I know 27017 is the standard port number for mongodb, but does everyone who sets up a mongo server generally change this to some random port number? Is there any possible security issues with using the standard port number?
Though this is - strictly speaking - not a programming related question and would rather belong on http://dba.stackexchange.com or on http://www.serverfault.com, I will answer it, since it might be useful for programmers.
Putting software on a nonstandard port does in no way enhance security from a conceptional point of view. This is because a determined attacker (I don't talk of script kiddies) will do a well hidden port scan on the machines of your network anyway. And since most servers identify who they are and what they do, it is quite easy for an attacker to determine which software is running on which open (aka reachable) ports of a machine. Actually, there are signature available, mapping the answers of various versions of the most important software (openssh, Apache httpd and MySQL) to known vulnerabilities of said versions of the software.
Putting a software on a nonstandard port for security reasons does not help. And it creates problems for the network and system administrators to configure the firewalls and system services correctly, resulting in increased maintenance work.
As @senfo correctly pointed out, you should use firewalls to restrict access. Measures offered by MongoDB to enhance security are authentication and authorization as well as keyfiles. In order to prevent sniffing attacks, you might want to use a tool like stunnel or recompile the MongoDB packages you plan to use with SSL support.
So, keep the ports where they belong to: at their defaults.
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句