MongoDB Security Basics
Welcome to the MongoDB Security Basics guide. This comprehensive tutorial covers essential security concepts and implementations for both MongoDB Atlas and On-premises deployments.
Overviewโ
This guide is structured to help you understand and implement MongoDB security features effectively. Each section provides side-by-side comparisons of implementing security features in both MongoDB Atlas and On-premises environments.
In the navigation bar and in some pages, you will notice some icons. Here is their meaning:
| Icon | Meaning | Description |
|---|---|---|
| ๐ | Lecture material | If you are following along in an instructor-led session, they probably have covered this already. |
| ๐ | Hands-on content | Get ready to do some hands-on work. You should follow these steps. |
| ๐ | Documentation | Reference documentation for hands-on portions of the lab. |
| ๐ฆน | Advanced content | This content isn't covered during the lab, but if you're interested in learning more, you can check it out. |
Topics Coveredโ
1. Intro and Network Securityโ
Explore Atlas-specific security features:
- Network access controls
- Private endpoints
Explore self-hosted considerations for network security
2. Authenticationโ
Learn about different authentication mechanisms and how to:
- Set up user authentication
- Implement X.509 certificate authentication
- Manage credentials securely
3. Role-Based Access Control (RBAC)โ
Understand how to:
- Create and manage roles
- Assign privileges to roles
- Implement role inheritance
- Follow security best practices for access control
4. Queryable Encryptionโ
Learn how to handle your sensitive information with our most advanced encryption technique:
- Setup encrypiton keys
- Create an encrypted client
- Write and read encrypted field data
5. Security Considerations and Summaryโ
Learn about additional Atlas and self-hosted security configurations:
- System hardening
- Encryption options
- Database auditing
- Backup security
- Audit logging
- Backup strategies
Getting Startedโ
Prerequisitesโ
Before implementing security measures, ensure you have:
-
MongoDB Atlas Users
- An Atlas account
- Access to a notebook environment to install Atlas CLI on.
Recommended one of:
- Google colab ,for general concepts: get yourself familiar with Jupyter Notebooks.
- Github Codespaces
- VS Code
-
On-Premises Users
- MongoDB installed
- Administrative access
- Basic understanding of Linux/Unix systems
Using This Guideโ
Each section provides:
- Side-by-side comparisons of Atlas and On-premises implementations
- Practical code examples
- Best practices
- Security checklists
- Hands-on exercises by using
.ipynbnotebooks.
Tab Navigationโ
Throughout this guide, you'll find content organized in tabs:
- Atlas: MongoDB Atlas specific instructions
- On-Premises: Self-hosted deployment instructions
This allows you to focus on the content relevant to your deployment type while understanding the differences between approaches.
Security Best Practicesโ
Regardless of your deployment type, always:
- Network Security
- Restrict network access
- Use TLS/SSL encryption
- Implement proper firewall rules
-
Enable Authentication
- Never run MongoDB without authentication
- Use strong passwords
- Implement appropriate authentication mechanisms
-
Use Access Controls
- Follow the principle of least privilege
- Regularly audit user access
- Implement role-based access control
-
Use Queryable Encryption
- Setup queryable encryption
- Create database encrypted client and collections
- Read and write encrypted documents.
Next Stepsโ
- Start with Initial Setup to get started on completing the challenge sections.
- Progress to Network Setup for authorising access and Authentication for database user management and Authorization.
- Explore Queryable Encryption for document based security.
- Finally, recap everything in Security Considerations and Summary.
Additional Resourcesโ
Remember to regularly review and update your security configurations to maintain the safety of your MongoDB deployments.