Security Introduction

Maintaining a secure MongoDB deployment requires administrators to implement controls to ensure that users and applications have access to only the data that they require. MongoDB provides features that allow administrators to implement these controls and restrictions for any MongoDB deployment. If you are already familiar with security and MongoDB security practices, consider the Security Checklist for a collection of recommended actions to protect a MongoDB deployment.

Authentication – Before gaining access to a system all clients should identify themselves to MongoDB. This ensures that no client can access the data stored in MongoDB without being explicitly allowed. MongoDB includes two mechanism: a password-based challenge and response protocol and x.509 certificates. Additionally MongoDB includes support for several external authentication mechanisms to integrate with existing authentication infrastructure. When you enable authentication MongoDB, MongoDB will require authentication for all connections, including all clients and all other MongoDB instances in a deployment.
Role Based Access Control – Clients should only be able to perform the operations required to fulfill their approved functions. This is the “principal of least privilege,” and limits the potential risk of a compromised application. MongoDB’s role-based access control system allows administrators to control all access and ensure that all granted access applies as narrowly as possible. Privileges in MongoDB consist of an action, or a set operations that a user can perform, and a resource, or context where the user can perform that action. Multiple privileges combine to create a role, and users may have one or more role that describes their access. MongoDB provides several built-in roles and users can construct specific roles tailored to clients’ actual requirements.
Auditing – Auditing provides administrators with the ability to verify that the implemented security policies are controlling activity in the system. Retaining audit information ensures that administrators have enough information to perform forensic investigations and comply with regulations and polices that require audit data.
Encryption – It includes
Transport Encryption – You can use SSL to encrypt all of MongoDB’s network traffic. SSL ensures that MongoDB network traffic is only readable by the intended client.
Encryption at Rest – MongoDB has a partnership with Gazzang to encrypt and secure sensitive data within MongoDB. The solution encrypts data in real time, and Gazzang provides advanced key management that ensures only authorized processes can access this data. The Gazzang software ensures that the cryptographic keys remain safe and ensures compliance with standards including HIPAA, PCI-DSS, and FERPA.
Hardening Deployments and Environments – In addition to implementing controls within MongoDB, you should also place controls around MongoDB to reduce the risk exposure of the entire MongoDB system. This is a defense in depth strategy. Hardening MongoDB extends the ideas of least privilege, auditing, and encryption outside of MongoDB. Reducing risk includes: configuring the network rules to ensure that only trusted hosts have access to MongoDB, and that the MongoDB processes only have access to the parts of the filesystem required for operation.