Minor Modifications

draft/administration/vulnerability-notification.txt

@@ -24,14 +24,14 @@ In particular, please include the following:
 
 - *Common Vulnerability* information, if applicable, including: 
 
-  - CVSS (Commong Vulnerability Scoring System) Score
+  - CVSS (Common Vulnerability Scoring System) Score
 
   - CVE (Common Vulnerability and Exposures) Identifier.
 
 - Contact information, including an email address and/or phone number,
   if applicable.
 
-10gen guarantees a response to all vulnerability notifications within
+10gen will respond to all vulnerability notifications within
 48 hours.
 
 Jira

draft/core/security.txt

@@ -273,6 +273,10 @@ authentication system:
   - :issue:`SERVER-7122`
   - :issue:`SERVER-7124`
 
+  and authentication:
+
+  - :issue:`SERVER-7115`
+
 - Once authenticated a "normal" user has full read and write access to
   a database.
 
@@ -291,7 +295,7 @@ authentication system:
 
 Consider the
 :doc:`/tutorial/use-authentication-to-control-access-to-mongodb`
-document which outlines procedures for configuraing and maintaing
+document which outlines procedures for configuring and maintaining
 users and access with MongoDB's authentication system.
 
 .. [#sharded-localhost] Becasue of :issue:`SERVER-6591`, you cannot
@@ -304,8 +308,8 @@ users and access with MongoDB's authentication system.
 Interfaces
 ----------
 
-Simply limiting access to a :program:`mongod` is not a sufficent for
-totally controling risk expsorure. Consider the recomendaitons in the
+Simply limiting access to a :program:`mongod` is not sufficent for
+totally controling risk exposure. Consider the recommendations in the
 following section, for limiting exposure other interface-related
 risks.
 
@@ -338,12 +342,12 @@ a variety of operational data, logs, and status reports regarding the
 :program:`mongod` or :program:`mongos` instance. The HTTP interface is
 always avalible on the the port numbered ``1000`` greater than the
 primary :program:`mongod` port. By default this is ``28017``, but is
-indirectly using the :setting:`port` option which allows you to
+indirectly set using the :setting:`port` option which allows you to
 configure the primary :program:`mongod` port.
 
 Without the :setting:`rest` setting, this interface is entirely
 read-only, and limited in scope; nevertheless, this iterface may
-represent an exposure. To diable the HTTP interface, set the
+represent an exposure. To disable the HTTP interface, set the
 :setting:`nohttpinterface` run time option or the
 :option:`--nohttpinterface <mongod --nohttpinterface>` command line
 option.
@@ -372,7 +376,7 @@ the REST API interface:
 Data Encryption
 ---------------
 
-To support audit requirements, you may need to envrypt data stored in
+To support audit requirements, you may need to encrypt data stored in
 MongoDB. For best results you can encrypt this data in the application
 layer, by encrytping the content of fields that hold secure data. 
 

draft/tutorial/configure-linux-iptables-firewall.txt

@@ -10,18 +10,6 @@ Input: filters traffic destined for the firewall
 
 Output: filters traffic from the firewall
 
-By default, ``iptables`` allows all connections so it's a good idea
-to change the default chain policy to DROP:
-
-.. code-block:: sh
-
-   iptables -P INPUT DROP
-
-   iptables -P OUTPUT DROP
-
-This ensures that any traffic to/from the :program:`mongod` server has
-to be explicitly allowed.
-
 Traffic to/from a Standalone MongoDB Instance or Replica-Set
 MongoDB Instance (mongod)
 
@@ -102,14 +90,35 @@ In a sharded infrastructure, the :program:`mongos` router needs
 to connect to :program:`mongod` shard servers and the shard servers
 need to connect and communicate amongst themselves.
 
+
+Default Policy
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+By default, ``iptables`` allows all connections so it's a good idea
+to change the default chain policy to DROP:
+
+.. code-block:: sh
+
+   iptables -P INPUT DROP
+
+   iptables -P OUTPUT DROP
+
+
+This ensures that any traffic to/from the :program:`mongod` server has
+to be explicitly allowed. Be careful when executing these commands that 
+you do not lose access to the server, i.e. ensure you do this on a 
+console connection or already have remote-access iptables rules.
+
 Back-Out & Flush iptables rules
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 To remove the ``iptables`` firewall rules and revert to the default
 action of each chain, it is possible to flush all existing rules
 as follows:
 
-iptables –F
+.. code-block:: sh
+
+   iptables -F
 
 This change is only temporary as it only affects the rulebase in
 memory. For example, a restart:

draft/tutorial/configure-windows-netsh-firewall.txt

@@ -45,16 +45,14 @@ To reset the Windows Firewall rules:
 
    netsh advfirewall reset
 
-   iptables -A OUTPUT -d <ip-address> -p tcp --source-port 27018 -m state --state ESTABLISHED -j ACCEPT
-
 To save administration, you can export or import firewall (from
 different servers) rules very easily on Windows:
 
 .. code-block:: sh
 
    netsh advfirewall export "C:\temp\MongoDBfw.wfw"
 
-   netsh advfirewall import "C:\temp\ MongoDBfw.wfw"
+   netsh advfirewall import "C:\temp\MongoDBfw.wfw"
 
 It is also possible to configure the Windows Firewall through a
 GUI, however, this is not within scope for this tutorial.