Amazon DocumentDB Network Access — Why the VPC?
Billions of reasons why networking is vital for cloud security courtesy of MongoDB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: AWS Security | DevOps | Network Security
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I was recently at the AWS Developer Influencer Summit in Seattle at Amazon, and I heard someone ask why Amazon DocumentDB requires a VPC. DocumentDB is an AWS document database, as the name suggests, with MongoDB compatibility. Here are billions of reasons why requiring a VPC for this service is an excellent choice, some with ransomware as a bonus. I don’t need to re-write what others have already reported. Instead, I refer you to the links below. A synopsis of why this is so important follows.
Choice Hotels — 700,000 records.
2.1 million records belonging to well-known Mexican publisher and bookseller, Librería Porrúa held for ransom.
A database containing 37,000 records on individuals from Australia and New Zealand has been uncovered, with the exposed data connected to clinical trials.
An unprotected 140+ GB MongoDB database led to the discovery of a huge collection of 808,539,939 email records, with many of them also containing detailed personally identifiable information (PII).
Another day, another massive MongoDB exposure. This time, a security researcher has discovered a public-facing database with over 275 million records containing personal information on citizens in India.
MongoDB Apocalypse: Professional Ransomware Group Gets Involved, Infections Reach 28K Servers
Discovered by Comparitech’s researcher Bob Diachenko on June 18, 2019; the database contained personal sensitive information of over 188 million people. According to Diachenko’s analysis, some of the records in the database belonged to users from LexisNexis and Pipl.
…unsecured MongoDB server that was leaking the personal details of nearly 11 million users. The server appears to belong to an email marketing firm based in California.
The 12,564 sabotaged databases make up roughly 20 percent of the 63,000+ publicly configured MongoDB identified via BinaryEdge, the report continues.
A MongoDB database containing the personal records of around 5 million individuals has been left exposed on the internet.The database contained personal information and health data and belonged to MedicareSupplement.com, a website run by TZ Insurance Solutions which helps individuals find a Medigap insurance plan.
There are so many more examples. These are just a few. Exposed MongoDB and other databases are one of the many cloud threats I cover in my cloud security class. I also explain what to do about it, not just at a tactical implementation level, but at the organizational level when dealing with Governance, Risk, and Compliance (GRC).
I often wonder if these databases are intentionally exposed, by accident, coding error, or malware. Secure defaults help. Some cloud provider defaults are more open than others, but in any case, it is the customer’s responsibility to ensure they don’t expose your data publicly on any cloud platform. You need to understand what data you expose to the Internet and how. You also need to secure and monitor all database connections if you care about the data in your database.
In the cloud, sometimes the network implementation falls to developers. They need the training to learn how to do it properly if they are going to be responsible for it. Otherwise, companies need to assign a dedicated networking team who understands the risk posed by open ports as I wrote about in another post. Implementing networking in the cloud seems simple at first. Open a port. It works! Implementing secure networking is another matter.
Networking in the cloud is crucial for security. Some cloud providers make it seem easy to connect to cloud resources, but do you fully understand what you are exposing in exchange for that ease of use? Understanding this and other vital aspects of networking in the cloud is why I have a full day of network security in my class — so you can learn how to do it correctly — and why it matters down to the packet level. Stay tuned for tips on securing your databases, pentesting, implementing cloud networking on the 2nd Sight Lab Cloud Security blog.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2019
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab