Network misconfigurations

Elastic Load Balancer (ELB) allows ingress access to mongod (with configsvr option) default port 27019

Description

Port 27019 is the default port for mongod when running with --configsvr command-line option or the configsvr value for the clusterRole setting in a configuration file. It is a security risk to expose a DB port to the public internet even though they are on a secure socket layer. Anyone on the internet can run port scanning tools, determine the open ports and launch specific attacks. It is a best practice to block public access, restrict access from specific IP addresses to port 27019 and make the connection secure.