Over the last few weeks the industry has followed the surge in ransomware attacks against the publicly accessible MongoDB installations.
Since January 3, the number of victims has climbed from about 200 databases to more than 40,000. In addition to MongoDB, those responsible for the attacks have started targeting Elasticsearch and CouchDB. The message to the victims? Send a Bitcoin payment or forever lose access to your files.
And MongoDB was just the start.
Soon after, criminals started going after other development platforms, such as Elasticsearch – a Java-based search engine that’s popular in enterprise environments. Then they moved on to public facing Hadoop and CouchDB deployments.
What followed has been an industry-wide debate about how to combat and prevent it going forward.
The problem lies in that most of these servers have default configurations that are open Internet connections with no authentication. And while this may be ok for testing new technology to see if you like a certain feature or an API, it exposes real data if you deploy them the same way on the internet.
Typically when users have access to MongoDB, they are not directly accessible. But Admins also need access MongoDB which creates a problem with this approach. So the solution must start by finding a secure way for admins to access to the MongoDB over the Internet.
One solution could be to use VPNs just for Admins. Typically, this gives the admin access to other services inside the network, which may not be desired.
A better solution would be to use a Software Defined Perimeter (SDP) allowing Admins to access the MongoDB while hiding the infrastructure from everyone else. SDPs employ a new, “authenticate-first” approach for dynamic IT environments by securing every connection to a predetermined service, application or critical infrastructure. The primary effect of the SDP is that it allows good packets and connections while dropping bad packets and preventing bad connections.
SDPs are emerging as a key component in a new security paradigm that establishes an undetectable application infrastructure. This undetectable application infrastructure is often referred to as a “Black Cloud.” The primary objective of the SDP is to make the application infrastructure effectively “black” or undetectable.
SDPs incorporate lessons learned from successful commercial implementations of SDP by leading enterprises such as Coca-Cola, Mazda, and Google, and large government organizations like the DHS. And they continue to be tested in organized industry “hack-a-thons” (such as RSA) with an estimated 10 billion attempts to date – all unsuccessful.
Also feel free to check out the industry’s first open source reference implementation of SDP developed by Waverley Labs. The reference architecture and repository can be accessed and downloaded here.