From 31b0395373adba5d42bb937106810e15c30bbe0e Mon Sep 17 00:00:00 2001 From: Meg528 <71841959+Meg528@users.noreply.github.com> Date: Thu, 3 Jul 2025 11:46:58 -0600 Subject: [PATCH] Update index.mdx --- docs/atlas/index.mdx | 44 +++++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/docs/atlas/index.mdx b/docs/atlas/index.mdx index bc845fa..88b76d2 100644 --- a/docs/atlas/index.mdx +++ b/docs/atlas/index.mdx @@ -9,12 +9,12 @@ import TabItem from '@theme/TabItem'; This guide covers essential security configurations for MongoDB deployments. Learn how to secure your databases using best practices for both Atlas and On-premises installations. -## Network Security +## Network security -### IP Access List +### IP access list Control which IP addresses can connect to your cluster: @@ -25,7 +25,7 @@ atlas accessLists create --ip "203.0.113.0/24" ``` **Importance:** Restricting access to known IP addresses prevents unauthorized connections and reduces the risk of external attacks. -### Private Endpoints +### Private endpoints Set up AWS PrivateLink: ```javascript @@ -34,7 +34,7 @@ atlas privateEndpoints aws create --region us-east-1 --projectId 5e2211c17a3e5a4 ``` **Importance:** Private endpoints ensure that traffic between your application and MongoDB Atlas remains within your private network, enhancing security and reducing exposure to the public internet. -### Network Peering +### Network peering ```javascript // Set up VPC peering @@ -45,7 +45,7 @@ atlas networking peering create aws --accountId 854333054055 --atlasCidrBlock 19 -### Firewall Configuration +### Firewall configuration Configure iptables rules: ```bash @@ -56,7 +56,7 @@ iptables -A INPUT -p tcp --dport 27017 -j ACCEPT iptables -A INPUT -s 203.0.113.0/24 -p tcp --dport 27017 -j ACCEPT ``` -### Network Binding +### Network binding Configure mongod.conf: ```yaml @@ -65,7 +65,7 @@ net: port: 27017 ``` -### VPN Access +### VPN access Set up OpenVPN server: ```bash @@ -79,24 +79,24 @@ apt-get install openvpn -## Encryption Configuration +## Encryption configuration -### Encryption at Rest +### Encryption at rest Atlas automatically encrypts all data using: -- AWS: AWS KMS -- Azure: Azure Key Vault -- GCP: Cloud KMS +- AWS: AWS KMS. +- Azure: Azure Key Vault. +- GCP: Cloud KMS. **Importance:** Encryption at rest protects your data from unauthorized access if the storage media is compromised. -### Encryption at Rest +### Encryption at rest Configure mongod.conf: ```yaml @@ -112,7 +112,7 @@ chmod 600 /path/to/key.txt ``` **Importance:** Encryption at rest protects your data from unauthorized access if the storage media is compromised. -### Transport Encryption (TLS/SSL) +### Transport encryption (TLS/SSL) ```yaml net: @@ -126,24 +126,22 @@ net: - - -## Best Practices +## Best practices -1. **Network Security** +1. **Network security** - Use private endpoints where possible - Regularly review IP access lists - Implement VPC peering -2. **Access Management** +2. **Access management** - Follow principle of least privilege - Regular credential rotation - Use strong authentication methods -3. **Monitoring and Alerts** +3. **Monitoring and alerts** - Set up alerts for security events - Monitor access patterns - Review audit logs regularly @@ -151,12 +149,12 @@ net: -1. **System Security** +1. **System security** - Regular system updates - Security patch management - Resource limits configuration -2. **Network Security** +2. **Network security** - Configure firewalls - Set up VPN access - Implement network segmentation @@ -169,7 +167,7 @@ net: -## Next Steps +## Next steps Let's start the [network access control challenge](./challenge/network).