Architecting Secure and Compliant Applications with MongoDB
•Als PPTX, PDF herunterladen•
1 gefällt mir•1,175 views
High profile security breaches have become embarrassingly common, but ultimately avoidable. Now more than ever, database security is a critical component of any production application. In this talk we'll learn to secure your deployment in accordance with best practices and compliance regulations. We'll explore the MongoDB Enterprise features which ensure HIPAA and PCI compliance, and protect you against attack, data exposure and a damaged reputation.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie Architecting Secure and Compliant Applications with MongoDB
Ähnlich wie Architecting Secure and Compliant Applications with MongoDB (20)
Mehr von MongoDB
Mehr von MongoDB (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Architecting Secure and Compliant Applications with MongoDB
- 2. Architecting Secure and Compliant Applications with MongoDB jason.mimick@mongodb.com @jmimick Senior Consulting Engineer – MongoDB Inc
- 3. 6
- 6. 9 Concepts Authentication Authorization Validating a user is who they say they are Only letting a user do certain things
- 7. 10 WARNING Some features only supported in MongoDB Enterprise Advanced versions! Generally, functionality available in 2.6.x Will call out any specific 3.0.x features
- 8. 11 Concepts Auditing Encryption Tracking system activity Encoding data so that only those with the key can read it
- 9. 12 Authentication password-based challenge-response mechanism - user/pwd – defined against a DB - Different auth mechanisms (changed in 3.0) - SCRAM-SHA-1, MONGO-CR - Kerberos, LDAP x.509 certificates - validate members of replica set’s and sharded cluster’s are who you think they are - also used in SSL connections
- 10. How do you make your MongoDB authorize users?
- 11. 14 [ec2-user@ip-10-0-214-82 ~]$ mongod --dbpath ./db --auth
- 12. 15 Localhost Exception The localhost exception allows you to enable authorization before creating the first user in the system. When active, the localhost exception allows connections from the localhost interface to create the first user on the admin database. The exception applies only when there are no users created in the MongoDB instance. Changed in version 3.0: The localhost exception changed so that these connections only have access to create the first user on the admin database. In previous versions, connections that gained access using the localhost exception had unrestricted access to the MongoDB instance.
- 13. 16 Authorization Role Based Access Control built-ins, and custom var stockerRole = { “role” : “acme.store.stocker”, “privileges” : [ { “resource” : { “db” : “products”, “collection” : “inventory” }, “actions” : [ “find”, “update” ] } ], “roles” : [ “acme.store.user” ] } use acme db.createRole( stockerRole );
- 14. 17 Auditing Can audit on your mongod and mongos Send events to console, syslog, JSON or BSON file mongod --dbpath data/db --auditDestination file --auditFormat JSON --auditPath data/db/auditLog.json [ec2-user@ip-10-0-214-82 ~]$ tail -f auditLog.json { "atype" : "shutdown", "ts" : { "$date" : "2015-05-22T14:30:52.213+0000" }, "local" : { "ip" : "(NONE)", "port" : 0 }, "remote" : { "ip" : "(NONE)", "port" : 0 }, "users" : [], "roles" : [], "param" : {}, "result" : 0 } { "atype" : "createCollection", "ts" : { "$date" : "2015-05-22T14:30:58.960+0000" }, "local" : { "ip" : "(NONE)", "port" : 0 }, "remote" : { "ip" : "(NONE)", "port" : 0 }, "users" : [ { "user" : "__system", "db" : "local" } ], "roles" : [], "param" : { "ns" : "local.startup_log" }, "result" : 0 } { "atype" : "createCollection", "ts" : { "$date" : "2015-05-22T14:31:24.661+0000" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 56023 }, "users" : [], "roles" : [], "param" : { "ns" : "foo.foo" }, "result" : 0 }
- 15. 18 Encryption At rest – recommend to always encrypt data on storage system 3rd party tools – more doc online: • Linux Unified Key Setup (LUKS) LUKS • IBM Guardium Data Encryption • Vormetric Data Security Platform • Bitlocker Drive Encryption (Windows) Required for HIPAA/PCI-DSS Configure mongod and mongos for SSL mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem
- 16. 19 Best Practices http://docs.mongodb.org/manual/administration/security-checklist/ Security Checklist • Require Authentication • Configure Roles • Use SSL • Configure firewall – limit network exposure • Turn on auditing • Encrypt data on disk • Run mongod with dedicated user account • Set secure options • --noscripting • Disable REST/HTTP
- 17. 20 Demo Building roles to support healthcare application and HIPAA requirements. In general for full details on HIPAA and PCI-DSS standards compliance see: http://s3.amazonaws.com/info-mongodb-com/MongoDB_Security_Architecture_WP.pdf
- 18. 21 Demo Role Create Read Update Delete Index (Maintenance) Physician Billing Associate Patient System Administrator
Hinweis der Redaktion
- Hi – I’m me… JTM, etc. Welcome to a super boring talk about security and stuff - well I hope not. Everyone doing good – awesome, isn’t it great to be able to alter things, take a break from your real day-to-day job, and also connect with fellow geeks ;) Having a chance to relax a bit and also really tap into some core technology stuff? Cool, let’s get going --- um, well, oh shoot, I forgot, needed forgot to do something….bear with me, just a moment, please – thanks--- <switch to terminal, kick off network scan, make people watch a bit – make them wonder WFT? – (I hope this works)> nmap -p 27017 -oG openMongodsNmap 192.168.1.0/24 grep '27017/open' openMongodsNmap | cut -d" " -f2 > openMongods Scan for any open mongod’s in the conference! This should be a couple of mins or so---
- MongoDB is specifically designed for an awesome out-of-box developer experience. You can get your apps up and running very easily. But, this means that most (well like all) the security features are TURNED OFF by DEFAULT. Devs love this, OPS not so much.
- So, this is an OPS track – but the title of this talk starts with “Architecting” and then has Applications? WTF??? I’m going to try and give a high-level overview of OP’s “nuts & bolts” stuff (you guys can all look this stuff up ---- Oh, good thing about working for an open source company --- I can google the real docs you can too! Then cover some essential Best Practices, and wrap up with a demo show how to really make some of this stuff work— In particular, perhap’s not so OPS-ey – yeah, you’re gonna have to “TALK” to you dev teams here!!! - show you how to create Some application specific security stuff – WHICH YOU SHOULD DO!!!!!!
- Auth – variety of supported mechanisms, integrates with LDAP, Kerberos, X.509 certs Authorization – Role Based Access Control, out-of-box roles & privileges, ability to build custom roles- can define over whole instance, db or even collection level
- Need to point out- We love and embrace open source, and wouldn’t be were we are without it. We also support many enterprises who require the highest level of security and confidence in their software providers – So many advanced security features are only available in the “Enterprise Advanced” versions.
- Auditing – logged system changes, modifications – this is not logging read/write from an application, but admin changes – use to ensure and validate you are following best practices Encryption – support for both “at rest” (integration with 3rd party – Volmetric/IBM/etc) and file system disk-level, also in flight with SSL
- Users and their password are defined with a db name – you need to authenticate against the DB you are defined with!! Take care with different shell/mongod version and auth mechanisms
- Users and their password are defined with a db name – you need to authenticate against the DB you are defined with!! Take care with different shell/mongod version and auth mechanisms You can start a mongod without –auth and create an ‘admin’ user, then restart with –auth, there is the… localhost exception
- From the docs – just want them to see and burn in this “LOCALHOST EXCEPTION” thing
- So you’re building an e-commerce website – you need both front end and back end access to you data – what access would a particular person need which only manages inventory? Roles are made up of a set of privileges, privileges are made up of a set of resources and actions – resources are things like db’s, collection’s, Actions are commands or functions the user can perform on the resource – find, update, etc. Lots and lots of actions/privileges defined in the system – Roles and inherit from other roles – can build complex hierarchy of roles.
- System audits for schema changes (e.g. create/drop collection, add indexes), repl set/shard config changes, auth and authz, general db operations. Supports filters – only audit things you care about Support api for custom audit messages – “logApplicationMessage” db command
- allowSSL, preferSSL, requireSSL – settings for sslMode – use these to gradually “step up” a replica set/cluster to use SSL
- --noscripting – turns off server-side Javascript, disabled mapReduce, group, $where
- NOT!! Covering all details in this talk – review official documentation!!
- NOT!! Covering all details in this talk – review official documentation!!
- Doing things right, does take time and effort – but do it from the start and build it into your culture and you will be fine