Features功能
On this page本页内容
Overview概述
On this page, you can learn about the security benefits of Client-Side Field Level Encryption (CSFLE), and how CSFLE compares to other security mechanisms supported by MongoDB. You can also view a fictional scenario that demonstrates the value of CSFLE in securing your data.在本页上,您可以了解客户端字段级加密(CSFLE)的安全优势,以及CSFLE与MongoDB支持的其他安全机制的比较。您还可以查看一个虚构的场景,该场景展示了CSFLE在保护数据安全方面的价值。
Client-Side Field Level Encryption客户端字段级加密
Client-Side Field Level Encryption (CSFLE) is a feature of MongoDB that enables a client application to encrypt data before transporting it over the network. 客户端字段级加密(CSFLE)是MongoDB的一项功能,它使客户端应用程序能够在通过网络传输数据之前对数据进行加密。Sensitive data is transparently encrypted and decrypted by the client and only communicated to and from the server in encrypted form. CSFLE keeps encrypted fields secure in the following scenarios:敏感数据由客户端透明加密和解密,仅以加密形式与服务器通信。CSFLE在以下情况下确保加密字段的安全:
Direct access to encrypted fields by a database superuser数据库超级用户对加密字段的直接访问Access to encrypted fields by reading the server's memory通过读取服务器内存访问加密字段Capture of encrypted fields over an insecure network通过不安全的网络捕获加密字段Access to on-disk encrypted fields by reading database or backup files通过读取数据库或备份文件访问磁盘上加密的字段
While all clients have access to the non-sensitive data fields, only appropriately-configured CSFLE clients are able to read and write the encrypted data fields.虽然所有客户端都可以访问非敏感数据字段,但只有经过适当配置的CSFLE客户端才能读取和写入加密的数据字段。
Remote Key Management System远程键管理系统
When you use CSFLE in production, you must use a remote Key Management System (KMS) to store your encryption key.在生产中使用CSFLE时,必须使用远程键管理系统(KMS)来存储加密键。
To view a step-by-step guide demonstrating how to use a remote KMS with CSFLE, see Tutorials.要查看演示如何将远程KMS与CSFLE一起使用的分步指南,请参阅教程。
To view a list of all supported KMS providers, see CSFLE KMS Providers.要查看所有支持的KMS提供程序的列表,请参阅CSFLE KMS提供器。
To learn more about why you should use a remote KMS, see Reasons to Use a Remote Key Management System.要了解有关为什么应该使用远程KMS的更多信息,请参阅使用远程键管理系统的原因。
Other Security Mechanisms其他安全机制
This section describes the following security mechanisms supported by MongoDB and explains their use cases and limitations:本节介绍了MongoDB支持的以下安全机制,并解释了它们的用例和限制:
Role-Based Access Control基于角色的访问控制Encryption at Rest静止时的加密Transport Encryption (TLS/SSL)传输加密(TLS/SSL)
Role-Based Access Control基于角色的访问控制
Role-Based Access Control is a security mechanism that allows administrators to grant and restrict collection-level permissions for users. With the appropriate role definition and assignment, this solution prevents accidental disclosure of data and access.基于角色的访问控制是一种安全机制,允许管理员为用户授予和限制集合级别的权限。通过适当的角色定义和分配,此解决方案可以防止意外泄露数据和访问。
Role-Based Access control cannot protect against the following scenarios:基于角色的访问控制无法防范以下情况:
Capture of the data over an insecure network通过不安全的网络捕获数据Access to on-disk data by reading database or backup files通过读取数据库或备份文件访问磁盘上的数据Access to data by reading the server's memory通过读取服务器内存访问数据Direct access to data by a database superuser数据库超级用户直接访问数据
To learn more, see Role-Based Access Control.要了解更多信息,请参阅基于角色的访问控制。
Encryption at Rest静止时的加密
Encryption at Rest is a mechanism that encrypts database files on disk. This mechanism prevents a person who lacks database credentials, but has access to the computer hosting your database, from viewing your data.静止加密是一种对磁盘上的数据库文件进行加密的机制。此机制可防止缺少数据库凭据但有权访问承载数据库的计算机的人查看您的数据。
This mechanism does not protect your data against the following scenarios:此机制无法保护您的数据免受以下情况的影响:
Capture of the data over an insecure network通过不安全的网络捕获数据Access to data by reading the server's memory通过读取服务器内存访问数据Direct access to data by a database superuser数据库超级用户直接访问数据
To learn more, see Encryption at Rest.要了解更多信息,请参阅静止加密。
Transport Encryption (TLS/SSL)传输加密(TLS/SSL)
Transport Encryption using TLS/SSL encrypts your data over the network. TLS/SSL protects your data as it travels over an insecure network, but cannot protect your data from a privileged user or as it sits on disk.使用TLS/SSL的传输加密通过网络加密您的数据。TLS/SSL在数据在不安全的网络上传输时保护您的数据,但不能保护数据不受权限用户或磁盘上的数据的影响。
To learn more, see Transport Encryption using TLS/SSL要了解更多信息,请参阅使用TLS/SSL的传输加密
Comparison of Features特性比较
The following diagram lists security features MongoDB supports and the potential security vulnerabilities that they address:下图列出了MongoDB支持的安全功能及其解决的潜在安全漏洞:
Use the Mechanisms Together一起使用这些机制
To secure a production deployment, use Role-Based Access Control, Encryption at Rest, Transport Encryption, and optionally, the In-Use Encryption security mechanisms together. Please note that you cannot use both CSFLE and Queryable Encryption to encrypt different fields in the same collection.要确保生产部署的安全,请同时使用基于角色的访问控制、静止加密、传输加密,以及可选的在用加密安全机制。请注意,不能同时使用CSFLE和Queryable Encryption来加密同一集合中的不同字段。
To learn more about Queryable Encryption, see Queryable Encryption Features.要了解有关可查询加密的更多信息,请参阅可查询加密功能。
Scenario情形
The following fictional scenario demonstrates the value of Client-Side Field Level Encryption (CSFLE) in securing your application's data, and how CSFLE interacts with the other security mechanism discussed in this guide.以下虚构场景演示了客户端字段级加密(CSFLE)在保护应用程序数据方面的价值,以及CSFLE如何与本指南中讨论的其他安全机制交互。
In this scenario, we secure sensitive data on a medical care management system that stores patients' personal information, insurance information, and medical records for a fictional company, MedcoMD. 在这种情况下,我们保护医疗管理系统上的敏感数据,该系统存储虚构公司MedcoMD的患者个人信息、保险信息和医疗记录。None of the patient data is public, and specific data such as their social security number (SSN, a US government-issued ID number), insurance policy number, and vital sign measurements are particularly sensitive and subject to privacy compliance. It is important for the company and the patient that the data is kept private and secure.没有任何患者数据是公开的,他们的社会安全号码(SSN,美国政府颁发的身份证号码)、保险单号码和生命体征测量等特定数据特别敏感,需要遵守隐私规定。数据的保密性和安全性对公司和患者都很重要。
MedcoMD needs this system to satisfy the following use cases:MedcoMD需要此系统来满足以下用例:
Doctors use the system to access patients' medical records, insurance information, and add new vital sign measurements.医生使用该系统访问患者的医疗记录、保险信息,并添加新的生命体征测量。Receptionists use the system to verify patients' identities using their contact information.接待员使用该系统通过患者的联系信息验证患者的身份。Receptionists can view a patient's insurance policy provider, but not their policy number.接待员可以查看患者的保险单提供商,但不能查看他们的保单号码。Receptionists cannot access a patient's medical records.接待员无法访问患者的医疗记录。
MedcoMD is also concerned with the disclosure of sensitive data through any of the following methods:MedcoMD还关注通过以下任何方法披露敏感数据:
Accidental disclosure of data on a receptionist's publicly-viewable screen.接待员的公开屏幕上的数据意外泄露。Direct access to the database by a superuser such as a database administrator.由超级用户(如数据库管理员)直接访问数据库。Capture of data over an insecure network.通过不安全的网络捕获数据。Access to data by reading the database server's memory.通过读取数据库服务器的内存来访问数据。Access to data by reading database or backup files.通过读取数据库或备份文件访问数据。
What can MedcoMD do to balance the functionality and access restrictions of their medical care management system?MedcoMD可以做些什么来平衡其医疗保健管理系统的功能和访问限制?
Solution解决方案
MedcoMD uses the following security mechanisms to satisfy their use cases and protect against the disclosure of sensitive medical data:MedcoMD使用以下安全机制来满足其用例并防止敏感医疗数据的泄露:
Transport Encryption (TLS/SSL)传输加密(TLS/SSL)to secure data as it travels over the network.以确保数据在网络上传输时的安全。Encryption at Rest静止时的加密to protect against disclosure of data by reading database or backup files.通过读取数据库或备份文件来防止数据泄露。Role-Based Access Control基于角色的访问控制to limit the access of database users to the collections necessary for them to perform their tasks.以限制数据库用户对执行任务所需的集合的访问。Encrypting sensitive fields with CSFLE to satisfy the following use cases and constraints:使用CSFLE加密敏感字段以满足以下用例和约束:Prevent reading data from server memory as the CSFLE encrypted data is never on the database server in an unencrypted form.禁止从服务器内存读取数据,因为数据库服务器上从未以未加密的形式存在CSFLE加密数据。Allow receptionists to verify patients' identities and prevent accidental disclosure of sensitive data on a receptionist's publicly viewable screen by providing receptionists with a client that is not CSFLE-enabled.通过向接待员提供未启用CSFLE的客户端,允许接待员验证患者的身份,并防止在接待员的公开屏幕上意外泄露敏感数据。Allow doctors to view sensitive data privately in their offices by providing doctors with a CSFLE-enabled client.通过为医生提供支持CSFLE的客户端,允许医生在办公室私下查看敏感数据。
Learn More了解更多信息
To view a list of security measures you should implement to protect your MongoDB deployment, see the Security Checklist.要查看为保护MongoDB部署而应实施的安全措施列表,请参阅安全检查表。
To start using CSFLE, see the Quick Start.要开始使用CSFLE,请参阅快速入门。