January 10, 2022

How to do a complete security audit of your Mongo Cloud account

A security audit allows you to collect information about a system which can then be analysed to identify if there are security weaknesses. This article describes how you can perform a security audit of your Mongo Cloud account.

Background


MongoDB is an open-source document-oriented database. It is used to store a larger amount of data and also allows you to work with that data. It is a cloud service with data distribution and mobility across AWS, Azure, and Google Cloud, built-in automation for resources and workload optimisation. As it deals with important data of an organisation or application there must be systematic evaluation of the company’s information system to confirm the security of the systems physical configuration and environment, software, information handling processes and user practices. 


A security audit is a systematic evaluation of the security of a company's information system by measuring how well it confirms an established set of criteria. Security audit is required since MongoDB Cloud is an integral part of the infrastructure and is essential to keep it secure.


Checklist For Mongo Cloud Audit

  1. Verifying the number of clusters present in an organisation

A shared cluster in MongoDB is a collection of datasets distributed across many shards (servers) in order to achieve horizontal scalability and better performance in read and write operations.

Steps:

  • On Home page Select 'All Clusters'
  • The page will open with the list of 'All Clusters'
The page will open with the list of 'All Clusters'



  1. List all the users present in the individual projects

Steps:

  • On Home page under the User’s name dropdown select 'Organisation’s'
  • The page with the list of  organisation’s will open
  • Select the 'Organisation' you want to list the Users
  • Page with the list of 'Projects' will open
  • Select 'users' and it will list all the users of the particular project along with Project Roles, Date of creation, Last Login details


Project Access Manager



  1. Database users and their permissions in Production projects. The permissions should be given according to the requirement of an individual user 

Steps:

  • From Home Page select 'Atlas'
  • In the left pane under 'Security' select 'Database Access'
  • All the users having database access are listed along with their 'MongoDB Roles', 'Resources'

 

Database Acccess


  1. To check users having access to Network Access. This is the list of IPs/Security groups whitelisted for access to the clusters in the projects

Steps:

  • From Home Page select 'Atlas'
  • In the left pane under 'Security' select 'Network Access'
  • A list will open with all the IP Address/ Security Group list along with 'Status'
Network Access


  1. Check the Realm apps connected to Database

The apps are being used for taking actions based on different events in the database. The apps directly interact with the database and there are functions written to perform this activity which are executed based on triggers.

Steps:

  • From Home Page select 'Realm'
  • The page with 'Realm apps' will open


Realm Apps


  1. Third Party Services integration in Realm Apps

Steps:

  • From Home Page select 'Realm'
  • On the left side pane select '3rd Party Services' under 'Build' Section
  • The page with all the third party services will open along with 'Service Name', 'Service Type' and 'last modified date'


  1. List the unused Third-Party services in Realm Apps

Steps:

  • From Home Page select 'Realm'
  • On the left side pane select '3rd Party Services' under 'Build' Section
  • The Services with blank 'Last Modified' section are unused
The Services with blank 'Last Modified' section are unused
  1. List the Users having access to the Realm app. Among all the users present for Realm application, the user which is currently in Enabled state will have the devices configured. The following should be verified:
  1. Team members who have access to these credentials
  2. Devices that have current session
  3. Team members who have access to the current devices 

    Steps:

  • From the Home Page select 'Realm'
  • On the left side pane select 'App Users' under 'Data Access' Section
  • The list of Users will open
  • To list the 'devices', click on the user name dropdown and then click on 'Devices' dropdown
To list the 'devices', click on the user name dropdown and then click on 'Devices' dropdown

Conclusion

Mongo Cloud is a service which provides an organisation or an application to manage the data. It is important to maintain the security of Mongo Cloud as the data which is stored is critical. Therefore it is required to verify any actions or the entities that performed certain actions and monitor the changes made to the Mongo Cloud on a regular basis through the security Audit.

***

This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. If you wish to give your feedback on this article, you can write to us here.

Written by:
Priyam Singh

Priyam Singh

Cloud Security Specialist

Priyam is a Cloud Security Specialist at Kloudle. She also has experience as DevSecOps Engineer. She is part of security communities such as Infosecgirls and null - The Open Security Community. An active speaker and contributor to various security communities. She has given various technical talks and published content on DevSecOps.

Read more