All geek questions in one place

Securing MongoDB in the cloud

Are there any service providers offering hosted MongoDB with secure transport? I know that native TLS support for MongoDB is not yet entirely OOB, but am I looking for a provider that can encrypt transport using SSH, VPN, or perhaps IPSEC?

I know that shaking hands with a password to connect to MongoDB is safe, but I need to protect the data from prying eyes. I can, of course, encrypt the fields directly at my application level, but I cannot do this for the fields I want to look for.

From what I can say, the only transport security that we rely on VLAN / Switch routing. In other words, I should assume (according to providers such as MongoHQ and MongoLab) that my packages are safe while I work in the same data center provider, for example. Amazon But what if I do not. Unfortunately, for example, it seems that there are no commercial providers on Azure, so this would mean creating our own cluster.

Obviously, in any case, it probably makes sense to be closer to my data, but for now, we need the flexibility to mix and match suppliers without compromising security.

However, in the same hosting provider, is MAC routing really the best transport security?

+6
source share
2 answers

I think the answer depends on whether you evaluate suppliers only on the basis of providing SSL via the Mongo Wire protocol (options are probably limited at the moment), or if you use their API in the order (most of them will support https).

MongoDB SSL support (as of 2.0.6) requires a separate build due to some licensing / export complications and is “all or nothing” (that is, all your Mongo processes and client drivers will need to use SSL). discussions on the Jira issue for this feature request: SERVER-524: encrypted wired protocol with SSL .

Based on a quick search, the providers you mentioned do not currently offer secure transport over the wire protocol (and have reservations on the same) .. but they have https endpoints for their REST API:

  • MongoHQ REST API - The MongoHQ REST API allows you to create and interact with MongoDB databases created on the MongoHQ platform and easily use the JSON API via HTTPS.

  • MongoLab REST API - Using the MongoLab REST API , you can access any database associated with your account. The API provides most of the operations that you will find in the MongoDB driver, but offers them as a RESTful interface via HTTPS.

+4
source

For security in the end you should use SSL. It is inappropriate to rely on a network configuration. MongoDirector.com offers SSL support for your MongoDB servers at no extra charge. Here are the details - http://blog.mongodirector.com/secure-your-mongo-clusters-with-ssl/

Disclaimer: I am one of the founders of MongoDirector.com

0
source

Source: https://habr.com/ru/post/919578/

More articles:


All Articles