MongoDB with Async Python Transcripts
Chapter: Deployment
Lecture: MongoDB's Security Checklist
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
MongoDB has put together a security checklist. If you are hosting MongoDB yourself or for your company, either this is internally in your data center
0:11
or maybe even more importantly, on the cloud, you might set up a virtual network in the cloud and somehow it's gonna be part of that there.
0:20
So here's the checklist. Limit network exposure. So people should not be able to connect directly to the server, period.
0:28
There's really no reason for this. You might say, ""Michael, we need backups. We need these other things. We need to be able to admin them.
0:35
Yes, I mean, maybe SSH access to that particular server with just a certificate, that's needed, yes.
0:42
But I mean, directly connecting to the MongoDB server over the internet, probably never is the right answer.
0:49
Certainly that's the way we run things at Talkpylon. You want to enable access control and enforce authentication. These two things are what went wrong
1:00
in all those examples I showed you. They were publicly open on the internet to the world and they had no login credentials required whatsoever.
1:09
That sounds bad, doesn't it? It is. Encrypt communication. Obviously, if you're sending like a connection string with a username and password,
1:19
you don't wanna do that in the open because well, then not so great. If you have very sensitive data, you could consider at rest encryption.
1:29
I do not believe the community version supports this, but maybe some of the paid versions of MongoDB do. You can audit system activity.
1:39
That doesn't help you prevent data loss or anything, but it will at least let you know what happened. So if there's some kind of ongoing incident,
1:47
you'll know that. Backup, backup, backup, backup, backup, all the time, backup, make sure you're taking backups.
1:54
Something could go wrong with your server. You could lose access to the account that runs it. You never know, right? Just backups are always important.
2:02
So don't forget that backups. Give a big long right up here about admin security checklist. You can see it at the URL at the bottom.
2:10
Go check that out if that's relevant to you.