Network misconfigurations

AWS EC2 instance allows public ingress access on mongod default port 27019


The port 27019 is the default port for mongod when running with --configsvr command-line option or the configsvr value for the clusterRole setting in a configuration file. It is a security risk to expose DB port to the public internet even though they are on a secure socket layer. Anyone on the internet can run port scanning tools, determine the open ports and launch specific attacks. It is a best practice to block public access, restrict access from specific IP addresses to port 27019 and make the connection secure.