Cassandra Lunch #90: Securing Apache Cassandra
Download as PPTX, PDF0 likes132 views
The document outlines strategies for securing Apache Cassandra across various levels including network, hardware, data, and application security. It emphasizes the importance of a comprehensive security approach to protect against insider threats, system vulnerabilities, and legal liabilities, while also highlighting the roles of confidentiality, integrity, and availability in cybersecurity. Key recommendations include implementing strong data encryption, endpoint security, and access control measures, alongside regular backups and disaster recovery plans.
Cassandra Lunch #90: Securing Apache Cassandra
- 1. Securing Apache Cassandra Strategies and tactics for cybersecurity for building platforms around Apache Cassandra, covering Network, Hardware, Data, and Application level security.
- 2. Security : Dance between Convenience & Protecting Assets
- 3. It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it. Stéphane Nappo, Global Chief Information Security Officer at Société Générale International Banking
- 4. What’s the big deal with Security? Defending Valuable “Things” ● Prevent ● Detect ● React … to Prevent Negative Consequences ● User truncates a table (Insider) ● System crashes, systems down (System) ● Data can be stolen, but you may not know it (??) ● The bad actor may be 12 time zones away (Outsider) ● Someone in your company could get disgruntled. (Insider) ● Someone working at the cloud company you trust could get disgruntled. (Semi-Insider) ● Avoid litigation from governments and individuals (Legal)
- 5. Aspects of Security Tenets of Information Security (CIA) ● Confidentiality - prevent unauthorized access. ● Integrity - prevent unsanctioned funging ● Availability - prevent unauthorized withholding of data. ● Non-repudiation - Integrity of the origin and the data itself. Legit? ● Authentication - Who can access this? ● Authorization - What should they be able to access once in? ● Accountability - Can we find out who did what?
- 6. What do I need to do now? ● Must ○ Legal requirements ○ Data Protection ○ HIPAA / PCI ○ Data Retention policies ○ Other company policies ● Should ○ Network ○ System ○ Data ○ Application
- 7. What else should I think about? ● Mission Critical Assets – This is the data you need to protect* ● Data Security – Data security controls protect the storage and transfer of data. ● Application Security – Applications security controls protect access to an application, an application’s access to your mission critical assets, and the internal security of the application. ● Endpoint Security – Endpoint security controls protect the connection between devices and the network. ● Network Security – Network security controls protect an organization’s network and prevent unauthorized access of the network. ● Perimeter Security – Perimeter security controls include both the physical and digital security methodologies that protect the business overall. ● The Human Layer – Humans are the weakest link in any cybersecurity posture. Human security controls include phishing simulations and access management controls that protect mission critical assets from a wide variety of human threats, including cyber criminals, malicious insiders, and negligent users.
- 8. Network ● Edge Security ● Cloud Security ● Virtual Private Cloud Security ● Security Groups ● … System Application ● System Firewall ● Operating System ● Disk Encryption (Hard/Soft) ● OWASP ● End Points ● Variables ● Authorization ● Authentication Platform Security Data ● Encryption ● Backups ● Authorization ● Authenticatio n
- 9. Network Security ● Physical network ● Application network ● Database network ● Access to application nodes ● Access between DB nodes ● Access to specific security groups / subnets ● Regions/zones for redundancy Easiest to secure. Also forgotten by amateurs.
- 10. Data Disaster Security ● Backup / Restoration of keyspace, tables, subsets of data. ● Protection of Backup data. ● Redundancies with zones / datacenters? If someone deletes your data, how will you get it back?
- 11. Hardware / Disk Security ● Cloud Disks ○ AWS / Azure / etc Disks can be encrypted ○ Disks encrypted with CMK (Customer managed keys) ○ Without the key you can steal the disk, data but its no good. ● Data encryption at rest via software ○ E.g. Vormetric Transparent Encryption works on any database ○ Datastax Transparent Data Encryption
- 12. Application Security ● Separating app auth from database auth ● App security , segregation of database access for app users ● General app security , users, roles, etc. ● Do we need symmetric , asymmetric encryption on the app itself. Can someone hack your database through your app without accessing the system?
- 13. ● Using central authentication e.g. ldap, kerberos, OKTA, etc. ● Only select users should be able to elevate their privilege to root or service accounts. ● Only a specific service user should be able to run cassandra, etc. ● Use two factor auth for system access. Can someone get access to the computer that the database or app is on? Operating System Security
- 14. Roles ● Access to Cluster ● Access to Objects ● Roles & Permissions Node JMX ● System Operations ● Nodetool ● Metrics ● Protect via SSL ● Protect via U/P ● SSL/TLS ○ Node to Node ○ DC to DC ○ ALL ● via Network ○ Security Group Cassandra Security Client ● Use App Users to Authenticate ● Limited Permissions ● SSL for Client to Node
- 15. ● Add your own roles / users ● Remove cassandra user ● Segment permissions by need ● Internal vs. external (LDAP/Kerberos) Cassandra Roles & Permissions
- 16. ● Nodes must have certificates to connect to cluster. ● Prevents other nodes from joining ● Levels: All, DC, Rack ● Keys are on disk, must be protected. ● Doesn’t impact developers, but can affect users because of encryption/decryption speed. Cassandra Node to Node Encryption
- 17. ● Application and users must have cert to connect to the cluster. ● Prevents ‘rando’ insiders from getting data ● Prevents ‘noobs’ from running ‘select * from everything’ queries on Production ● Doesn’t impact node to node access but impacts app / developer / admin access. Cassandra Client to Node Encryption
- 18. Other Useful Cassandra Tips ● Auditing ○ Starting in C*4 ○ Also was there before. ● Data Segmentation ○ Different Keyspaces in Different Datacenters ○ Duplicate Data with Redacted Information ● Application Encryption ○ Encrypt Columns ○ Using a salt / hash all data going in, coming out ○ Unable to use filters / range queries
- 19. Resources ● https://jumpcloud.com/blog/boss-it-security-quotes ● https://www.geeksforgeeks.org/granting-permissions-to-roles-in-cassandra/ ● https://cassandra.apache.org/doc/latest/cassandra/operating/security.html ● https://docs.datastax.com/en/cassandra- oss/3.0/cassandra/configuration/secureTOC.html ● https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n- tier-cassandra ● https://gomindsight.com/insights/blog/what-are-the-7-layers-of-security/ ● https://blogs.vmware.com/cloud/2021/12/02/configuring-cassandra-internode- encryption-without-data-loss/ ● https://thelastpickle.com/blog/2015/09/30/hardening-cassandra-step-by-step-part-1- server-to-server.html ● https://blog.pythian.com/cassandra-3-9-security-feature-walk/