MongoDB Self-Managed Database Security

In this unit, you learned how to:

• Distinguish between authentication and authorization
• Define role-based access
• Set up SCRAM for client authentication on a standalone mongod instance
• Set a built-in role for a database user
• Remove a role from a user
• Access the audit log
• Identify the purpose of enabling TLS
• Identify the purpose and limitations of encryption at rest
• Distinguish between client-side field-level encryption and encryption at rest
• Identify how MongoDB encrypts data at rest, data in transit, and data in use
• Enable network encryption (TLS) on a MongoDB replica se

Resources

Use the following resources to learn more about securing your self-managed MongoDB deployments:

Lesson 1: Introduction to Security

• Authentication
• Role-Based Access Control
• Auditing

Lesson 2: Enabling Authentication for a Self-Managed MongoDB Deployment

• Enable Access Control
• Use SCRAM to Authenticate Clients
• Localhost Exception

Lesson 3: Establishing Authorization for a Self-Managed MongoDB Deployment

• Role-Based Access Control
• Create a User
• Built-In Roles
• Authenticate a User
• List Users
• Modify Access for an Existing User

Lesson 4: Security Auditing in MongoDB

• Auditing
• System Event Audit Messages
• Audit Options

Lesson 5: Introduction to Encryption Concepts

• MongoDB Data Encryption

Lesson 6: Encryption in Self-Managed MongoDB Deployments

• Encryption at Rest
• Configure Encryption
• TLS/SSL (Transport Encryption)
• Client-Side Field Level Encryption

Lesson 7: Enabling Network Encryption for a Self-Managed MongoDB Deployment

• Upgrade a Cluster to Use TLS/SSL
• net Options