SlideShare a Scribd company logo

MongoDB Security Introduction - Presentation

Download as PPTX, PDF
HabileLabs
HabileLabs

The document discusses the importance of securing MongoDB, highlighting a significant increase in ransom incidents tracked by security researcher Niall Merrigan. It outlines various security measures, including authentication mechanisms, role-based access control, auditing, and encryption techniques to protect databases. The content emphasizes the need for accountability and monitoring to safeguard against unauthorized access and data breaches.

Technology
1 of 25
Downloaded 36 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
SECURITY Monika Mathur FullStack Developer Habilelabs.io
CONTENTS 1. Introduction MongoDB security 2. Why mongoDB security important 3. How to secure your mongodb
SECURITY
Niall Merrigan, security researcher and Microsoft developer based in norway, has been tracking the mongodb ransom incidents, and in one day, he saw the number of attacks more than double from 12,000 to 27,633. SECURITY ATTACKS
Attackers have been accessing databases, copying files, deleting everything and leaving a ransom note promising the return of the data for a fee. WHAT HACKER DO WITH DATABASES
SECURE YOUR DATABASE
REFERENCE ARCHITECTURE Clients Storage Administrators Authentication Authorization Auditing Encryption
AUTHENTICATION Clients Storage Administrators Authentication Authorization Auditing Encryption Which users/apps are accessing the DB Which nodes are joining the cluster Which users are accessing the DB
AUTHENTICATION MECHANISM Client/User Auth • SCRAM-SHA-1 • MONGODB-CR • X.509 • LDAP • Kerberos Internal Auth • Keyfile (SCRAM-SHA-1) • X.509
AUTHENTICATION MECHANISM SCARAM-SHA-1 MONGODB-CR X.509 LDAP Kerberos Community
AUTHORIZATION Clients Storage Administrators Authentication Authorization Auditing Encryption What permissions does an App have? What permissions does an Admin have? What data can a user see? What data can an admin see?
WHY ROLE BASE ACCESS CONTROL
BUILT IN ROLES
USER-DEFINED ROLES
ACTIONS
RESOURCES
AUDITING Clients Storage Administrators Authentication Authorization Auditing Encryption Who made which changes and when? Who made which changes and when?
AUDITING 1. Add accountability 2. Investigate suspicious activity 3. Monitor database activity
AUDITING
ENCRYPTION Clients Storage Administrators Authentication Authorization Auditing Encryption SSL Encryption SSL Encryption File system Encryption
ENCRYPTION TYPE 1. Transport Encryption 2. Encryption at rest
TRANSPORT ENCRYPTION
ENCRYPTION AT REST
Thank You
CONTACT US • Development Center : Habilelabs Pvt. Ltd. 4th Floor, I.G.M. Senior Secondary Public School Campus, Sec-93 Agarwal Farm, Mansarovar, Jaipur(Raj.) – 302020 • Email : info@Habilelabs.io • Web : https://habilelabs.io • Telephone: +91-9828247415 / +91-9887992695

More Related Content

What's hot (20)

PDF
Introduction to MongoDB
Mike Dirolf
 
PPTX
Introduction to Hadoop and Hadoop component
rebeccatho
 
PDF
Laravel Introduction
Ahmad Shah Hafizan Hamidin
 
PPTX
Sql vs NoSQL
RTigger
 
ODP
Introduction to Swagger
Knoldus Inc.
 
PPTX
Security and DevOps Overview
Adrian Sanabria
 
PPTX
The Basics of MongoDB
valuebound
 
PPT
Web Application Security
Abdul Wahid
 
PDF
MongoDB Database Replication
Mehdi Valikhani
 
PPTX
Web services SOAP
princeirfancivil
 
PPTX
Apache airflow
Pavel Alexeev
 
PPT
Schemaless Databases
Dan Gunter
 
PPTX
AWS Simple Storage Service (s3)
zekeLabs Technologies
 
PPT
Introduction to MongoDB
Ravi Teja
 
PPTX
Getting started with postgresql
botsplash.com
 
PPTX
Data models in NoSQL
Dr-Dipali Meher
 
PPTX
Ssrf
Ilan Mindel
 
PDF
Spring Security
Knoldus Inc.
 
PPTX
REST API
Tofazzal Ahmed
 
PDF
Application layer security protocol
Kirti Ahirrao
 
Introduction to MongoDB
Mike Dirolf
 
Introduction to Hadoop and Hadoop component
rebeccatho
 
Laravel Introduction
Ahmad Shah Hafizan Hamidin
 
Sql vs NoSQL
RTigger
 
Introduction to Swagger
Knoldus Inc.
 
Security and DevOps Overview
Adrian Sanabria
 
The Basics of MongoDB
valuebound
 
Web Application Security
Abdul Wahid
 
MongoDB Database Replication
Mehdi Valikhani
 
Web services SOAP
princeirfancivil
 
Apache airflow
Pavel Alexeev
 
Schemaless Databases
Dan Gunter
 
AWS Simple Storage Service (s3)
zekeLabs Technologies
 
Introduction to MongoDB
Ravi Teja
 
Getting started with postgresql
botsplash.com
 
Data models in NoSQL
Dr-Dipali Meher
 
Ssrf
Ilan Mindel
 
Spring Security
Knoldus Inc.
 
REST API
Tofazzal Ahmed
 
Application layer security protocol
Kirti Ahirrao
 

Similar to MongoDB Security Introduction - Presentation (20)

PDF
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB
 
PDF
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2016
 
PPTX
Lss implementing cyber security in the cloud, and from the cloud-feb14
L S Subramanian
 
PPTX
Lacework | Top 10 Cloud Security Threats
Lacework
 
PPTX
7 Ways To Cyberattack And Hack Azure
Abdul Khan
 
PPTX
Steve Porter : cloud Computing Security
Gurbir Singh
 
PDF
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB
 
PDF
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
PDF
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Alert Logic
 
PDF
CSS17: Houston - Introduction to Security in the Cloud
Alert Logic
 
DOCX
Why Cloud Penetration Testing Essential
basheerhardwin
 
PDF
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB
 
PPTX
Understanding Database Encryption & Protecting Against the Insider Threat wit...
MongoDB
 
PPTX
The Principal Up-and-Coming Risks to Cloud-Based Security!
Alec Kassir cozmozone
 
PPTX
INFORMATION SECURITY PPT.pptx ON CYBER SECURITY
mee23nu
 
PPTX
ModSecurity 3.0 and NGINX: Getting Started
NGINX, Inc.
 
PPTX
Webinar: Securing your data - Mitigating the risks with MongoDB
MongoDB
 
PDF
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET Journal
 
PPTX
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
 
PPTX
Fundamentals of Microsoft 365 Security , Identity and Compliance
Vignesh Ganesan I Microsoft MVP
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2016
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
L S Subramanian
 
Lacework | Top 10 Cloud Security Threats
Lacework
 
7 Ways To Cyberattack And Hack Azure
Abdul Khan
 
Steve Porter : cloud Computing Security
Gurbir Singh
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB
 
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Alert Logic
 
CSS17: Houston - Introduction to Security in the Cloud
Alert Logic
 
Why Cloud Penetration Testing Essential
basheerhardwin
 
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
MongoDB
 
The Principal Up-and-Coming Risks to Cloud-Based Security!
Alec Kassir cozmozone
 
INFORMATION SECURITY PPT.pptx ON CYBER SECURITY
mee23nu
 
ModSecurity 3.0 and NGINX: Getting Started
NGINX, Inc.
 
Webinar: Securing your data - Mitigating the risks with MongoDB
MongoDB
 
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET Journal
 
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Vignesh Ganesan I Microsoft MVP
 
Ad

More from HabileLabs (9)

PPTX
Basics of MongoDB
HabileLabs
 
PPTX
Top 10 frameworks of node js
HabileLabs
 
PPT
Salesforce Tutorial for Beginners: Basic Salesforce Introduction
HabileLabs
 
PPTX
Introduction to Protractor - Habilelabs
HabileLabs
 
PPTX
MongoDB with NodeJS - Presentation
HabileLabs
 
PPTX
JAVASCRIPT PERFORMANCE PATTERN - A Presentation
HabileLabs
 
PPTX
A Presentation on MongoDB Introduction - Habilelabs
HabileLabs
 
PPTX
Why MongoDB over other Databases - Habilelabs
HabileLabs
 
PPTX
Rest API Guidelines by HabileLabs
HabileLabs
 
Basics of MongoDB
HabileLabs
 
Top 10 frameworks of node js
HabileLabs
 
Salesforce Tutorial for Beginners: Basic Salesforce Introduction
HabileLabs
 
Introduction to Protractor - Habilelabs
HabileLabs
 
MongoDB with NodeJS - Presentation
HabileLabs
 
JAVASCRIPT PERFORMANCE PATTERN - A Presentation
HabileLabs
 
A Presentation on MongoDB Introduction - Habilelabs
HabileLabs
 
Why MongoDB over other Databases - Habilelabs
HabileLabs
 
Rest API Guidelines by HabileLabs
HabileLabs
 
Ad

Recently uploaded (20)

PPTX
MuleSoft MCP Support (Model Context Protocol) and Use Case Demo
shyamraj55
 
PDF
Automating Feature Enrichment and Station Creation in Natural Gas Utility Net...
Safe Software
 
DOCX
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PDF
How do you fast track Agentic automation use cases discovery?
DianaGray10
 
PDF
What’s my job again? Slides from Mark Simos talk at 2025 Tampa BSides
Mark Simos
 
PDF
Peak of Data & AI Encore AI-Enhanced Workflows for the Real World
Safe Software
 
PDF
Kit-Works Team Study_20250627_한달만에만든사내서비스키링(양다윗).pdf
Wonjun Hwang
 
PDF
The 2025 InfraRed Report - Redpoint Ventures
Razin Mustafiz
 
PPTX
Digital Circuits, important subject in CS
contactparinay1
 
PDF
NLJUG Speaker academy 2025 - first session
Bert Jan Schrijver
 
PPTX
Designing_the_Future_AI_Driven_Product_Experiences_Across_Devices.pptx
presentifyai
 
PDF
Future-Proof or Fall Behind? 10 Tech Trends You Can’t Afford to Ignore in 2025
DIGITALCONFEX
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
“NPU IP Hardware Shaped Through Software and Use-case Analysis,” a Presentati...
Edge AI and Vision Alliance
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PDF
ICONIQ State of AI Report 2025 - The Builder's Playbook
Razin Mustafiz
 
PDF
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
PPTX
Agentforce World Tour Toronto '25 - MCP with MuleSoft
Alexandra N. Martinez
 
PDF
UPDF - AI PDF Editor & Converter Key Features
DealFuel
 
MuleSoft MCP Support (Model Context Protocol) and Use Case Demo
shyamraj55
 
Automating Feature Enrichment and Station Creation in Natural Gas Utility Net...
Safe Software
 
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
How do you fast track Agentic automation use cases discovery?
DianaGray10
 
What’s my job again? Slides from Mark Simos talk at 2025 Tampa BSides
Mark Simos
 
Peak of Data & AI Encore AI-Enhanced Workflows for the Real World
Safe Software
 
Kit-Works Team Study_20250627_한달만에만든사내서비스키링(양다윗).pdf
Wonjun Hwang
 
The 2025 InfraRed Report - Redpoint Ventures
Razin Mustafiz
 
Digital Circuits, important subject in CS
contactparinay1
 
NLJUG Speaker academy 2025 - first session
Bert Jan Schrijver
 
Designing_the_Future_AI_Driven_Product_Experiences_Across_Devices.pptx
presentifyai
 
Future-Proof or Fall Behind? 10 Tech Trends You Can’t Afford to Ignore in 2025
DIGITALCONFEX
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
“NPU IP Hardware Shaped Through Software and Use-case Analysis,” a Presentati...
Edge AI and Vision Alliance
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
ICONIQ State of AI Report 2025 - The Builder's Playbook
Razin Mustafiz
 
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
Agentforce World Tour Toronto '25 - MCP with MuleSoft
Alexandra N. Martinez
 
UPDF - AI PDF Editor & Converter Key Features
DealFuel
 

MongoDB Security Introduction - Presentation