OPTIONS

Security Introduction

As with all software running in a networked environment, administrators of MongoDB must consider security and risk exposures for a MongoDB deployment. There are no magic solutions for risk mitigation, and maintaining a secure MongoDB deployment is an ongoing process.

Defense in Depth

The documents in this section takes a Defense in Depth approach to securing MongoDB deployments and addresses a number of different methods for managing risk and reducing risk exposure.

The intent of a Defense In Depth approach is to ensure there are no exploitable points of failure in your deployment that could allow an intruder or un-trusted party to access the data stored in the MongoDB database. The easiest and most effective way to reduce the risk of exploitation is to run MongoDB in a trusted environment, limit access, follow a system of least privilege, and follow best development and deployment practices.

Trusted Environments

The most effective way to reduce risk for MongoDB deployments is to run your entire MongoDB deployment, including all MongoDB components (i.e. mongod, mongos and application instances) in a trusted environment. Trusted environments use the following strategies to control access:

  • Use network filter (e.g. firewall) rules that block all connections from unknown systems to MongoDB components.
  • Bind mongod and mongos instances to specific IP addresses to limit accessibility.
  • Limit MongoDB programs to non-public local networks, and virtual private networks.

Operational Practices to Reduce Risk

You may further reduce risk by controlling access to the database by employing authentication and authorization. Require authentication for access to MongoDB instances and require strong, complex, single purpose authentication credentials. This should be part of your internal security policy. Employ authorization and deploy a model of least privilege, where all users have only the amount of access they need to accomplish required tasks and no more. See Access Control for more information.

Follow the best application development and deployment practices, which includes: validating all inputs, managing sessions, and application-level access control.

Always run the mongod or mongos process as a unique user with the minimum required permissions and access. Never run a MongoDB program as a root or administrative users. The system users that run the MongoDB processes should have robust authentication credentials that prevent unauthorized or casual access.

To further limit the environment, you can run the mongod or mongos process in a chroot environment. Both user-based access restrictions and chroot configuration follow recommended conventions for administering all daemon processes on Unix-like systems.

Data Encryption

To support audit requirements, you may need to encrypt data stored in MongoDB. For best results, you can encrypt this data in the application layer by encrypting the content of fields that hold secure data.

Additional Security Strategies

MongoDB provides various strategies to reduce network risk, such as configuring MongoDB or configuring firewalls for MongoDB. See Network Exposure and Security for more information.

In addition, consider the strategies listed in Security and MongoDB API Interfaces to reduce interface-related risks for the mongo shell, HTTP status interface and the REST API.

MongoDB Enterprise supports authentication using Kerberos. See Deploy MongoDB with Kerberos Authentication.

Vulnerability Notification

MongoDB takes security very seriously. If you discover a vulnerability in MongoDB, or would like to know more about our vulnerability reporting and response process, see the Create a Vulnerability Report document.