my personal blog about systemcenter

All posts in Ransomware

MongoDB and Microsoft Advanced Threat Analyties and Secure by Default

Categories: Advanced Threat Analytics, ATA, MONGODB, Ransomware
Comments Off on MongoDB and Microsoft Advanced Threat Analyties and Secure by Default

The last few days we seen very public attacks on unsecured MongoDB databases exposed directly to the internet

MongoDB ransom attacks soar, body count hits 27,000 in hours

http://www.theregister.co.uk/2017/01/09/mongodb/

and respons from MondoDB

https://www.mongodb.com/blog/post/how-to-avoid-a-malicious-attack-that-ransoms-your-data

These attacks are preventable with the extensive security protections built into MongoDB. You need to use these features correctly, and our security documentation will help you do so. Here are pointers to the relevant documentation and other useful resources:

and a reference to their securty manual on how to secure mongodb

So was looking on where we are using mongodb and found our Advanced Thread Analytics install , this isnt internet connected but a internal attack wiping the database could be bad enough so we looked

image

Local Host listener only

image

and doublecheck in the mongod config file

And the only acceptable result , secure by default , thx Microsoft and MongoDB