MongoDB with Async Python Transcripts
Chapter: Deployment
Lecture: MongoDB's Security Checklist

Learn more about this course
Login or purchase this course to watch this video and the rest of the course contents.
0:00 MongoDB has put together a security checklist. If you are hosting MongoDB yourself or for your company, either this is internally in your data center
0:11 or maybe even more importantly, on the cloud, you might set up a virtual network in the cloud and somehow it's gonna be part of that there.
0:20 So here's the checklist. Limit network exposure. So people should not be able to connect directly to the server, period.
0:28 There's really no reason for this. You might say, ""Michael, we need backups. We need these other things. We need to be able to admin them.
0:35 Yes, I mean, maybe SSH access to that particular server with just a certificate, that's needed, yes.
0:42 But I mean, directly connecting to the MongoDB server over the internet, probably never is the right answer.
0:49 Certainly that's the way we run things at Talkpylon. You want to enable access control and enforce authentication. These two things are what went wrong
1:00 in all those examples I showed you. They were publicly open on the internet to the world and they had no login credentials required whatsoever.
1:09 That sounds bad, doesn't it? It is. Encrypt communication. Obviously, if you're sending like a connection string with a username and password,
1:19 you don't wanna do that in the open because well, then not so great. If you have very sensitive data, you could consider at rest encryption.
1:29 I do not believe the community version supports this, but maybe some of the paid versions of MongoDB do. You can audit system activity.
1:39 That doesn't help you prevent data loss or anything, but it will at least let you know what happened. So if there's some kind of ongoing incident,
1:47 you'll know that. Backup, backup, backup, backup, backup, all the time, backup, make sure you're taking backups.
1:54 Something could go wrong with your server. You could lose access to the account that runs it. You never know, right? Just backups are always important.
2:02 So don't forget that backups. Give a big long right up here about admin security checklist. You can see it at the URL at the bottom.
2:10 Go check that out if that's relevant to you.


Talk Python's Mastodon Michael Kennedy's Mastodon