SlideShare une entreprise Scribd logo
1  sur  32
Télécharger pour lire hors ligne
Securing Your MongoDB Deployment
Securing Your MongoDB
Deployment
Andreas Nilsson
Lead Security Engineer, MongoDB
3
The Art Of Securing A System
“If you know the enemy and know yourself,
you need not fear the result of a hundred battles.
If you know yourself but not the enemy,
for every victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself,
you will succumb in every battle.”
Sun Tzu, The Art of War 500 BC
4
Securing The Application: Agenda
Securing a Database Access Control
AuditingData Protection
How can we make data accessible securely?
6
Timeline
Plan and design security as early as possible.
Hadoop
Event
Processing
Engine
Analytics
Execution
(R,Python & Pig)
Distributed
File System
HDFS
Stream Analytics
Yellow
Restricted Zone
Green
Controlled Zone
Web Application
REST Web Service
Even Processing
J2EE Tomcat
MongoDB to Hadoop
Connector
MongoDB to Hadoop
Connector
ETL
ETL
Orders
ETL
Operational
Data Store
MongoDB
Content
Management
System
Web Logs
Profiles
Reference Data
Real-time
Event Data
Designing the Infrastructure
8
Access Control
ConfigureAuthentication andAuthorization.
9
MongDB Configuration
Authentication - Who are you in MongoDB?
• Application user, administrator, backup job,
monitoring agent.
Authorization - What can you do in MongoDB?
• CRUD operations, configure the database,
manage sharding, user management.
10
Enable Authentication
Built-in authentication methods
• Password challenge response
• x.509 certificates
Or integrate with existing authentication infrastructure
11
Enable Access Control
Design
• Determine which types of users exist in the system.
• Match the users to MongoDB roles. Create any
customized roles.
Deployment
• Start/restart MongoDB with access control enabled.
• Create the desired users.
12
Role Based Access Control
Built-in roles
• read, readWrite, dbAdmin, clusterAdmin, root, etc..
User defined roles
• Customized roles based on existing roles and privileges.
Internal Authentication
Server-Server authentication
use shared keyfile
or x.5909.
14
Sharding, upgrading, and other fancy topics
Users in a sharded system
• live on the config servers, not the query routers (mongos)
• local shard (replica set) users can still exist
Users in 2.4
• located in different DBs and in a different format than:
Users in >= 2.6
• all reside in the admin DB and hence are always replicated.
15
Field Level Redaction - $redact
$redact
• New aggregation framework operator
• Conditionally filter user documents
Use cases
• Implement user-based document level, content filtering.
• Create egress filter, redacting sensitive information.
Access Control – Field Level Redaction
17
Data Protection
Encrypting data in transit (SSL) and data at rest.
Data Protection End to End
19
Transport Encryption with SSL
• Possible to protect client-server, server-server
communications with SSL.
• Support for commercially and internally issued x.509
certificates
• Possible to run the server in FIPS 140-2 mode.
• Support for mixed SSL and non-SSL clusters.
• Self-signed certificates provides no trust!
• Omitting to provide a CA file to MongoDB disables validation!
Data Protection – Transport Encryption
• Encrypt Communications (SSL)
• Authenticate connections (x.509)
21
Data Protection – Encryption at rest
Alternatives
• Encrypt data client side
• Use partner or independent solution for file and OS level
encryption
22
Security Auditing
23
The Audit Log
• Security events can be written to either the console, the
syslog or a file (JSON/BSON)
• By default, all security events are written to audit log when
enabled.
• Events include Authentication failures and some commands.
• Access control is not required for auditing.
• They are separate components.
24
Audit Log Properties
• Can filter based off of different criteria
– Action Type, TimeFrame, IP Address/Port, Users
• Events Have Total Order Per Connection
• Audit Guarantees (AKA Writes/config)
– Audit event written to disk BEFORE writing to the
journal
– A write will not complete before it has been audited
Some Final Tips
26
Some tips along the way
1. Do not directly expose database servers to the Internet
2. Design and configure access control
3. Enable SSL
4. Provide SSL CA files to the client and server as trust base
5. Disable any unnecessary interfaces
6. Lock down database files and minimize account privileges
27
DO YOU NEED: YES NO
Advanced security? ✓
Disaster Recovery? ✓
Monitoring for system performance and availability? ✓
Automated lifecycle management? ✓
Guaranteed response time SLA? ✓
Platform certification ✓
Enterprise Decision Checklist
28
MongoDB Enterprise Advanced
Features
MongoDB Ops Manager ✓
Advanced Security ✓
On-Demand Training ✓
SLA (24x365)
1 hour
(faster times optional)
License Commercial
Price $10,000 / Server / Yr.
29
What Did We Talk About?
Securing a Database Access Control
AuditingData Protection
30
The Art Of Securing A System
“All men can see these tactics whereby I conquer,
but what none can see is the strategy out of which victory is
evolved.”
Sun Tzu, The Art of War 500 BC
31
Next Steps
MongoDB Security Manual
http://docs.mongodb.org/manual/core/security-introduction/
MongoDB Security Whitepaper -
http://info.mongodb.com/rs/mongodb/images/MongoDB_Se
curity_Architecture_WP.pdf
Thank You!
Andreas Nilsson
Lead Security Engineer, MongoDB

Contenu connexe

Tendances

Using Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsUsing Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsTaswar Bhatti
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)Will Schroeder
 
Webinar: Technical Introduction to Native Encryption on MongoDB
Webinar: Technical Introduction to Native Encryption on MongoDBWebinar: Technical Introduction to Native Encryption on MongoDB
Webinar: Technical Introduction to Native Encryption on MongoDBMongoDB
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
MongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationMongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationHabilelabs
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokensOWASP
 
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
 BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S... BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...BlueHat Security Conference
 
DevOpsDays - DevOps: Security 干我何事?
DevOpsDays - DevOps: Security 干我何事?DevOpsDays - DevOps: Security 干我何事?
DevOpsDays - DevOps: Security 干我何事?smalltown
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundDirkjanMollema
 
Securing Cassandra The Right Way
Securing Cassandra The Right WaySecuring Cassandra The Right Way
Securing Cassandra The Right WayDataStax Academy
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?Nathan Van Gheem
 
Issuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultIssuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultOlinData
 
MongoDB 2.4 Security Features
MongoDB 2.4 Security FeaturesMongoDB 2.4 Security Features
MongoDB 2.4 Security FeaturesMongoDB
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active DirectorySunny Neo
 
Azure key vault - Brisbane User Group
Azure key vault  - Brisbane User GroupAzure key vault  - Brisbane User Group
Azure key vault - Brisbane User GroupRahul Nath
 
Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Andy Robbins
 

Tendances (20)

Using Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsUsing Vault for your Nodejs Secrets
Using Vault for your Nodejs Secrets
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
 
Webinar: Technical Introduction to Native Encryption on MongoDB
Webinar: Technical Introduction to Native Encryption on MongoDBWebinar: Technical Introduction to Native Encryption on MongoDB
Webinar: Technical Introduction to Native Encryption on MongoDB
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
 
MongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationMongoDB Security Introduction - Presentation
MongoDB Security Introduction - Presentation
 
Injection flaw teaser
Injection flaw teaserInjection flaw teaser
Injection flaw teaser
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens
 
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
 BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S... BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
 
DevOpsDays - DevOps: Security 干我何事?
DevOpsDays - DevOps: Security 干我何事?DevOpsDays - DevOps: Security 干我何事?
DevOpsDays - DevOps: Security 干我何事?
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
 
Securing Cassandra The Right Way
Securing Cassandra The Right WaySecuring Cassandra The Right Way
Securing Cassandra The Right Way
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
 
Issuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultIssuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vault
 
MongoDB 2.4 Security Features
MongoDB 2.4 Security FeaturesMongoDB 2.4 Security Features
MongoDB 2.4 Security Features
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active Directory
 
Azure key vault - Brisbane User Group
Azure key vault  - Brisbane User GroupAzure key vault  - Brisbane User Group
Azure key vault - Brisbane User Group
 
Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24
 

En vedette

Mongo db security guide
Mongo db security guideMongo db security guide
Mongo db security guideDeysi Gmarra
 
Securing Your MongoDB Implementation
Securing Your MongoDB ImplementationSecuring Your MongoDB Implementation
Securing Your MongoDB ImplementationMongoDB
 
Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBMongoDB
 
MongoDB Administration 101
MongoDB Administration 101MongoDB Administration 101
MongoDB Administration 101MongoDB
 
Automating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and GazzangAutomating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and GazzangMongoDB
 
A Weight Off Your Shoulders: MongoDB Atlas
A Weight Off Your Shoulders: MongoDB AtlasA Weight Off Your Shoulders: MongoDB Atlas
A Weight Off Your Shoulders: MongoDB AtlasMongoDB
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentMongoDB
 
Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101MongoDB
 
Replication and Replica Sets
Replication and Replica SetsReplication and Replica Sets
Replication and Replica SetsMongoDB
 
MongoDB in a Mainframe World
MongoDB in a Mainframe WorldMongoDB in a Mainframe World
MongoDB in a Mainframe WorldMongoDB
 
Mongo Performance Optimization Using Indexing
Mongo Performance Optimization Using IndexingMongo Performance Optimization Using Indexing
Mongo Performance Optimization Using IndexingChinmay Naik
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesMongoDB
 
Web Database
Web DatabaseWeb Database
Web Databaseidroos7
 
Webinar: Performance Tuning + Optimization
Webinar: Performance Tuning + OptimizationWebinar: Performance Tuning + Optimization
Webinar: Performance Tuning + OptimizationMongoDB
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 

En vedette (19)

Mongo db security guide
Mongo db security guideMongo db security guide
Mongo db security guide
 
Securing Your MongoDB Implementation
Securing Your MongoDB ImplementationSecuring Your MongoDB Implementation
Securing Your MongoDB Implementation
 
Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDB
 
MongoDB Administration 101
MongoDB Administration 101MongoDB Administration 101
MongoDB Administration 101
 
Automating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and GazzangAutomating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and Gazzang
 
A Weight Off Your Shoulders: MongoDB Atlas
A Weight Off Your Shoulders: MongoDB AtlasA Weight Off Your Shoulders: MongoDB Atlas
A Weight Off Your Shoulders: MongoDB Atlas
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB Deployment
 
Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101
 
Indexing In MongoDB
Indexing In MongoDBIndexing In MongoDB
Indexing In MongoDB
 
Replication and Replica Sets
Replication and Replica SetsReplication and Replica Sets
Replication and Replica Sets
 
MongoDB in a Mainframe World
MongoDB in a Mainframe WorldMongoDB in a Mainframe World
MongoDB in a Mainframe World
 
Mongo Performance Optimization Using Indexing
Mongo Performance Optimization Using IndexingMongo Performance Optimization Using Indexing
Mongo Performance Optimization Using Indexing
 
Phplx mongodb
Phplx mongodbPhplx mongodb
Phplx mongodb
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security Features
 
Web Database
Web DatabaseWeb Database
Web Database
 
MongoDB 3.4 webinar
MongoDB 3.4 webinarMongoDB 3.4 webinar
MongoDB 3.4 webinar
 
Webinar: Performance Tuning + Optimization
Webinar: Performance Tuning + OptimizationWebinar: Performance Tuning + Optimization
Webinar: Performance Tuning + Optimization
 
Database Security
Database SecurityDatabase Security
Database Security
 
Database Security
Database SecurityDatabase Security
Database Security
 

Similaire à Securing Your MongoDB Deployment

Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
Creating a Single View Part 3: Securing Your Deployment
Creating a Single View Part 3: Securing Your DeploymentCreating a Single View Part 3: Securing Your Deployment
Creating a Single View Part 3: Securing Your DeploymentMongoDB
 
Webinar: Creating a Single View: Securing Your Deployment
Webinar: Creating a Single View: Securing Your DeploymentWebinar: Creating a Single View: Securing Your Deployment
Webinar: Creating a Single View: Securing Your DeploymentMongoDB
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseMongoDB
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise MongoDB
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersTobias Koprowski
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud SecurityMongoDB
 
Percona Live 2021 - MongoDB Security Features
Percona Live 2021 - MongoDB Security FeaturesPercona Live 2021 - MongoDB Security Features
Percona Live 2021 - MongoDB Security FeaturesJean Da Silva
 
Webinar: Best Practices for Upgrading to MongoDB 3.0
Webinar: Best Practices for Upgrading to MongoDB 3.0Webinar: Best Practices for Upgrading to MongoDB 3.0
Webinar: Best Practices for Upgrading to MongoDB 3.0MongoDB
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopAjay Choudhary
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 

Similaire à Securing Your MongoDB Deployment (20)

Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDB
 
Creating a Single View Part 3: Securing Your Deployment
Creating a Single View Part 3: Securing Your DeploymentCreating a Single View Part 3: Securing Your Deployment
Creating a Single View Part 3: Securing Your Deployment
 
Webinar: Creating a Single View: Securing Your Deployment
Webinar: Creating a Single View: Securing Your DeploymentWebinar: Creating a Single View: Securing Your Deployment
Webinar: Creating a Single View: Securing Your Deployment
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB Enterprise
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
 
Percona Live 2021 - MongoDB Security Features
Percona Live 2021 - MongoDB Security FeaturesPercona Live 2021 - MongoDB Security Features
Percona Live 2021 - MongoDB Security Features
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Webinar: Best Practices for Upgrading to MongoDB 3.0
Webinar: Best Practices for Upgrading to MongoDB 3.0Webinar: Best Practices for Upgrading to MongoDB 3.0
Webinar: Best Practices for Upgrading to MongoDB 3.0
 
Windows Azure Essentials V3
Windows Azure Essentials V3Windows Azure Essentials V3
Windows Azure Essentials V3
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming Workshop
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 

Plus de MongoDB

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
 MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump StartMongoDB
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB
 

Plus de MongoDB (20)

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
 MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
 

Dernier

Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 

Dernier (20)

Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 

Securing Your MongoDB Deployment

  • 2. Securing Your MongoDB Deployment Andreas Nilsson Lead Security Engineer, MongoDB
  • 3. 3 The Art Of Securing A System “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu, The Art of War 500 BC
  • 4. 4 Securing The Application: Agenda Securing a Database Access Control AuditingData Protection
  • 5. How can we make data accessible securely?
  • 6. 6 Timeline Plan and design security as early as possible.
  • 7. Hadoop Event Processing Engine Analytics Execution (R,Python & Pig) Distributed File System HDFS Stream Analytics Yellow Restricted Zone Green Controlled Zone Web Application REST Web Service Even Processing J2EE Tomcat MongoDB to Hadoop Connector MongoDB to Hadoop Connector ETL ETL Orders ETL Operational Data Store MongoDB Content Management System Web Logs Profiles Reference Data Real-time Event Data Designing the Infrastructure
  • 9. 9 MongDB Configuration Authentication - Who are you in MongoDB? • Application user, administrator, backup job, monitoring agent. Authorization - What can you do in MongoDB? • CRUD operations, configure the database, manage sharding, user management.
  • 10. 10 Enable Authentication Built-in authentication methods • Password challenge response • x.509 certificates Or integrate with existing authentication infrastructure
  • 11. 11 Enable Access Control Design • Determine which types of users exist in the system. • Match the users to MongoDB roles. Create any customized roles. Deployment • Start/restart MongoDB with access control enabled. • Create the desired users.
  • 12. 12 Role Based Access Control Built-in roles • read, readWrite, dbAdmin, clusterAdmin, root, etc.. User defined roles • Customized roles based on existing roles and privileges.
  • 14. 14 Sharding, upgrading, and other fancy topics Users in a sharded system • live on the config servers, not the query routers (mongos) • local shard (replica set) users can still exist Users in 2.4 • located in different DBs and in a different format than: Users in >= 2.6 • all reside in the admin DB and hence are always replicated.
  • 15. 15 Field Level Redaction - $redact $redact • New aggregation framework operator • Conditionally filter user documents Use cases • Implement user-based document level, content filtering. • Create egress filter, redacting sensitive information.
  • 16. Access Control – Field Level Redaction
  • 17. 17 Data Protection Encrypting data in transit (SSL) and data at rest.
  • 19. 19 Transport Encryption with SSL • Possible to protect client-server, server-server communications with SSL. • Support for commercially and internally issued x.509 certificates • Possible to run the server in FIPS 140-2 mode. • Support for mixed SSL and non-SSL clusters. • Self-signed certificates provides no trust! • Omitting to provide a CA file to MongoDB disables validation!
  • 20. Data Protection – Transport Encryption • Encrypt Communications (SSL) • Authenticate connections (x.509)
  • 21. 21 Data Protection – Encryption at rest Alternatives • Encrypt data client side • Use partner or independent solution for file and OS level encryption
  • 23. 23 The Audit Log • Security events can be written to either the console, the syslog or a file (JSON/BSON) • By default, all security events are written to audit log when enabled. • Events include Authentication failures and some commands. • Access control is not required for auditing. • They are separate components.
  • 24. 24 Audit Log Properties • Can filter based off of different criteria – Action Type, TimeFrame, IP Address/Port, Users • Events Have Total Order Per Connection • Audit Guarantees (AKA Writes/config) – Audit event written to disk BEFORE writing to the journal – A write will not complete before it has been audited
  • 26. 26 Some tips along the way 1. Do not directly expose database servers to the Internet 2. Design and configure access control 3. Enable SSL 4. Provide SSL CA files to the client and server as trust base 5. Disable any unnecessary interfaces 6. Lock down database files and minimize account privileges
  • 27. 27 DO YOU NEED: YES NO Advanced security? ✓ Disaster Recovery? ✓ Monitoring for system performance and availability? ✓ Automated lifecycle management? ✓ Guaranteed response time SLA? ✓ Platform certification ✓ Enterprise Decision Checklist
  • 28. 28 MongoDB Enterprise Advanced Features MongoDB Ops Manager ✓ Advanced Security ✓ On-Demand Training ✓ SLA (24x365) 1 hour (faster times optional) License Commercial Price $10,000 / Server / Yr.
  • 29. 29 What Did We Talk About? Securing a Database Access Control AuditingData Protection
  • 30. 30 The Art Of Securing A System “All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved.” Sun Tzu, The Art of War 500 BC
  • 31. 31 Next Steps MongoDB Security Manual http://docs.mongodb.org/manual/core/security-introduction/ MongoDB Security Whitepaper - http://info.mongodb.com/rs/mongodb/images/MongoDB_Se curity_Architecture_WP.pdf
  • 32. Thank You! Andreas Nilsson Lead Security Engineer, MongoDB

Notes de l'éditeur

  1. Call to action is about thinking where there is opportunity and what are you anchoring your data hub around?
  2. Call to action is about thinking where there is opportunity and what are you anchoring your data hub around?
  3. Call to action is about thinking where there is opportunity and what are you anchoring your data hub around?
  4. MongoDB Enterprise Advanced offers customers enterprise-grade capabilities, as well as proactive support, the Customer Success Program, and a commercial license. Proactive Support. MongoDB Enterprise Advanced provides access to proactive, consultative support from development to production. The same team that builds the database itself helps you throughout your entire application lifecycle. Customers can ask MongoDB experts an unlimited number of questions, 24 x 365, globally. And support includes emergency patches for MongoDB. MongoDB Management Service (MMS) On-Prem. MongoDB Management Service On-Prem is the easiest way to manage MongoDB from your data center. MMS On-Prem provides backup, monitoring, and alerting for your MongoDB Enterprise deployment. Enterprise Software Integration. MongoDB Enterprise fits easily into your existing IT infrastructure and processes. SNMP support connects MongoDB Enterprise with your management and monitoring tools. Advanced Security. MongoDB Enterprise meets security and compliance standards with Kerberos and LDAP authentication, Red Hat Identity Management Certification, and auditing. In addition to MongoDB’s already comprehensive security framework – which includes Role-Based Access Control, PKI certificates, SSL, and Field-Level Redaction – the advanced features in MongoDB Enterprise enable you to defend, detect, and control access to your data. Commercial License. MongoDB Enterprise Advanced includes a commercial license to meet the development and distribution needs of organizations that have policies requiring a license, including commercial distributors (OEMs). Platform Certifification. MongoDB Enterprise has been tested and certified on Windows, Red Hat/CentOS, Ubuntu, and Amazon Linux to provide operational stability. On-Demand Training. Access to our online training, on your schedule and at your pace. Developers and ops teams can improve their MongoDB skills on demand from wherever they want, whenever it fits their schedule. On-site training is also available. Customer Success Program. Through the Customer Success Program, we conduct an initial onboarding process, as well as multiple check-ins throughout the year to ensure your systems are running properly. We also keep you apprised of software updates, documentation, events, and webinars to ensure you have the resources you need to be successful.