SlideShare ist ein Scribd-Unternehmen logo

MongoDB World 2019: Tutorial: A Journey to Magical Security Creatures’ Land

MongoDB
MongoDB

The interactive presentation will use a metaphor, comparing security features to magical creatures, in that they both must be treated right. This game-based learning session will help audiences to understand the security features MongoDB has to offer and how to use them correctly.

Technologie
1 von 87
Downloaden Sie, um offline zu lesen
Ella Shurhavetsky Technical Services Engineer
A journey to magical security creatures’ land Ella Shurhavetsky, Technical Service Engineer, MongoDB
The flow Part One: The monster pack Part Two: How to stay secured
Know your benefits At the end of this presentation you will know - Your security options - When to use them
Part One: the monster pack
The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
SCRAM Challenge-response mechanism for authenticating users with passwords, uses hash and salt to conceal the password MongoDB uses SHA1 and SHA256* with SCRAM mechanism against name, password and authentication database** Habitat: DB
x.509 The client can authenticate to the server, using certificates rather than username/password Server has to have a CA certificate to be able to ensure the authenticity of the client, trying to connect x.509 is a standard defining the format of public certificates Habitat: Admin DB
LDAPS LDAPS server stores users and roles (access permissions) It uses hierarchical structure Centralized repository to control resources, in case of MongoDB it’s the collections, databases, cluster, users etc. Can be used as authentication and authorization mechanism Habitat: LDAPS server, MongoDB configuration
KERBEROS Authentication protocol Uses tickets to authenticate users Avoids storing passwords locally or sending them over the internet Involves a trusted 3rd-party Built on symmetric-key cryptography Habitant: KERBEROS setup
The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
RBAC (Role Based Access Control) Authorization mechanism Within an organization, roles are created for various job functions Permission to perform certain actions on certain resources are assigned to a specific role Habitat: DB
LDAPS LDAPS server stores users and roles (access permissions) It uses hierarchical structure Centralized repository to control resources, in case of MongoDB it’s the collections, databases, cluster, users etc. Can be used as authentication and authorization mechanism Habitat: LDAPS server, MongoDB configuration
The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
Encryption at rest (Storage level encryption) Protects data by encrypting it with AES256-CBC* Stores encrypted data on disc Habitat: Storage
Encryption at transit (TLS) Communication security over computer network The secure connection is established using symmetric cryptography One time private key(shared secret) for each session Habitat: Network, cert store
The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
IP Whitelists IP whitelisting allows you to create lists of trusted IP addresses from which your users can access your domains IP whitelist is a security feature often used for limiting and controlling access only from trusted sources Habitat: Configuration
The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
Auditing Auditing allows administrators to track and log user activity on a MongoDB server Output can be file or console Once enabled, can record: -Schema (DDL) -Replica set and sharded cluster -Authentication and authorization -CRUD operations Habitant: Console or syslog or JSON/BSON file
The questionnaire
The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
Part two: How to stay secured
Note: All the cases described based on real events, which took place in city of Monstropolis...
Scenario 1 - Roz (security chief) Roz is a head chief officer of security at “Monsters Inc.” The organization stores personal information about every single monster within the company. This information is highly sensitive and has to be protected from any unrestricted access. For example, there are pictures of all monsters going wild at the last corporate party. Company’s SysAdmin decided to move from paper files to MongoDB and store all the personal information and compromising photos in the database. It is highly important that the data will stay protected and secured. Roz has unlimited resources for this job. What kind of security setup would you advise in this case?
Recommended setup - KERBEROS + LDAP for authentication and authorization - Encryption at rest to protect data, using KMIP - TLS for encrypted traffic - Optional: Auditing
Scenario 2 - Mike and Sully After Mike and Sully figured out that much more energy can be drained from children’s laugh, they started a blog, writing all pranks and jokes that makes kids laugh. Blog’s data is stored in MongoDB Atlas solution. It does not have sensitive information, since the blog is already public. Mike and Sully don’t have more money to spend, so they can’t afford any additional service or a system administrator. What kind of security setup would you advice for Mike and Sully?
Recommended setup - Whitelist IPs - SCRAM - Encryption at rest (enabled by default in MongoDB Atlas)
Scenario 3 - Randall & Henry Waternoose III After Randall was kicked out of the “Monsters Inc.”, he and Henry decided they’ll follow all Sully and Mike moves to plan a revenge. They decided to use MongoDB, to store all data, they can find. No one has physical access to the database and the setup is not connected to the network. Randall only adds more documents. Henry has more DB knowledge, so he does all the administrative work What kind of security setup would you advice to Randall and Henry?
Recommended setup - SCRAM - RBAC - Encryption at rest
Thank you for joining the party
Presenter name or subtitle here – keep it to one line or 57 characters Title of the presentation goes here – keep title to two lines maximum and/or 112 characters with spaces SocialMedia
Use this title slide layout when there are two speakers Speaker One, Title Speaker Two, Title SocialMedia SocialMedia
Use this title slide layout when there are two speakers and speaker name and title need to go on two lines Speaker One, Title and/or Company Speaker Two, Title and/or Company SocialMediaSocialMedia
Title with content slide – Keep the title to two lines maximum or 91 characters with spaces First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. § Bullet one - use Paragraph > Increase List Level to add bullet § Bullet two – click Increase List Level again for 2nd level bullet § Bullet three
Titles on one line looks so much better First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. § Bullet one - use Paragraph > Increase List Level to add bullet § Bullet two – click Increase List Level again for next level bullet § Bullet three – click Increase List Level again for next level bullet
Title with content and subtitle Subtitle First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. § Bullet one - use Paragraph > Increase List Level to add bullet § Bullet two – click Increase List Level again for 2nd level bullet § Bullet three
Title with bar chart 1 4.3 2.5 3.5 4.5 2.4 4.4 1.8 2.8 2 2 3 5 Category 1 Category 2 Category 3 Category 4 Series 1 Series 2 Series 3
Title with bar chart 2 – use green to highlight MongoDB data 4.3 2.5 3.5 4.5 2.4 4.4 1.8 2.8 2 2 3 5 Category 1 Category 2 Category 3 Category 4 Series 1 Series 2 Series 3
Title with build animation bar chart 3 150 250 200 100 100 50 200 100 250 200 100 300 CATEGORY 1 CATEGORY 2 CATEGORY 3 CATEGORY 4 Series 1 Series 2 Series 3
Title with build animation doughnut cart 35% 15%15% 15% 10% 10% 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr 5th Qtr 6th Qtr
Title and table 1 Column 1 Column 2 Column 3 Column 4 Column 5 Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content
Title and table 2 Column 1 Column 2 Column 3 Column 4 Row 1 Content Content Content Content Row 2 Content Content Content Content Row 3 Content Content Content Content Row 4 Content Content Content Content Row 5 Content Content Content Content
Title two content First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. § Bullet one § Bullet § Bullet First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. § Bullet one § Bullet § Bullet
Title two content with subheads Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
Title with doughnut chart and text 35% 15%15% 15% 10% 10% 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr 5th Qtr 6th Qtr First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
Title three content First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
Title three content with subheads Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
Title four content First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
Title four content with subheads Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
Title with content and big picture First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
Title left content right First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead
Timeline
Screenshot Slide
Title with infographic – 1 TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style. TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style. TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style. TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style. TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style. TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style.
Title with build animation infographic – 2 TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. 40% TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. 50% TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. 70% TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. 50% TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. 90%
Statement or divider – Leaf
Statement or divider – Graphite
Section Divider White option
Section Divider Graphite option
Eliot Horowitz CTO & Co-Founder
Eliot Horowitz CTO & Co-Founder
CTO & Co-Founder CTO & Co-Founder Eliot HorowitzEliot Horowitz
CTO & Co-Founder CTO & Co-Founder CTO & Co-Founder Eliot Horowitz CTO & Co-Founder Eliot Horowitz
CTO & Co-Founder CTO & Co-Founder CTO & Co-Founder Eliot Horowitz CTO & Co-Founder Eliot Horowitz CTO & Co-Founder Eliot Horowitz
URL/Hashtag can go here.
Title – no branding
This is a quote slide with white background for your presentation. Use green bold treatment if you want to emphasize content. Attributor Name
This is a quote slide with graphite background for your presentation. Use yellow bold treatment if you want to emphasize content. Attributor Name
URL/Hashtag can go here.
session.start_transaction() order = { line_items : [ { item : 5, quantity: 6 }, … ] } db.orders.insertOne( order, session=session ); for x in order.line_items: db.inventory.update( { _id : x.item } , { $inc : { number : -1 * x.qty } }, session=session ) session.commit_transaction() Code with title
order = { line_items : [ { item : 5, quantity : 6 }, … ] } db.orders.insertOne( order ); for x in order.line_items: db.inventory.update( { _id : x.item }, { $inc : { number : -1 * x.qty } }) Code comparison with title session.start_transaction() order = { line_items : [ { item : 5, quantity: 6 }, … ] } db.orders.insertOne( order, session=session ); for x in order.line_items: db.inventory.update( { _id : x.item } , { $inc : { number : -1 * x.qty } }, session=session ) session.commit_transaction()
session.start_transaction() order = { line_items : [ { item : 5, quantity: 6 }, … ] } db.orders.insertOne( order, session=session ); for x in order.line_items: db.inventory.update( { _id : x.item } , { $inc : { number : -1 * x.qty } }, session=session ) session.commit_transaction()
Graphic Assets
MDBW19 Logos Core Logo – Full Color For use on white or very light backgrounds Core Logo – Full Color For use on white or very light backgrounds
Icons – MongoDB Charts Analytics Mobile SyncBI 2.5 FunctionsODBC Driver Functions Triggers Database / MDB) QueryAuthorizationServer MobileDocuments / MDB Zoned Sharding Query Anywhere
Icons – generic 24/7 Support API API Tools Cloud Download Cluster Commercial License Community Data Subset FlexibleFAQEnterprise Features Insight Marketing Performance Presentation Pricing Quick Start Rocket Scale Security Support Type Conversion University Use Cases User Visibility Computer Download Flexible Schema Visualization Webinar Consistency Management Integration Search White Paper Deployment Flexibility
Partner Logos – from 2018 MDBW
Statement – Leaf Background
Statement – Graphite Background
MongoDB World 2019: Tutorial: A Journey to Magical Security Creatures’ Land

Empfohlen

A Journey to Magical Security Creatures' Land
A Journey to Magical Security Creatures' LandA Journey to Magical Security Creatures' Land
A Journey to Magical Security Creatures' Land
MongoDB
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
CrowdStrike
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
OpenDNS
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
OpenDNS
 
Securing docker containers
Securing docker containersSecuring docker containers
Securing docker containers
Mihir Shah
 
Class Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingClass Project Showcase: DNS Spoofing
Class Project Showcase: DNS Spoofing
Beibei Yang
 
Defcon
DefconDefcon
Defcon
OpenDNS
 
ICANN 51: Name Collision
ICANN 51: Name CollisionICANN 51: Name Collision
ICANN 51: Name Collision
ICANN
 

Empfohlen

A Journey to Magical Security Creatures' Land
A Journey to Magical Security Creatures' LandA Journey to Magical Security Creatures' Land
A Journey to Magical Security Creatures' Land
MongoDB
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
CrowdStrike
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
OpenDNS
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
OpenDNS
 
Securing docker containers
Securing docker containersSecuring docker containers
Securing docker containers
Mihir Shah
 
Class Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingClass Project Showcase: DNS Spoofing
Class Project Showcase: DNS Spoofing
Beibei Yang
 
Defcon
DefconDefcon
Defcon
OpenDNS
 
ICANN 51: Name Collision
ICANN 51: Name CollisionICANN 51: Name Collision
ICANN 51: Name Collision
ICANN
 
Fast Detection of New Malicious Domains using DNS
Fast Detection of New Malicious Domains using DNSFast Detection of New Malicious Domains using DNS
Fast Detection of New Malicious Domains using DNS
OpenDNS
 
DNS Exfiltration and Out-of-bound attacks
DNS Exfiltration and Out-of-bound attacksDNS Exfiltration and Out-of-bound attacks
DNS Exfiltration and Out-of-bound attacks
Nitesh Shilpkar
 
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Early Detection of Malicious Activity—How Well Do You Know Your DNS?Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Priyanka Aash
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Paladion Networks
 
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
PROIDEA
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
FindWhitePapers
 
27.2.10 lab extract an executable from a pcap
27.2.10 lab extract an executable from a pcap27.2.10 lab extract an executable from a pcap
27.2.10 lab extract an executable from a pcap
Freddy Buenaño
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
Peter R. Egli
 
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
Dominik Gruber
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013
Shumon Huque
 
Distributed System by Pratik Tambekar
Distributed System by Pratik TambekarDistributed System by Pratik Tambekar
Distributed System by Pratik Tambekar
Pratik Tambekar
 
Introduction DNSSec
Introduction DNSSecIntroduction DNSSec
Introduction DNSSec
AFRINIC
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
Hands-on getdns Tutorial
Hands-on getdns TutorialHands-on getdns Tutorial
Hands-on getdns Tutorial
Shumon Huque
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Dan York
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)
Venkatesh Jambulingam
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
AFRINIC
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and Architecture
Sam Bowne
 
dns-sec-4-slides
dns-sec-4-slidesdns-sec-4-slides
dns-sec-4-slides
kj teoh
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
MongoDB
 
Sentry - An Introduction
Sentry - An Introduction Sentry - An Introduction
Sentry - An Introduction
Alexander Alten
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory Enumeration
Daniel López Jiménez
 

Weitere ähnliche Inhalte

Was ist angesagt?

Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Early Detection of Malicious Activity—How Well Do You Know Your DNS?Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Priyanka Aash
 
27.2.10 lab extract an executable from a pcap
27.2.10 lab extract an executable from a pcap27.2.10 lab extract an executable from a pcap
27.2.10 lab extract an executable from a pcap
Freddy Buenaño
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
Peter R. Egli
 
dns-sec-4-slides
dns-sec-4-slidesdns-sec-4-slides
dns-sec-4-slides
kj teoh
 

Was ist angesagt? (19)

Fast Detection of New Malicious Domains using DNS
Fast Detection of New Malicious Domains using DNSFast Detection of New Malicious Domains using DNS
Fast Detection of New Malicious Domains using DNS
 
DNS Exfiltration and Out-of-bound attacks
DNS Exfiltration and Out-of-bound attacksDNS Exfiltration and Out-of-bound attacks
DNS Exfiltration and Out-of-bound attacks
 
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Early Detection of Malicious Activity—How Well Do You Know Your DNS?Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
 
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
 
27.2.10 lab extract an executable from a pcap
27.2.10 lab extract an executable from a pcap27.2.10 lab extract an executable from a pcap
27.2.10 lab extract an executable from a pcap
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
 
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013
 
Distributed System by Pratik Tambekar
Distributed System by Pratik TambekarDistributed System by Pratik Tambekar
Distributed System by Pratik Tambekar
 
Introduction DNSSec
Introduction DNSSecIntroduction DNSSec
Introduction DNSSec
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
Hands-on getdns Tutorial
Hands-on getdns TutorialHands-on getdns Tutorial
Hands-on getdns Tutorial
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and Architecture
 
dns-sec-4-slides
dns-sec-4-slidesdns-sec-4-slides
dns-sec-4-slides
 

Ähnlich wie MongoDB World 2019: Tutorial: A Journey to Magical Security Creatures’ Land

AWS re:Invent 2016: Workshop: Stretching Scalability: Doing more with Amazon ...
AWS re:Invent 2016: Workshop: Stretching Scalability: Doing more with Amazon ...AWS re:Invent 2016: Workshop: Stretching Scalability: Doing more with Amazon ...
AWS re:Invent 2016: Workshop: Stretching Scalability: Doing more with Amazon ...
Amazon Web Services
 
AWS re:Invent 2016: Real-Time Data Exploration and Analytics with Amazon Elas...
AWS re:Invent 2016: Real-Time Data Exploration and Analytics with Amazon Elas...AWS re:Invent 2016: Real-Time Data Exploration and Analytics with Amazon Elas...
AWS re:Invent 2016: Real-Time Data Exploration and Analytics with Amazon Elas...
Amazon Web Services
 
(ARC303) Pure Play Video OTT: A Microservices Architecture
(ARC303) Pure Play Video OTT: A Microservices Architecture(ARC303) Pure Play Video OTT: A Microservices Architecture
(ARC303) Pure Play Video OTT: A Microservices Architecture
Amazon Web Services
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
RootedCON
 

Ähnlich wie MongoDB World 2019: Tutorial: A Journey to Magical Security Creatures’ Land (20)

Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
 
Sentry - An Introduction
Sentry - An Introduction Sentry - An Introduction
Sentry - An Introduction
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory Enumeration
 
IBM Spectrum Scale Security
IBM Spectrum Scale Security IBM Spectrum Scale Security
IBM Spectrum Scale Security
 
Modeling data and best practices for the Azure Cosmos DB.
Modeling data and best practices for the Azure Cosmos DB.Modeling data and best practices for the Azure Cosmos DB.
Modeling data and best practices for the Azure Cosmos DB.
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
 
AWS re:Invent 2016: Workshop: Stretching Scalability: Doing more with Amazon ...
AWS re:Invent 2016: Workshop: Stretching Scalability: Doing more with Amazon ...AWS re:Invent 2016: Workshop: Stretching Scalability: Doing more with Amazon ...
AWS re:Invent 2016: Workshop: Stretching Scalability: Doing more with Amazon ...
 
Azure Hd insigth news
Azure Hd insigth newsAzure Hd insigth news
Azure Hd insigth news
 
Dear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckDear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality Check
 
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
 
AWS re:Invent 2016: Real-Time Data Exploration and Analytics with Amazon Elas...
AWS re:Invent 2016: Real-Time Data Exploration and Analytics with Amazon Elas...AWS re:Invent 2016: Real-Time Data Exploration and Analytics with Amazon Elas...
AWS re:Invent 2016: Real-Time Data Exploration and Analytics with Amazon Elas...
 
2015 SQL Pass Summit Breakfast session #2
2015 SQL Pass Summit Breakfast session #22015 SQL Pass Summit Breakfast session #2
2015 SQL Pass Summit Breakfast session #2
 
CrateDB 101: Sensor data
CrateDB 101: Sensor dataCrateDB 101: Sensor data
CrateDB 101: Sensor data
 
Get Started with CrateDB: Sensor Data
Get Started with CrateDB: Sensor DataGet Started with CrateDB: Sensor Data
Get Started with CrateDB: Sensor Data
 
(ARC303) Pure Play Video OTT: A Microservices Architecture
(ARC303) Pure Play Video OTT: A Microservices Architecture(ARC303) Pure Play Video OTT: A Microservices Architecture
(ARC303) Pure Play Video OTT: A Microservices Architecture
 
Securing Your Apache Spark Applications
Securing Your Apache Spark ApplicationsSecuring Your Apache Spark Applications
Securing Your Apache Spark Applications
 
Securing Spark Applications by Kostas Sakellis and Marcelo Vanzin
Securing Spark Applications by Kostas Sakellis and Marcelo VanzinSecuring Spark Applications by Kostas Sakellis and Marcelo Vanzin
Securing Spark Applications by Kostas Sakellis and Marcelo Vanzin
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
 
Ethical hacking mind map
Ethical hacking mind mapEthical hacking mind map
Ethical hacking mind map
 

Mehr von MongoDB

MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB
 

Mehr von MongoDB (20)

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
 

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 

Kürzlich hochgeladen (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

MongoDB World 2019: Tutorial: A Journey to Magical Security Creatures’ Land

  • 2. A journey to magical security creatures’ land Ella Shurhavetsky, Technical Service Engineer, MongoDB
  • 3. The flow Part One: The monster pack Part Two: How to stay secured
  • 4. Know your benefits At the end of this presentation you will know - Your security options - When to use them
  • 5. Part One: the monster pack
  • 6. The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
  • 7. The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
  • 8. SCRAM Challenge-response mechanism for authenticating users with passwords, uses hash and salt to conceal the password MongoDB uses SHA1 and SHA256* with SCRAM mechanism against name, password and authentication database** Habitat: DB
  • 9. x.509 The client can authenticate to the server, using certificates rather than username/password Server has to have a CA certificate to be able to ensure the authenticity of the client, trying to connect x.509 is a standard defining the format of public certificates Habitat: Admin DB
  • 10. LDAPS LDAPS server stores users and roles (access permissions) It uses hierarchical structure Centralized repository to control resources, in case of MongoDB it’s the collections, databases, cluster, users etc. Can be used as authentication and authorization mechanism Habitat: LDAPS server, MongoDB configuration
  • 11. KERBEROS Authentication protocol Uses tickets to authenticate users Avoids storing passwords locally or sending them over the internet Involves a trusted 3rd-party Built on symmetric-key cryptography Habitant: KERBEROS setup
  • 12. The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
  • 13. RBAC (Role Based Access Control) Authorization mechanism Within an organization, roles are created for various job functions Permission to perform certain actions on certain resources are assigned to a specific role Habitat: DB
  • 14. LDAPS LDAPS server stores users and roles (access permissions) It uses hierarchical structure Centralized repository to control resources, in case of MongoDB it’s the collections, databases, cluster, users etc. Can be used as authentication and authorization mechanism Habitat: LDAPS server, MongoDB configuration
  • 15. The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
  • 16. Encryption at rest (Storage level encryption) Protects data by encrypting it with AES256-CBC* Stores encrypted data on disc Habitat: Storage
  • 17. Encryption at transit (TLS) Communication security over computer network The secure connection is established using symmetric cryptography One time private key(shared secret) for each session Habitat: Network, cert store
  • 18. The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
  • 19. IP Whitelists IP whitelisting allows you to create lists of trusted IP addresses from which your users can access your domains IP whitelist is a security feature often used for limiting and controlling access only from trusted sources Habitat: Configuration
  • 20. The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
  • 21. Auditing Auditing allows administrators to track and log user activity on a MongoDB server Output can be file or console Once enabled, can record: -Schema (DDL) -Replica set and sharded cluster -Authentication and authorization -CRUD operations Habitant: Console or syslog or JSON/BSON file
  • 23.
  • 24. The monster pack Authentication SCRAM x.509 (Certificate based) LDAPS (Lightweight Directory Access Protocol Service) KERBEROS Authorization RBAC (Role Based Access Control) LDAPS (Lightweight Directory Access Protocol Service) Encryption At rest (Storage level encryption) At transit (TLS) Restricted Access IP Whitelists Auditing
  • 25. Part two: How to stay secured
  • 26. Note: All the cases described based on real events, which took place in city of Monstropolis...
  • 27. Scenario 1 - Roz (security chief) Roz is a head chief officer of security at “Monsters Inc.” The organization stores personal information about every single monster within the company. This information is highly sensitive and has to be protected from any unrestricted access. For example, there are pictures of all monsters going wild at the last corporate party. Company’s SysAdmin decided to move from paper files to MongoDB and store all the personal information and compromising photos in the database. It is highly important that the data will stay protected and secured. Roz has unlimited resources for this job. What kind of security setup would you advise in this case?
  • 28.
  • 29. Recommended setup - KERBEROS + LDAP for authentication and authorization - Encryption at rest to protect data, using KMIP - TLS for encrypted traffic - Optional: Auditing
  • 30. Scenario 2 - Mike and Sully After Mike and Sully figured out that much more energy can be drained from children’s laugh, they started a blog, writing all pranks and jokes that makes kids laugh. Blog’s data is stored in MongoDB Atlas solution. It does not have sensitive information, since the blog is already public. Mike and Sully don’t have more money to spend, so they can’t afford any additional service or a system administrator. What kind of security setup would you advice for Mike and Sully?
  • 31.
  • 32. Recommended setup - Whitelist IPs - SCRAM - Encryption at rest (enabled by default in MongoDB Atlas)
  • 33. Scenario 3 - Randall & Henry Waternoose III After Randall was kicked out of the “Monsters Inc.”, he and Henry decided they’ll follow all Sully and Mike moves to plan a revenge. They decided to use MongoDB, to store all data, they can find. No one has physical access to the database and the setup is not connected to the network. Randall only adds more documents. Henry has more DB knowledge, so he does all the administrative work What kind of security setup would you advice to Randall and Henry?
  • 34.
  • 35. Recommended setup - SCRAM - RBAC - Encryption at rest
  • 36. Thank you for joining the party
  • 37. Presenter name or subtitle here – keep it to one line or 57 characters Title of the presentation goes here – keep title to two lines maximum and/or 112 characters with spaces SocialMedia
  • 38. Use this title slide layout when there are two speakers Speaker One, Title Speaker Two, Title SocialMedia SocialMedia
  • 39. Use this title slide layout when there are two speakers and speaker name and title need to go on two lines Speaker One, Title and/or Company Speaker Two, Title and/or Company SocialMediaSocialMedia
  • 40. Title with content slide – Keep the title to two lines maximum or 91 characters with spaces First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. § Bullet one - use Paragraph > Increase List Level to add bullet § Bullet two – click Increase List Level again for 2nd level bullet § Bullet three
  • 41. Titles on one line looks so much better First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. § Bullet one - use Paragraph > Increase List Level to add bullet § Bullet two – click Increase List Level again for next level bullet § Bullet three – click Increase List Level again for next level bullet
  • 42. Title with content and subtitle Subtitle First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. § Bullet one - use Paragraph > Increase List Level to add bullet § Bullet two – click Increase List Level again for 2nd level bullet § Bullet three
  • 43. Title with bar chart 1 4.3 2.5 3.5 4.5 2.4 4.4 1.8 2.8 2 2 3 5 Category 1 Category 2 Category 3 Category 4 Series 1 Series 2 Series 3
  • 44. Title with bar chart 2 – use green to highlight MongoDB data 4.3 2.5 3.5 4.5 2.4 4.4 1.8 2.8 2 2 3 5 Category 1 Category 2 Category 3 Category 4 Series 1 Series 2 Series 3
  • 45. Title with build animation bar chart 3 150 250 200 100 100 50 200 100 250 200 100 300 CATEGORY 1 CATEGORY 2 CATEGORY 3 CATEGORY 4 Series 1 Series 2 Series 3
  • 46. Title with build animation doughnut cart 35% 15%15% 15% 10% 10% 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr 5th Qtr 6th Qtr
  • 47. Title and table 1 Column 1 Column 2 Column 3 Column 4 Column 5 Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content Content
  • 48. Title and table 2 Column 1 Column 2 Column 3 Column 4 Row 1 Content Content Content Content Row 2 Content Content Content Content Row 3 Content Content Content Content Row 4 Content Content Content Content Row 5 Content Content Content Content
  • 49. Title two content First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. § Bullet one § Bullet § Bullet First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. § Bullet one § Bullet § Bullet
  • 50. Title two content with subheads Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
  • 51. Title with doughnut chart and text 35% 15%15% 15% 10% 10% 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr 5th Qtr 6th Qtr First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
  • 52. Title three content First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
  • 53. Title three content with subheads Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
  • 54. Title four content First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
  • 55. Title four content with subheads Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
  • 56. Title with content and big picture First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content.
  • 57. Title left content right First line of copy is not bulleted. Use bold or green font treatment to place emphasize on content. Subhead
  • 60. Title with infographic – 1 TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style. TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style. TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style. TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style. TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style. TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. It can be replaced with your own style.
  • 61. Title with build animation infographic – 2 TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. 40% TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. 50% TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. 70% TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. 50% TITLE GOES HERE This is a sample text. You simply add your own text and description here. This text is fully editable. 90%
  • 63. Statement or divider – Graphite
  • 66. Eliot Horowitz CTO & Co-Founder
  • 67. Eliot Horowitz CTO & Co-Founder
  • 68. CTO & Co-Founder CTO & Co-Founder Eliot HorowitzEliot Horowitz
  • 69. CTO & Co-Founder CTO & Co-Founder CTO & Co-Founder Eliot Horowitz CTO & Co-Founder Eliot Horowitz
  • 70. CTO & Co-Founder CTO & Co-Founder CTO & Co-Founder Eliot Horowitz CTO & Co-Founder Eliot Horowitz CTO & Co-Founder Eliot Horowitz
  • 72. Title – no branding
  • 73. This is a quote slide with white background for your presentation. Use green bold treatment if you want to emphasize content. Attributor Name
  • 74. This is a quote slide with graphite background for your presentation. Use yellow bold treatment if you want to emphasize content. Attributor Name
  • 75.
  • 77. session.start_transaction() order = { line_items : [ { item : 5, quantity: 6 }, … ] } db.orders.insertOne( order, session=session ); for x in order.line_items: db.inventory.update( { _id : x.item } , { $inc : { number : -1 * x.qty } }, session=session ) session.commit_transaction() Code with title
  • 78. order = { line_items : [ { item : 5, quantity : 6 }, … ] } db.orders.insertOne( order ); for x in order.line_items: db.inventory.update( { _id : x.item }, { $inc : { number : -1 * x.qty } }) Code comparison with title session.start_transaction() order = { line_items : [ { item : 5, quantity: 6 }, … ] } db.orders.insertOne( order, session=session ); for x in order.line_items: db.inventory.update( { _id : x.item } , { $inc : { number : -1 * x.qty } }, session=session ) session.commit_transaction()
  • 79. session.start_transaction() order = { line_items : [ { item : 5, quantity: 6 }, … ] } db.orders.insertOne( order, session=session ); for x in order.line_items: db.inventory.update( { _id : x.item } , { $inc : { number : -1 * x.qty } }, session=session ) session.commit_transaction()
  • 81. MDBW19 Logos Core Logo – Full Color For use on white or very light backgrounds Core Logo – Full Color For use on white or very light backgrounds
  • 82. Icons – MongoDB Charts Analytics Mobile SyncBI 2.5 FunctionsODBC Driver Functions Triggers Database / MDB) QueryAuthorizationServer MobileDocuments / MDB Zoned Sharding Query Anywhere
  • 83. Icons – generic 24/7 Support API API Tools Cloud Download Cluster Commercial License Community Data Subset FlexibleFAQEnterprise Features Insight Marketing Performance Presentation Pricing Quick Start Rocket Scale Security Support Type Conversion University Use Cases User Visibility Computer Download Flexible Schema Visualization Webinar Consistency Management Integration Search White Paper Deployment Flexibility
  • 84. Partner Logos – from 2018 MDBW
  • 85. Statement – Leaf Background