Thursday, August 21, 2014

MongoDB Security Part II: 10 mistakes that can compromise your database

0 comments
This post outlines 10 things to avoid when configuring security for MongoDB. These types of mistakes can lead to the loss of sensitive data, disrupted operations and have the potential to put entire companies out of business. These recommendations are based on my experience working with MongoDB users, and building security systems for databases and financial services organizations. Items are ordered by a combination of severity and frequency.

  • Mistake #1: Directly exposing a MongoDB server to the Internet 
  • Mistake #2: No access control 
  • Mistake #3 - Not enabling SSL 
  • Mistake #4 - Unnecessary exposure of interfaces 
  • Mistake #5 - Poor user account configuration 
  • Mistake #6 - Insecure OS privileges 
  • Mistake #7 - Insecure replica set keyfile configuration 
  • Mistake #8 - Poor SSL configuration 
  • Mistake #9 - Unprotected backups 
  • Mistake #10 - Conscious or unconscious ignorance
read more here

Leave a Reply

 
All Tech News IN © 2011 DheTemplate.com & Main Blogger .