Skip to content

Latest commit

 

History

History
158 lines (122 loc) · 11.7 KB

mitigations.md

File metadata and controls

158 lines (122 loc) · 11.7 KB

Mitigation Strategies Analysis for mongodb/mongo

Mitigation Strategy: Enforce Authentication and Authorization (MongoDB Server)

  • Mitigation Strategy: Enforce Authentication and Authorization (MongoDB Server)

    • Description:

      1. Enable Authentication: Modify the MongoDB server configuration file (mongod.conf or through the MongoDB Atlas UI) to enable authentication. Set security.authorization to enabled.
      2. Create Administrative User: Create at least one administrative user in the admin database before enabling authentication. This user will be needed to manage other users and roles.
      3. Define Roles (Principle of Least Privilege):
        • Create custom roles that grant only the minimum necessary permissions to each application user or service. Avoid using built-in roles like readWriteAnyDatabase or root for application users.
        • Use built-in roles only when they precisely match the required permissions.
        • Consider roles like read, readWrite, dbAdmin, and custom roles for specific collections or operations.
      4. Create Application Users: Create individual user accounts for each application or service, assigning them the appropriate custom roles.
      5. Choose Authentication Mechanism: Select a secure authentication mechanism. SCRAM (Salted Challenge Response Authentication Mechanism) is the recommended option (e.g., SCRAM-SHA-256).
      6. Restart MongoDB: Restart the MongoDB server for the changes to take effect.
      7. Regularly Audit Roles: Periodically review user roles and permissions to ensure they remain appropriate and that no unnecessary privileges have been granted.
      8. Rotate Credentials: Implement a process for regularly rotating MongoDB user passwords.

    • List of Threats Mitigated:

      • Unauthorized Data Access (Critical): Prevents unauthorized users or applications from accessing or modifying data.
      • Privilege Escalation (High): Limits the damage an attacker can do if they compromise a user account.

    • Impact:

      • Unauthorized Data Access: Risk reduced from Critical to Low (depending on password strength and RBAC effectiveness).
      • Privilege Escalation: Risk reduced from High to Low.

    • Currently Implemented:

      • Example: Authentication is enabled. Basic roles are defined, but they are overly permissive.

    • Missing Implementation:

      • Example: Need to define more granular roles based on the principle of least privilege.
      • Example: No process for regularly rotating credentials.
      • Example: No regular audit of user roles.

Mitigation Strategy: Enable TLS/SSL Encryption (MongoDB Server)

  • Mitigation Strategy: Enable TLS/SSL Encryption (MongoDB Server)

    • Description:

      1. Obtain TLS Certificate: Obtain a TLS/SSL certificate for your MongoDB server. For production, use a certificate from a trusted Certificate Authority (CA). Self-signed certificates can be used for testing.
      2. Configure MongoDB Server: Modify the mongod.conf file (or MongoDB Atlas settings):
        • tls.mode: Set to requireTLS to enforce TLS connections. Other options include preferTLS (allows both TLS and non-TLS) and allowTLS (allows non-TLS, but enables TLS if requested). disabled turns off TLS.
        • tls.certificateKeyFile: Specify the path to the combined certificate and private key file (PEM format).
        • tls.CAFile: (Optional, but recommended) Specify the path to the CA certificate file (PEM format) used to verify client certificates (if using client certificate authentication).
        • tls.allowConnectionsWithoutCertificates: (Optional) If set to true, allows clients to connect without presenting a certificate (not recommended for production).
      3. Restart MongoDB: Restart the MongoDB server for the changes to take effect.
      4. Configure Clients: Ensure all clients (including your Go application using the mongo-go-driver) are configured to connect using TLS.

    • List of Threats Mitigated:

      • Man-in-the-Middle (MitM) Attacks (High): Prevents interception and eavesdropping on communication.
      • Data Exposure in Transit (High): Protects sensitive data during transmission.

    • Impact:

      • Man-in-the-Middle (MitM) Attacks: Risk reduced from High to Negligible (with proper TLS configuration and valid certificates).
      • Data Exposure in Transit: Risk reduced from High to Negligible.

    • Currently Implemented:

      • Example: TLS/SSL is enabled on the MongoDB server for the production environment.

    • Missing Implementation:

      • Example: TLS is not enforced for connections from the development environment.

Mitigation Strategy: Configure Network Exposure (MongoDB Server)

  • Mitigation Strategy: Configure Network Exposure (MongoDB Server)

    • Description:

      1. Bind to Specific Interfaces: Modify the mongod.conf file (or MongoDB Atlas network access settings):
        • net.bindIp: Specify the IP address(es) or hostname(s) that MongoDB should listen on. Never bind to 0.0.0.0 (all interfaces) in production unless absolutely necessary and secured with a firewall. Bind to 127.0.0.1 (localhost) if only local access is needed. Bind to a specific private IP address if accessible only within a private network.
      2. Firewall Rules: Configure a firewall (e.g., iptables, ufw, or a cloud provider's firewall) to restrict access to the MongoDB port (default: 27017) to only authorized clients. Block all other incoming connections to that port.
      3. MongoDB Atlas (if applicable):
        • IP Whitelisting: Use MongoDB Atlas's IP Access List feature to specify the IP addresses or CIDR blocks that are allowed to connect.
        • VPC Peering: If your application is running in a Virtual Private Cloud (VPC), use VPC peering to connect to your MongoDB Atlas cluster securely without exposing it to the public internet.
        • Private Endpoints: Use Private Endpoints (available on some cloud providers) for even more secure and isolated connectivity.

    • List of Threats Mitigated:

      • Unauthorized Access (Critical): Prevents unauthorized connections from outside the intended network.
      • Denial of Service (DoS) (Medium): Reduces the attack surface by limiting the number of potential attackers.

    • Impact:

      • Unauthorized Access: Risk reduced from Critical to Low (depending on the restrictiveness of the firewall rules and network configuration).
      • Denial of Service (DoS): Risk reduced from Medium to Low.

    • Currently Implemented:

      • Example: MongoDB is bound to a specific private IP address. A firewall is in place, but the rules are not very restrictive.

    • Missing Implementation:

      • Example: Need to tighten firewall rules to allow only specific IP addresses or CIDR blocks.
      • Example: If using MongoDB Atlas, IP whitelisting is not fully configured.

Mitigation Strategy: Enable Auditing (MongoDB Server)

  • Mitigation Strategy: Enable Auditing (MongoDB Server)

    • Description:

      1. Configure Auditing: Modify the mongod.conf file (or MongoDB Atlas auditing settings):
        • auditLog.destination: Specify where audit logs should be written. Options include syslog, console, file, or jsonFile (for JSON format).
        • auditLog.format: Specify the log format (e.g., JSON).
        • auditLog.path: (If destination is file or jsonFile) Specify the path to the audit log file.
        • auditLog.filter: (Optional, but highly recommended) Define a filter to specify which events should be logged. This helps reduce the volume of audit data and focus on relevant events. You can filter by user, database, operation type, etc. Example: 
          auditLog:
  destination: file
  format: JSON
  path: /var/log/mongodb/auditLog.json
  filter: '{ "atype": { $in: [ "authCheck", "authenticate" ] }, "param.db": "mydb" }'
      2. Restart MongoDB: Restart the MongoDB server for the changes to take effect.
      3. Regularly Review Logs: Implement a process for regularly reviewing the audit logs. Look for suspicious activity, unauthorized access attempts, and other security-relevant events.
      4. Log Rotation: Configure log rotation to prevent the audit log file from growing indefinitely.

    • List of Threats Mitigated:

      • Unauthorized Access (Detection) (High): Provides a record of all database operations, allowing you to detect unauthorized access or suspicious activity.
      • Data Breaches (Investigation) (High): Helps you investigate data breaches and determine the scope of the compromise.
      • Compliance (Variable): Helps you meet compliance requirements that mandate audit logging.

    • Impact:

      • Unauthorized Access (Detection): Does not prevent unauthorized access, but significantly improves your ability to detect it.
      • Data Breaches (Investigation): Provides crucial information for investigating data breaches.
      • Compliance: Helps meet compliance requirements.

    • Currently Implemented:

      • Example: Auditing is not currently enabled.

    • Missing Implementation:

      • Example: Need to configure auditing in the mongod.conf file and set up a process for reviewing the logs.

Mitigation Strategy: Disable Server-Side JavaScript (MongoDB Server)

  • Mitigation Strategy: Disable Server-Side JavaScript (MongoDB Server)

    • Description:

      1. Disable db.eval(): Disable the db.eval() command using the setParameter command. This can be done from the mongo shell or through the driver using RunCommand: 
        // From the mongo shell:
db.adminCommand({setParameter: 1, javascriptEnabled: false})
        // From the Go driver:
var result bson.M
err := client.Database("admin").RunCommand(context.TODO(), bson.D{{"setParameter", 1}, {"javascriptEnabled", false}}).Decode(&result)
      2. Avoid $where and mapReduce (if possible): Prefer the aggregation framework over server-side JavaScript functions like $where and mapReduce. The aggregation framework is generally more secure and performant.
      3. Restart MongoDB: Restart the MongoDB server for the javascriptEnabled setting to take effect.

    • List of Threats Mitigated:

      • Server-Side JavaScript Injection (High): Prevents attackers from injecting malicious JavaScript code.

    • Impact:

      • Server-Side JavaScript Injection: Risk reduced from High to Negligible (if server-side JavaScript is completely disabled).

    • Currently Implemented:

      • Example: db.eval() is disabled.

    • Missing Implementation:

      • Example: None (assuming all server-side JavaScript usage has been eliminated or properly secured).