Digital Ocean Database

Database Publicly Accessible

Risk Level: High


Description: 

This plugin ensures DigitalOcean clusters are not publicly accessible. You can greatly decrease the likelihood of a security breach by restricting which DigitalOcean resources or external IP addresses are allowed to access the nodes in a cluster.

About the Service :

Database:  Database in DigitalOcean handles basic administrative tasks such as setup, backups and administration for various databases including MongoDB, MySQL, Redis and PostgreSQL. 

Impact : 

Restricting the incoming connections prevents brute force password and denial-of-service attacks from any server not explicitly permitted to connect.

Steps to Reproduce :

  1. Login to the digital ocean console.
  2. Select the project for which database accessibility needs to be checked under the PROJECTS section.
  3. Next, under the Resources tab, go to Database clusters, and select the cluster to be tested.
  4. The required database cluster will open under the Overview tab, under TRUSTED SOURCES if there is a warning statement such as, “Your cluster is open to all incoming connections”, visit the Steps for Remediation Section.
  5. Repeat process for other clusters under the project and also for database clusters in other projects as well.

Steps for Remediation :

  1. Login to the digitalOcean console.
  2. Select the project for which database accessibility needs to be checked under the PROJECTS section.
  3. Next, under the Resources tab, go to Database clusters, and select the cluster to be tested.
  4. The required database cluster will open under the Overview tab, under TRUSTED SOURCES if there is a warning statement such as, “Your cluster is open to all incoming connections”, click on the link stating “Secure this database cluster by restricting access”.
  5. Users would be redirected to the Settings tab. Click on Edit, under the Trusted sources section.
  6. Under add trusted sources, provide the IP addresses which are eligible to send requests to the system. Click on Save.
  7. Repeat the process for other open database clusters as well.