MongoDB takes security very seriously. Recently a team of German researchers discovered unsecured instances of MongoDB running openly on the internet. Readers who are concerned about access to their systems are reminded of the following resources:
- The most popular installer for MongoDB (RPM) limits network access to localhost by default.
- Security is addressed in detail in our Security Manual. The Security Checklist discusses limiting network exposure. Note that the method to do this will vary significantly depending on where the service is hosted (AWS, Azure, locally, etc).
- Additionally, users of MongoDB Management Service (MMS) can enable alerts to detect if their deployment is internet exposed (see figure below).
- A discussion on security is provided in two parts. Part 1 covers Design and Configuration. Part II covers 10 mistakes that can compromise your database.
- We encourage users who have experienced a security incident for MongoDB to create a vulnerability report.
Create a new alert to notify of host being exposed to the public internet.
If you are interested in learning more about security best practices, join our webinar this upcoming Thursday (February 12) on securing your MongoDB deployment.