In light of the recent widespread news about security vulnerabilities in MongoDB and Elasticsearch, we want to proactively remind our customers of Security Best Practices for Couchbase.
At this time there have been no known ransomware attacks on Couchbase, and no new security vulnerabilities have been identified in the product. This advisory is in the spirit of ‘forewarned is forearmed’.
Comprehensive security planning is a complex topic, but getting started with Security Basics is not. This Advisory Note is intended as a heads-up and reminder of general security best practices as well as Couchbase security capabilities available to you. First of all, let’s start with the basics.
All Couchbase Server installations should ensure that:
- Proper physical security (server access and backup storage) is maintained.
- Couchbase Server nodes are behind a firewall so that they are not publically accessible. Here is how to configure network access to Couchbase using IP tables.
- The server operating system is up to date with the latest security patches.
- Delete the “default” bucket.
- Secure in-transit data by using SSL connections for client/server and server/server communication.
- Use a strong and unique bucket password for all data buckets.
- Add security to your Couchbase mobile application
- Encrypt Couchbase Lite databases
Additionally, customers should consult the following Couchbase resources in order to build a comprehensive security plan:
Documentation
- Couchbase Server Security Considerations
- Couchbase Server Introduction to Security
- Couchbase Server Security Best Practices
Blogs
- Configuring IPSec
- N1QL Security
- Skipping Default Bucket Creation
- Security for Mobile Data Synchronization
- Decentralized Security with Couchbase Mobile
As always, please reach out to us if you have any questions.
How to contact?
- Couchbase Support
- Email: support@couchbase.com
- Contact Us
- Forums
- Twitter (@couchbase, @couchbasedev)
