Recently, there was a surge of attacks looking for misconfigured installations of MongoDB on the internet. The attackers were abusing the lack of authentication and remote accessibility to these MongoDB instances by deleting an original database and holding a copy of it for ransom.
These and other MongoDB security misconfigurations and vulnerabilities aren't completely related to patch management, and are more in the realm of configuration management. There are a few ways to improve MongoDB security and protect your database from attackers.
The major issue here lies with certain versions of MongoDB coming with loose default configurations. The responsibility in this case lies firmly with the administrators installing the database software and not managing it appropriately. Read more of my article at the link below:
http://searchsecurity.techtarget.com/answer/What-MongoDB-security-issues-are-still-unresolved
These and other MongoDB security misconfigurations and vulnerabilities aren't completely related to patch management, and are more in the realm of configuration management. There are a few ways to improve MongoDB security and protect your database from attackers.
The major issue here lies with certain versions of MongoDB coming with loose default configurations. The responsibility in this case lies firmly with the administrators installing the database software and not managing it appropriately. Read more of my article at the link below:
http://searchsecurity.techtarget.com/answer/What-MongoDB-security-issues-are-still-unresolved
No comments:
Post a Comment