Homework answers / question archive / PROJECT-03: Propose and Implement a Security Mechanism for Vulnerabilities Found in MongoDB with Singularity Linux Containers Project Outline: This is the third phase of the Project-01 “Vulnerability Assessment of MongoDB in Linux Containers” and the Project-02 “Security Root Causes Analysis and Prevention Techniques of Vulnerabilities in MongoDB with Singularity Linux Containers”

PROJECT-03: Propose and Implement a Security Mechanism for Vulnerabilities Found in MongoDB with Singularity Linux Containers Project Outline: This is the third phase of the Project-01 “Vulnerability Assessment of MongoDB in Linux Containers” and the Project-02 “Security Root Causes Analysis and Prevention Techniques of Vulnerabilities in MongoDB with Singularity Linux Containers”

Computer Science

Share With

---

PROJECT-03: Propose and Implement a Security Mechanism for Vulnerabilities Found in MongoDB with Singularity Linux Containers

Project Outline:

This is the third phase of the Project-01 “Vulnerability Assessment of MongoDB in Linux Containers” and the Project-02 “Security Root Causes Analysis and Prevention Techniques of Vulnerabilities in MongoDB with Singularity Linux Containers”. In the Project-02, you have already discovered security root causes for at least 15 vulnerabilities found in Project-01 and thereafter you have proposed a prevention technique for each vulnerability.

In this project you have to propose and implement a new or an existing security mechanism to avoid one or more vulnerabilities found in Project-01. You are given two options as follows to get an initial idea to start this project but not limited and you can come up with your own idea as the third option. In this project you only required to implement one security mechanism by selecting one of the following options.

 

OPTION-01: Authentication and/or Encryption with Mongoose

Propose and implement a stronger and secure authentication mechanism with Mongooseas. Mongoose is an elegant MongoDB object data modeling library for node.js while Kerberos and LDAP proxy authentication mechanisms can also be implemented separately with the MongoDB community edition, but the process is more complicated. Mongoose is an object data mapping solution and is also capable of organizing and structuring data. Through Mongoose, plan to encrypt passwords (or other data) before saving the data in the MongoDB database server to enrich the authentication security. The same method can be used to encrypt data-at-rest.

References:

[A]. https://mongoosejs.com/docs/connections.html

[B]. https://tphangout.com/how-to-encrypt-passwords-or-other-data-before-saving-it-in-mongodb/

[C]. https://gist.github.com/kljensen/7505729

[D]. http://devsmash.com/blog/password-authentication-with-mongoose-and-bcrypt

 

 

 

 

 

 

 

OPTION-02: Encrypt MongoDB Data-at-Rest

At the storage layer, data-at-rest encryption can be utilized with any/all of the following:

•             Encrypt the entire drive

•             Encrypt individual files or databases on the disk

•             Encrypt entire documents (rows in SQL-land) or individual attributes (columns in SQL-land) at the application level

According to our applicatin security requirements for data-at-rest encryption, you may propose to start with application-level encryption. Given MongoDB's flexible schema, data-at-rest encryption is a conceptually straightforward change: replace plaintext data in a document with encrypted data; however, the implementation is more complicated. Encryption at the application level is independent of the server and network stack where the application layer is in complete control. Keys are in the application layer, and separate from the data layer. Plaintext information is never stored or transmitted. No part of the data layer can reveal the plaintext values to potential attackers. The attack vector for application-level encryption is through common application vulnerabilities, such as cross-site scripting (XSS) or SQL injection. Application level encryption is only one of the many facets of solid security which supports our security requirements. Use a Ruby gem, which helps achieve compliance by supporting encryption of data in a simple and consistent way through symmetric encryption with OpenSSL.

References:

[A]. https://www.compose.com/articles/encrypting-sensitive-data-in-your-mongodb-database/

[B]. https://www.rubydoc.info/gems/symmetric-encryption/2.2.0/file/README.md

[C].https://www.percona.com/live/18/sites/default/files/slides/Securing%20Your%20Data_%20All%20Steps%20for%20Encrypting%20Your%20MongoDB%20Database%20-%20FileId%20-%20136891.pdf

 

OPTION-03: Your Own Ideas

Propose and Implement new or existing secure authentication and/or encryption mechanisms for MongoDB community edition in Singularity Linux containers or Docker Linux containers other than the Opriton-01 and Option-02. You should be able to provide some test cases to prove the improved application security.

References:

[A].https://www.percona.com/live/18/sites/default/files/slides/Securing%20Your%20Data_%20All%20Steps%20for%20Encrypting%20Your%20MongoDB%20Database%20-%20FileId%20-%20136891.pdf

[B]. https://docs.mongodb.com/manual/core/security-encryption-at-rest/

 

***When creating a virtual box, please use virtual name as “Thao” when command is display showing name***

 

 

Report Outline:

Make a comprehensive report including the followings:

1. First page must include Title

2. Second page, Table of Content.

3. Problem statement. (What you did?)

4. Organization/Flow. (How did you do? – Include Methods)

5. Results. (Consider many test cases)

6. Conclusions/Findings.

7. References.