Apart from MongoDB specific security measures, there are best practices established for network level security:
- Only allow communication between servers and only open the ports that are used for communicating between them.
- Always use TLS/SSL for communication between servers. This prevents man-in-the-middle attacks impersonating a client.
- Always use different sets of development, staging, and production environments and security credentials. Ideally, create different accounts for each environment and enable two-factor authentication in both staging and production environments.