Security

Setting up MongoDB with Member x509 auth and SSL + easy-rsa

MongoDB Member with x509 auth

Hi everyone! This is one of the most requested subjects to our support team and I’d like to share the steps as a tutorial blog post. Today, we will set up internal authentication using x.509 certificates as well as enabling TSL/SSL.
If using authentication in MongoDB, there are two ways to configure intra-cluster authentication:

Using a […]

Read more

Incident Involving Percona Forums on September 24, 2019

Summary
On September 24, 2019, Percona’s IT and IT Security teams were made aware of a denial of service attack on www.percona.com/forums. We use vBulletin to host Percona Forums, which was subjected to a zero-day pre-authentication remote code execution. This vulnerability potentially allows an unauthenticated attacker to remotely execute code on, or possibly complete control […]

Read more

Network (Transport) Encryption for MongoDB

Encryption for MongoDB

Why do I need Network encryption?
In our previous blog post MongoDB Security vs. Five ‘Bad Guys’ there’s an overview of five main areas of security functions.
Let’s say you’ve enabled #1 and #2 (Authentication, Authorization) and #4 (Storage encryption a.k.a. encryption-at-rest and Auditing) mentioned in the previous blog post. Only authenticated users will be connecting, […]

Read more

MongoDB Security vs. Five ‘Bad Guys’

MongoDB Security

Most any commercially mature DBMS provides the following five ways to secure the data you keep inside it:

Authentication of user connections (== Identity)
Authorization (== DB command permissions) (a.k.a. Role-based access control)
Network Encryption (a.k.a. Transport encryption)
Storage Encryption (a.k.a. Encryption-at-rest)
Auditing (MongoDB Enterprise or Percona Server for MongoDB only)

MongoDB is no exception. All of these have been […]

Read more