-Schreiber, Ph.D.Director of Solution Architecture10gen
  2. 2. Security against Trespassing• Data in flight• Data at rest
  3. 3. MongoDB SSL SSL encryption SSL encryption for client for inter-server connection traffic Primary Secondary Application Data Files Data FilesKeyfile establishes trust domainhttp://docs.mongodb.org/manual/administration/ssl/
  4. 4. MongoDB - Gazzang• File System Encryption• 5% performance hit with HDD, 10-15% with SSD Gazzang Key Mgmt OS Gazzang File System – All contents encrypted
  5. 5. Security against Insider Abuse• Authentication – Are you who you claim to be?• Authorization – Do you have access privileges to do what you want to do?• Auditing – Can I trace your activities for future verification?
  6. 6. New with MongoDB 2.4• Authentication – External authentication with kerberos• Authorization – Improved granularity of powers within a cluster to contain abuse• Auditing – Userid’s added to audit logs
  7. 7. Authentication• 2.2 – Admin users and single db users – No external auth – No sense of user across databases • Had to redefine user in several databases• 2.4 – External authentication with kerberos – Can “source” users from different databases
  8. 8. Authentication with only pwdhash• Use one-way function F I am “edouard@10gen.com”, let me in Knows Mongod only my Prove it, here is a random # N passwor d hash Here is F(N, hash(<mypwd>)) Nobody else could know Hash never that, welcome back edouard! transmitted over the network!
  9. 9. Authentication with Kerberos(2.4) I am “edouard@10gen.com”, help me prove it to mongod KDC Here is a ticket for mongodHere is aKerberos Welcome!ticket Mongod { user: ”edouard@10gen.com", roles: ["read"], userSource: "$external" }
  10. 10. AUTHORIZATIONAvoiding hierarchical powers Building Regional powers VS
  11. 11. AUTHORIZATION• Issues with 2.2 – No roles --- No access / Read / ReadWrite – Hard to separate powers• 2.4 introduces roles – Admin level roles – DB level roles • UserAdmin • User Admin • ClusterAdmin • DB Admin • Read • ReadWrite
  12. 12. AUTHORIZATION Corresponding• Issues with 2.2 Admin level roles for AllDatabases – No roles --- No access / Read / ReadWrite – Hard to separate powers• 2.4 introduces roles – Admin level roles – DB level roles • UserAdmin • User Admin • ClusterAdmin • DB Admin • Read • ReadWrite
  13. 13. Only useful Admin DB Accnts DB to hold pwd hashes • UserAdmin • UserAdmin • ClusterAdmin App DB Product• UserAdmi DB n • UserAdmin• dbAdmin • dbAdmin Customer• ReadWrite BI DB •• Read ReadWrite DB • UserAdmi • Read • UserAdmin n • dbAdmin • dbAdmin • ReadWrite • ReadWrite • Read • Read
  14. 14. I can do anything. I can add and But I won’t be remove required to do much shards, control the balancerDB Admin: UserAdmin DB Admin: ClusterAdmin I can I can grant I can create new create privileges to users but I can’t indices, set the App DB grant them profiling, only privileges to other compact DB’sDB Accnts: userAdmin DB App: userAdmin DB App: dbAdmin
  15. 15. Only required to intervene if I can do anything. cluster admin or any other But I won’t be admin has to change. required to do much Can create new databases Is not on the critical path of any other activity.DB Admin: UserAdmin In Admin.system.users : { { user: “edouard@10gen.com” , user: “edouard” , usersource: “$external” pwd: <hash> OR roles: [ “userAdmin” ] , roles: [ “userAdmin”, otherDBroles: { } “userAdminAllDatabase” ] , } otherDBroles: { } }
  16. 16. I can add and Manages the number of remove shards, shards and the balancer control the balancer, update replSet Cannot act on other DBs configs directly (e.g. cannot enable sharding on a collection) Cannot see any dataDB Admin: ClusterAdmin Can be also the admin of allIn Admin.system.users : other databases with “dbAdminAnyDatabase”{ user: “edouard@10gen.com” , { usersource: “$external” user: “edouard@10gen.com” , roles: [ “clusterAdmin” ] , usersource: “$external” , otherDBroles: { } roles: [ “clusterAdmin”,} “dbAdminAnyDatabase“ ] , otherDBroles: { } }
  17. 17. Manages the user list for the I can create new cluster. users but I can’t grant them All users should have an privileges on other entry in Accnts.system.users DB’s and this role is able to create them, while not letting them see the user list.DB Accnts: UserAdmin The Accnts DB is the authentication centerIn Accnts.system.users : {{ user: “richard” , user: “edouard”, pwd: <hash> , pwd: <hash>, roles: [ “read” ] roles: [“userAdmin”] }} { user: “asya” , pwd: <hash> , roles: [ ] }
  18. 18. Manages the user list for the I can create new cluster. users but I can’t grant them All users should have an privileges on other entry in Accnts.system.users DB’s and this role is able to create them, while not letting them see the user list.DB Accnts: UserAdmin The Accnts DB is the authentication centerIn Accnts.system.users : {{ user: “richard” , Richard can user: “edouard”, pwd: <hash> , see the pwd: <hash>, roles: [ “read” ] information roles: [“userAdmin”] } about other} users…. { user: “asya” , pwd: <hash> , roles: [ ] }
  19. 19. Manages the user list for the I can create new cluster. users but I can’t grant them All users should have an privileges on other entry in Accnts.system.users DB’s and this role is able to create them, while not letting them see the user list.DB Accnts: UserAdmin The Accnts DB is the authentication centerIn Accnts.system.users : {{ user: “richard” , user: “edouard”, pwd: <hash> , Only the pwd: <hash>, roles: [ ] UserAdmin roles: [“userAdmin”] } should see} details about { other users user: “asya” , pwd: <hash> , roles: [ ] }
  20. 20. I can I can grant Each DB’s userAdmin gets to create privileges to grant privileges separately indices, set the App DB profiling, only compactDB App: userAdmin DB App: dbAdminIn App.system.users :{ { user: “richard” , user: “asya” , usersource: “Accnts” , usersource: “Accnts” , roles: [ “userAdmin” ] roles: [ “dbAdmin“ ] ,} Credentials from Accnts DB }
  21. 21. I do BI and I am the app. The BI user needs to read only need I read and from the app DB in order to to read write to the access the data to be from this DB analyzed DB And needs to read/write in another database dedicated to BI resultsDB App: readWrite DB App: readIn App.system.users : In BI.system.users :{ { { user: “appUser” , user: “BIUser” , user: “BIUser” , usersource: “Accnts” , usersource: “Accnts” , usersource: “Accnts” , roles: [ “readWrite” ] roles: [ “read“ ] , roles: [ “readWrite” ]} } }
  22. 22. Simplifications• No need for Accnts DB if all users are externally authenticating• UserAdmin of AdminDB can manage and assign all the roles through {read, readWrite, dbAdmin, userAdmin}AnyDatabase – Roles: [“dbAdminAnyDatabase”, “readAnyDatabase”]• Can assign otherDBRoles in Admin.system.users, to grant privileges to only some DB’s – OtherDBRoles: { App: [ “Read”] BI: [“UserAdmin”, “ReadWrite”] }
  23. 23. Case: one super user, one appadmin, one app regular userADMIN.system.users:{ user: ”SuperUser", userSource: "$external", roles: [ APP.system.users:“userAdmin”,"clusterAdmin"],} { user: “AppUser”, userSource: “$external”,{ user: “ AppAdmin”, roles: [“readWrite”] userSource:”$external”, } roles: [ ], otherDBRoles: { app: [ “useradmin”, ”dbadmin" ] }}
  24. 24. Auditing - LoggingMonitor user activity: – Logging to output userID associated with actions, when available – Sharded and single-node configurations – Not a separate audit logFuture – Partnership / ecosystem opportunities
  25. 25. DisclaimerStatements about future releases, availabilitydates, and feature content reflect plans only, and10gen is under no obligation to include, developor make available, commercially or otherwise,specific feature discussed a future MongoDBbuild. Information is provided for generalunderstanding only, and is subject to change atthe sole discretion of 10gen in response tochanging market conditions, delivery schedules,customer requirements, and/or other factors.
  26. 26. Future• Field level obfuscation – Blocking PPI data in documents from some users.• Improved auditing• More external authentication protocols• External access control privileges – Central management of ACL and MongoDB able to externally read them
  27. 27. Thank You

×