4. Securing MongoDB 2.2
Authentication
– Simple user/password scheme stored in MongoDB
Authorization
– Per database: no access, read, or read-write
Auditing
– Authentication requests logged
– Some actions / changes captured in log
Securing your MongoDB Implementation, Mark Hillick
5. MongoDB SSL
SSL encryption SSL encryption
for client for inter-server
connection traffic
Primary Secondary
Application
Data Files Data Files
Keyfile establishes trust
http://docs.mongodb.org/manual/administration/ssl/
Securing your MongoDB Implementation, Mark Hillick
8. External Authentication
Use common / standardized authentication
SASL: Simple Authentication and Security Layer
– Framework for building authentication
Kerberos
– GSSAPI, drivers will be updated
– Mixed system.users can work during transition
Securing your MongoDB Implementation, Mark Hillick
9. Authentication with only pwd
hash
• Use one-way function F
I am “marko@10gen.com”, let me in
Knows
Mongod only my
Prove it, here is a random # N
passwor
d hash
Here is
F(N, hash(<mypwd>))
Nobody else could know Hash never
that, welcome back marko! transmitted
over the
network!
Securing your MongoDB Implementation, Mark Hillick
10. Authentication with Kerberos
(2.4)
I am
“mark@10gen.com”, help me
prove it to mongod KDC
UDP:88 - Here is a TGT
TCP:27017 Welcome, he
Here is a re is a
Kerberos Service
TGT Ticket! UDP:8
8
Mongod {
user: ”mark@10gen.com",
roles: ["readWrite"],
userSource: "$external"
}
Securing your MongoDB Implementation, Mark Hillick
14. AUTHORIZATION
• Issues with 2.2
• 2.4 introduces roles
– Admin level roles
• UserAdmin – DB level roles
• ClusterAdmin • User Admin
• DB Admin
• Read
• ReadWrite
15. AUTHORIZATION
Corresponding
• Issues with 2.2 Admin level roles
for AllDatabases
– Only Read / ReadWrite
– Edge-case with possible privilege escalation
• 2.4 introduces roles
– Admin level roles – DB level roles
• UserAdmin • User Admin
• ClusterAdmin • DB Admin
• Read
• ReadWrite
Securing your MongoDB Implementation, Mark Hillick
16. ADMIN DB
• ClusterAdmin
• AllDatabases
Source:https://wellsted135.files.wordpress.com/2012/10/special.gif
Securing your MongoDB Implementation, Mark Hillick
17. Password
Admin DB Accnts DB hashes
• UserAdmin
• UserAdmin
• ClusterAdmin
App DB Product
• UserAdmi DB
n • UserAdmin
• dbAdmin • dbAdmin Customer
• ReadWrite BI DB •
• Read
ReadWrite DB
• UserAdmi • Read • UserAdmin
n • dbAdmin
• dbAdmin • ReadWrite
• ReadWrite • Read
• Read
Securing your MongoDB Implementation, Mark Hillick
18. I can do anything
but I won’t be I can add and
required to do much remove shards
DB Admin: UserAdmin DB Admin: ClusterAdmin
I can
I can grant
I can create new create
privileges to
users but I can’t indices, set
the App DB
grant them profiling, co
only
privileges to other mpact
DB’s
DB Accnts: userAdmin DB App: userAdmin DB App: dbAdmin
Securing your MongoDB Implementation, Mark Hillick
19. Super-User
userAdmin & userAdminAnyDatabase
are
Only these users can view details about other
users – system.users collection
Securing your MongoDB Implementation, Mark Hillick
20. I can Each DB’s userAdmin gets to
I can grant
create grant privileges separately
privileges to
indices, set
the App DB
profiling, co
only
mpact
DB App: UserAdmin DB App: dbAdmin
In App.system.users :
{ {
user: “fred” , user: “george” ,
usersource: “Accnts” , usersource: “Accnts” ,
roles: [ “userAdmin” ] roles: [ “dbAdmin“ ] ,
} Credentials
from Accnts DB }
Securing your MongoDB Implementation, Mark Hillick
26. JS Engine
Move to V8
– Primarily performance reasons but some security benefits
– Restrictions on $where & M/R/F
– SERVER-8104 & Aaron Heckmann’s Blog
Securing your MongoDB Implementation, Mark Hillick
29. MongoDB - Gazzang
• File System Encryption
• 5% performance hit with HDD, 10-15% with
SSD
Gazzang
Key Mgmt
OS Gazzang
File System – All contents encrypted
Securing your MongoDB Implementation, Mark Hillick
36. Disclaimer
Statements about future releases, availability
dates, and feature content reflect plans only, and
10gen is under no obligation to include, develop
or make available, commercially or
otherwise, specific feature discussed a future
MongoDB build. Information is provided for
general understanding only, and is subject to
change at the sole discretion of 10gen in
response to changing market conditions, delivery
schedules, customer requirements, and/or other
factors.
Securing your MongoDB Implementation, Mark Hillick
37. Futures
Auditing
– Logging to output userID associated with actions
Passwords
– Stronger Hashing
Authorization
– User Defined & More Granularity
SSL
– Client Cert Validation
Securing your MongoDB Implementation, Mark Hillick
Ok, so here are the presenters notes. Your first job is to add you name and other useful stuff so that your students can contact you afterwards.This is a good time to- introduce yourself- create a seating chart, get each student to say their name, company and what they want to learn... and write it on your seating chart
system.users collection with hash password
MongoD does not even need to know the password hash!You can centralize your authentication service – SPOF & SOS
read: access to read documentsreadWrite: access to read and write documentsuserAdmin: manage, modify user access to a dbdbAdmin: compact, repair, validate etc.clusterAdmin: stuff with shards
read: access to read documentsreadWrite: access to read and write documentsuserAdmin: manage, modify user access to a dbdbAdmin: compact, repair, validate etc.clusterAdmin: stuff with shards
With SSD, as the time spent processing data between OS and disk gets proportionally larger since SSD's are so much faster, it means the pert hit is 15%. You still get a major upgrade in speed, but encrypting and decrypting take a larger share.