This version of the documentation is archived and no longer supported.

Security Hardening

To reduce the risk exposure of the entire MongoDB system, ensure that only trusted hosts have access to MongoDB.

MongoDB Configuration Hardening

For MongoDB, ensure that HTTP status interface and the REST API are disabled in production to prevent potential data exposure to attackers.

Deprecated since version 3.2: HTTP interface for MongoDB

For more information, see MongoDB Configuration Hardening.

Network Hardening

To restrict exposure to MongoDB, configure firewalls to control access to MongoDB systems. Use of VPNs can also provide a secure tunnel.

For more information, see Hardening Network Infrastructure.