loading...

MongoDB ransoms in 2017

grahamcox82 profile image Graham Cox ・2 min read

You've almost certainly heard the news of the MongoDB ransoms that are going on. It's been a long time coming, and there's no reason for it at all.

We learnt a long time ago that it's completely unsafe to have workstations on the internet without some form of protection. Essentially, you need a firewall to keep your desktop or laptop safe.

It's also old knowledge that you should have separation of your front and back end systems.

Finally, it's common sense that your data is the single most important part of your company.

From this, I find it ludicrous that the databases a) aren't backed up, and b) aren't secured.

Backups are essential. If the data isn't backed up it might as well not exist. What's more, backups are only as good as the last time they were successfully restored. So, if you don't make backups And test them, you might as well not have the data in the first place.

This gets you to being able to get your data back, but it doesn't stop the bad guys getting their hands on it too. For that, you need to stop them getting into the database in the first place. This means a firewall and decent authentication. The database server should never be externally accessible - ever. If you need admin access, use a VPN. Simple as that.

The really ludicrous part of this is - if I understand it correctly, MongoDB supports authentication by use of x.509 certificates. This means that an attacker would need not a username and password - that can be brute forced - but an SSL certificate that is correctly signed. These are significantly more difficult to crack - to the point that if someone can reliably do so, MongoDB is the least of our worries.

Discussion

markdown guide