Mongo dba week 7 security backups

Additional Resources (2.5 min)

• Docs - mongodb.org
• Driver docs - 
• Bug database / feature request database [JIRA]
• Support forums (in Google Groups) - mongodb-user
• IRC - channel: freenode.net/#mongodb
• Source code on github
• Blog
• Twitter (@mongodb)
• Mongo Meetup Groups (MMUGs) - look on meetup.com

Hardware Tips (7.5 min)

Additional Features (4.5 min)

Geospatial Indexes (5 min)

location
latitude and longitude things
built on top of b-tree structures
uses variation of geo-hash codes

Data Recovery with MMS (4 min)

Quiz: Data Recovery with MMS Backup

You rack up $3.50 in MMS charges from a small backup restoration. What are your out-of-pocket costs?

-$1.50$0.00$1.50$3.50$5.00

Installing MMS Backup (3.5 min)

Introduction to MMS Backup ( min)

Backup Strategies (3 min)

Quiz: Backup Strategies

Which are true statements?

You can copy Mongo datafiles while a mongod is running.Its always safe to do a true snapshot of the data volume while mongod is running.mongoexport has the ability to directly access MongoDB datafiles in addition to connecting to a MongoDB cluster or server via the network.

Backups (12 min)

Intra-cluster Security (4 min)

Security and Clients (6.5 min)

--auth : runs it in a security mode.
to authenticate:
NOTE: users are added per-database
db.addUser(...) - system.users (which is used to create credentials in mongodb)
db.addUser( { user: "", pwd: "", roles: [] } ) - 2.4+
db.auth(username,password) - to authenticate in the shell
Types of users:
admin users - created in the admin database.  has privileges across all databases
regular users - access a specific database, read/write or read only.

Start by adding an administrative user:

> use admin

switched to db admin

> db.addUser("the_admin", "testpassword" )

{

"user" : "the_admin",

"readOnly" : false,

"pwd" : "8b7c802b3626405fd30fa921fcf41cf9",

"_id" : ObjectId("52851114c2e7840b9b05b49f")

}

> db

admin

> show collections

system.indexes

system.users

> db.system.users.find()

{ "_id" : ObjectId("52851114c2e7840b9b05b49f"), "user" : "the_admin", "readOnly" : false, "pwd" : "8b7c802b3626405fd30fa921fcf41cf9" }

passwords are hashed (not stored in plain text [i.e. a message digest])

Once the admin user has been added to the admin database, the rule that you can connect from the localhost no longer applies.  Meaning that we will have to authenticate or it wont let us in (even if we are on localhost).

> show dbs

Thu Nov 14 11:07:59.449 JavaScript execution failed: listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:L46

> // now we authenticate to do useful things

> db.auth("the_admin", "testpassword" )

1

> show dbs

admin 0.0625GB

local 0.03125GB

test (empty)

Quiz: Security and Clients

Which are true?

You can give a user read-only access to one database and write access to another database.The users password is sent over the network unencrypted.The users password is stored on disk unencrypted.

Security (5 min)

Introduction ( min)

Read More..

Learning Wireless Security WEP Methods

WEP is a first standard security & encryption used on wireless, WEP (Wired Equivalent Privacy) is a method of securing a wireless network, also called Shared Key Authentication. Shared Key Authentication is the authentication method that requires the use of WEP. WEP encryption uses a key that is inserted (by the administrator) to a client or access point. This key must match from a given access point to the client, with the inserted client to authenticate to the access point.

Here is the process of Shared Key Authentication :

• Client has asked the association to the access point, this step is the same as the Open System Authentication.
• Access point sends challenge text to the client in a transparent manner.
• Client will provide a response by encrypting the challenge text using the WEP key and sends back to the access point.
• Responded to an access point client response, the access point will perform encryption decrypt the response from the client to verify that the challenge text is encrypted using the WEP key as appropriate. In this process, the access point will determine whether the client has given the corresponding WEP key. If the WEP key provided by the client are correct, then the access point will respond positively and immediately to client authentication. But if the client entered the WEP key is incorrect, then the access point will respond negatively and will not be given a client authentication. Thus, the client will not be authenticated and not associated.

Data communication via the IEEE 802.11, Shared Key Authentication is more secure than it seems from the Open System Authentication, but in reality are not. Shared Key instead opened the door for intruders or crackers. It is important to understand two streets used by WEP. WEP can be used to verify the identity of the client during the process of shared key authentication, but can also be used to decrypt data sent by the client via the access point.

WEP has many flaws, among others:

• The problem of weak keys, RC4 algorithm used can be solved.
• WEP uses a static key.
• Problem of initialization vector (IV) WEP.
• Message integrity problem Cyclic Redundancy Check (CRC-32).

WEP consists of two levels, namely 64-bit key, and 128 bits. Actually, the secret key on a 64 bit WEP key is only 40 bits, while 24bit is an Initialization Vector (IV). Similarly, the 128 bit WEP key, secret key consists of 104bit.

The attacks on WEP weaknesses include:

• The attack on the weaknesses of the initialization vector (IV), often called the FMS attack. FMS stands for the name of the three inventors of the IV weakness Fluhrer, Mantin, and Shamir. This attack was done by collecting a weak IV as much as possible. The more weak IV is obtained, the sooner discovered the key that is used.
• Getting a unique IV data obtained through the packet to be processed for WEP key cracking process more quickly. This method is called chopping attack, first discovered by h1kari. This technique only requires a unique IV thus reducing the need for IV are weak in WEP cracking.

Both of the above attacks require considerable time and packet, to shorten the time, the hackers usually do traffic injection. Traffic Injection is often done by collecting the ARP packet and then sends back to the access point. This resulted in the collection of initial vectors is easier and faster. Unlike the first and second, to attack traffic injection, required specification of tools and applications that start rarely found in stores, ranging from chipsets, firmware version, and versions of drivers, and not infrequently have to do patching of drivers and applications.

Read More..

Adjusting your cookie security policy

How to Adjusting your cookie security policy?
If you do not want your computer to accept third-party cookies so that marketing companies cannot identify what ads they have shown you, or if you just want to adjust your cookie acceptance settings, then follow these steps:

1. Open Internet Explorer.

2. Click the Tools menu bar item and select Internet Options.

3. Click on Privacy tab.

4. You will see the up and down slider that allows you to select different levels of cookie security. I recommend that you bypass this and just click the Advanced button instead.

5. Once you click the Advanced button and see the Advanced Privacy Settings window, check the box that says Override Automatic Cookie Handling.

6. Your settings for first- and third-party cookies will now be available for adjustment. I recommend that you always accept first-party cookies. You can decide if you want to block or select the prompt to accept third-party cookies. Prompt will pop up a dialog box notifying you that a cookies request has been received.

7. Once you are finished with your settings, click the OK button to save your changes and return to Internet Options.

8. Click OK once more to close Internet Options.

Now that you have set the cookie privacy setting manually. you can eliminate cookies from being stored on your hard drive in the first place. Doing so will allow you to protect your privacy and still be able to use Web sites that need cookies.

Read More..