Securing Hadoop. Keys Botzum, MapR Technologies Jan MapR Technologies - Confiden6al
|
|
- Lambert Theodore Golden
- 5 years ago
- Views:
Transcription
1 Securing Hadoop Keys Botzum, MapR Technologies Jan 2014 MapR Technologies - Confiden6al 1
2 Why Secure Hadoop Historically security wasn t a high priority Reflec6on of the type of data and the type of organiza6ons using Hadoop Hadoop is now being used by more tradi6onal firms as well as organiza6ons with high security requirements Highly regulated Sensi6ve data sets People with experience with security in exis6ng enterprise technologies (e.g., databases) are asking for the same in Hadoop 2
3 Why Secure Hadoop Client opera6ng system is trusted to iden6fy user (weak authen6ca6on) If I can compromise client, I can run jobs or access HDFS as anyone Think about virtual machines with root access Hadoop servers trust anyone that can reach them on the network Could I falsify a data node, job tracker, etc.? Hive Server runs as system user All Hive Server submi\ed jobs run as that system user Intruders can see and modify all network traffic 3
4 Apache Hadoop Security Core goals Authen6cate network traffic Users authen6cate Servers authen6cate to each other Encrypt network traffic Note: Hadoop also has a lot of authoriza6on func6onality which I m not discussing here 4
5 Apache Hadoop Security Kerberos as core authen6ca6on technology Kerberos to access HDFS, JT, Oozie, etc. Kerberos for server to server traffic But Kerberos doesn t fit perfectly with Hadoop model Introduce delega6on tokens for carrying iden6ty in many scenarios Kerberos is complicated Need Kerberos iden6ty for every server in the cluster Lots to manage! Every user needs a Kerberos iden6ty to access cluster, Web UIs, etc. Lots of steps h\p:// content/cloudera- docs/ CDH4/4.3.0/CDH4- Security- Guide/cdh4sg_topic_3.html 5
6 Ecosystem Kerberos Ecosystem components also generally rely on Kerberos Need to create appropriate Kerberos SPNEGO iden66es for many services (Web UI access) Need to create service Kerberos iden6ty for cluster access for many services, oken for each node Lots to manage HBase, Oozie, Hive Server 2, Hive Meta Server, Flume, etc. 6
7 Apache Hadoop Security Addi:onal Items Kerberos only part of the puzzle More steps some examples Configure Web UI HTTPS Configure Encrypted Shuffle Configure Hive Server 2 Authen6ca6on using LDAP or Kerberos Impersona6on Authen6cate to HS2 (userid/password or Kerberos) HS2 executes job using secure impersona6on on cluster Now job runs as submiong user and can see/modify only what user can Encryp6on SSL can be used to protect userid & password authen6ca6on to HS2 7
8 MapR Distribu:on for Apache Hadoop Complete Hadoop distribu6on Comprehensive management suite Industry- standard interfaces Enterprise- grade dependability Higher performance Ease of Use 8
9 The Cloud Leaders Pick MapR Amazon EMR is the largest Hadoop provider in revenue and # of clusters Google chose MapR to provide Hadoop on Google Compute Engine 9
10 MapR Security Build on the work of the Apache community, but with improvements Goals Authen6cate network traffic Users authen6cate Servers authen6cate to each other Encrypt network traffic Low performance overhead Simple and easy to administer 10
11 MapR Na:ve Security Hadoop security without Kerberos But borrow heavily from Kerberos design Kerberos integra6on if desired 11
12 Architecture Shared secrets like Kerberos Managed at cluster level Iden6ty represented using a 6cket which is issued by MapR CLDB servers (Container Loca6on DataBase) 12
13 Tickets A 6cket represents a valid authen6cated iden6ty Contains An expira6on 6me, renewal life6me, and crea6on 6me A randomly generated secret key Informa6on about the iden6ty userid, group ids A client authen6cates to servers using the 6cket 13
14 User Experience User invokes maprlogin maprlogin connects to CLDB (over h\ps) Provide userid & password (or Kerberos 6cket) for valida6on by CLDB Ticket is returned, saved in file in /tmp file and accessible only by owning user file name is /tmp/mapr6cket_<uid> MapR PAM module Op6onal MapR provided PAM module creates MapR 6ckets automa6cally during Unix login All processes automa6cally pick up 6cket (nothing to do) Java and C/C++ clients implicitly look for valid 6cket and use it Clients op6onally use exis6ng Kerberos iden6ty to get MapR 6cket 14
15 Client First Contact Client sends the 6cket and data encrypted using secret key Receiving server Validates 6cket, including expira6on Extracts iden6ty informa6on from 6cket and uses that for authoriza6on Returns encrypted response to client No6ce that MapR user iden6ty is independent of host or opera6ng system iden6ty 15
16 Server First Contact When a trusted server starts it uses a local server 6cket to authen6cate to the CLDB CLDB verifies the 6cket s authen6city using secret key CLDB returns a server key that is used to create and validate user 6ckets The server is now a trusted member of the cluster 16
17 Maprlogin Primary user visible security tool Ac6ons are password - authen6cate to a MapR cluster using a valid password kerberos - authen6cate to a MapR cluster using Kerberos print - print informa6on on your exis6ng creden6als authtest - test authen6ca6on as a generic client end / logout - logout of cluster renew - renew exis6ng 6cket For example: % maprlogin password [Password for user 'fred' at cluster 'my.cluster.com': ] MapR creden6als of user 'fred' for cluster 'my.cluster.com' are wri\en to '/tmp/mapr6cket_1001' 17
18 Maprlogin Under the Covers maprlogin 1. username/passwd sent on h\ps MapR CLDB 2. uses PAM to authen6cate LDAP/ Kerberos/ NIS 4. 6cket + key saved in file in /tmp 3. 6cket + user key returned hadoop fs ls / 5. cmd picks up 6cket + key from file 6. client sends RPC encrypted with user- key + 6cket FileServer/ CLDB 7. server decrypts 6cket to authen6cate user and checks permissions on ACL 18
19 Cryptography Encrypted using current NIST standards AES- 256 in GCM mode for encryp6on and signing h\p://en.wikipedia.org/wiki/galois/counter_mode NIST standard - h\p://csrc.nist.gov/publica6ons/fips/fips140-2/fips1402annexa.pdf Leverage Intel hardware encryp6on where available, sokware otherwise Use the open source crypto++ library for our C++ cryptography h\p://cryptopp.com Random number genera6on Use secure random number genera6on as documented here h\p:// class_auto_seeded_random_pool.html#_details 19
20 MapR Security More by Default By default, out of the box HS2 supports password authen6ca6on Can configure Kerberos and SSL func6on, same as from Apache, including secure impersona6on Oozie supports MapR 6cket authen6ca6on Can configure Kerberos and SSL func6on, same as from Apache, including secure impersona6on MapR Tables (HBase APIs) use na6ve MapR security, no configura6on needed Most Web UIs enhanced to support userid & password authen6ca6on and HTTPS Can configure Kerberos SPNEGO, same as from Apache 20
21 Encrypted Shuffle (?) No need to special case encryp6ng shuffle MapR- FS is store for Map output Shuffle inherits the same encryp6on, authen6ca6on, and authoriza6on func6onality of the rest of MapR- FS 21
22 Let s Build a Secure Cluster! Node 1 apt- get install mapr. configure.sh C - Z - secure genkeys Generates all needed keys for MapR- RPC as well as for HTTPS Node N apt- get install mapr. scp rootormapr@node1:/opt/mapr/conf/ {cldb.key,maprserver:cket,ssl_keystore,ssl_truststore} /opt/mapr/conf configure.sh C - Z - secure Clients apt- get install mapr scp anyuser@noden:/opt/mapr/conf/ssl_truststore /opt/mapr/conf configure.sh - secure 22
23 MapR Advantage Vastly simpler Core secured by default in one step No requirement for Kerberos in core and associated complexity Easier integra6on Leverage exis6ng Linux authen6ca6on (PAM and NSSwitch) Faster Leverage Intel AES hardware cryptography 23
24 Further Reading MapR h\p://mapr.com MapR Na6ve Security h\p:// release/mapr- technologies- integrates- security- into- hadoop h\p:// with- mapr/mapr- integrates- security- into- hadoop Adding Security to Apache Hadoop h\p://hortonworks.com/wp- content/uploads/2011/10/security- design_withcover- 1.pdf The Evolu6on of Hadoop s Security Model h\p:// 24
25 Thank You MapR Technologies - Confiden:al 25
How to Configure Big Data Management 10.1 for MapR 5.1 Security Features
How to Configure Big Data Management 10.1 for MapR 5.1 Security Features 2014, 2016 Informatica LLC. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying,
More informationAWS Iden)ty And Access Management (IAM) Manohar Rapolu
AWS Iden)ty And Access Management (IAM) Manohar Rapolu Topics Introduc5on Principals Authen5ca5on Authoriza5on Other Key Feature -> Mul5 Factor Authen5ca5on -> Rota5ng Keys -> Resolving Mul5ple Permissions
More informationTop 10 Web Application Vulnerabilities
Top 10 Web Application Vulnerabilities Why you should care about them plus a live hacking demo!! Why should you care?! Insecure so*ware is undermining our financial, healthcare, defense, energy, and other
More informationToday s Objec2ves. Kerberos. Kerberos Peer To Peer Overlay Networks Final Projects
Today s Objec2ves Kerberos Peer To Peer Overlay Networks Final Projects Nov 27, 2017 Sprenkle - CSCI325 1 Kerberos Trusted third party, runs by default on port 88 Security objects: Ø Ticket: token, verifying
More informationBig Data Hadoop Developer Course Content. Big Data Hadoop Developer - The Complete Course Course Duration: 45 Hours
Big Data Hadoop Developer Course Content Who is the target audience? Big Data Hadoop Developer - The Complete Course Course Duration: 45 Hours Complete beginners who want to learn Big Data Hadoop Professionals
More informationUnderstanding Cryptography and Audi?ng Public Key Infrastructures
Understanding Cryptography and Audi?ng Public Key Infrastructures Rami Elkinawy, Senior Audit Manager, ebay Professional Strategies S31 CRISC CGEIT CISM CISA THE HISTORY OF CRYPTOGRAPHY CRISC CGEIT CISM
More informationSecuring Open- Source Databases in the Cloud Mike Frank, Director of Products
Securing Open- Source Databases in the Cloud Mike Frank, Director of Products Session Agenda Cyber- security fears and the risks to your data in the cloud Overview of cloud and virtualized infrastructures,
More informationOracle VM Workshop Applica>on Driven Virtualiza>on
Oracle VM Workshop Applica>on Driven Virtualiza>on Simon COTER Principal Product Manager Oracle VM & VirtualBox simon.coter@oracle.com hnps://blogs.oracle.com/scoter November 25th, 2015 Copyright 2014
More informationSecure Architecture Principles
Secure Architecture Principles Isola3on and Least Privilege Access Control Concepts Opera3ng Systems Browser Isola3on and Least Privilege Original slides were created by Prof. John Mitchel Secure Architecture
More informationHadoop Security. Building a fence around your Hadoop cluster. Lars Francke June 12, Berlin Buzzwords 2017
Hadoop Security Building a fence around your Hadoop cluster Lars Francke June 12, 2017 Berlin Buzzwords 2017 Introduction About me - Lars Francke Partner & Co-Founder at OpenCore Before that: EMEA Hadoop
More informationCon$nuous Integra$on Development Environment. Kovács Gábor
Con$nuous Integra$on Development Environment Kovács Gábor kovacsg@tmit.bme.hu Before we start anything Select a language Set up conven$ons Select development tools Set up development environment Set up
More informationM 2 R: Enabling Stronger Privacy in MapReduce Computa;on
M 2 R: Enabling Stronger Privacy in MapReduce Computa;on Anh Dinh, Prateek Saxena, Ee- Chien Chang, Beng Chin Ooi, Chunwang Zhang School of Compu,ng Na,onal University of Singapore 1. Mo;va;on Distributed
More informationName Date Reason For Changes Version Status Initial version v0.1 Draft Revision based on feedback v0.2 Draft.
HAWQ TDE Design Name Date Reason For Changes Version Status Hongxu Ma, Amy Bai, Ivan Weng Ivan Weng, Amy Bai 2016 12 07 Initial version v0.1 Draft 2016 12 26 Revision based on feedback v0.2 Draft 1 Target
More informationJava Card Pla*orm Evolu/on
Java Card Pla*orm Evolu/on Florian Tournier, Director, Product Management, Internet Of Things Cloud Service Saqib Ahmad Consul/ng Member of Technical Staff, Java Card Engineering, Internet Of Things Cloud
More informationCSE/ISE 311: Systems Administra5on Access Control and Processes
Access Control and Processes Por$ons courtesy Ellen Liu Outline Access control Tradi$onal UNIX access control File system access control; File permissions, Some commands; The root account Modern access
More informationInnovatus Technologies
HADOOP 2.X BIGDATA ANALYTICS 1. Java Overview of Java Classes and Objects Garbage Collection and Modifiers Inheritance, Aggregation, Polymorphism Command line argument Abstract class and Interfaces String
More informationSymantec Data Loss Preven2on 12.5 Demo Presenta2on
Symantec Data Loss Preven2on 12.5 Demo Presenta2on 1 Our Understanding PROJECT DRIVERS & DATA TO PROTECT Regulatory compliance PCI, GLBA Data inventory and cleansing SSNs, CCNs [Replace these bullet points
More informationRAD, Rules, and Compatibility: What's Coming in Kuali Rice 2.0
software development simplified RAD, Rules, and Compatibility: What's Coming in Kuali Rice 2.0 Eric Westfall - Indiana University JASIG 2011 For those who don t know Kuali Rice consists of mul8ple sub-
More informationEnabling Secure Hadoop Environments
Enabling Secure Hadoop Environments Fred Koopmans Sr. Director of Product Management 1 The future of government is data management What s your strategy? 2 Cloudera s Enterprise Data Hub makes it possible
More informationIntroduction to BigData, Hadoop:-
Introduction to BigData, Hadoop:- Big Data Introduction: Hadoop Introduction What is Hadoop? Why Hadoop? Hadoop History. Different types of Components in Hadoop? HDFS, MapReduce, PIG, Hive, SQOOP, HBASE,
More informationPainless Applica,on Security. Les Hazlewood Apache Shiro Project Chair CTO, Kataso5 Inc / CloudDirectory
Painless Applica,on Security Les Hazlewood Apache Shiro Project Chair CTO, Kataso5 Inc / CloudDirectory What is Apache Shiro? Applica>on security framework ASF TLP - hfp://shiro.apache.org Quick and Easy
More informationMapReduce, Apache Hadoop
Czech Technical University in Prague, Faculty of Informaon Technology MIE-PDB: Advanced Database Systems hp://www.ksi.mff.cuni.cz/~svoboda/courses/2016-2-mie-pdb/ Lecture 12 MapReduce, Apache Hadoop Marn
More informationAdvanced Linux System Administra3on
Advanced Linux System Administra3on Topic 5. User management Pablo Abad Fidalgo José Ángel Herrero Velasco Departamento de Ingeniería Informá2ca y Electrónica Este tema se publica bajo Licencia: Crea2ve
More informationMapReduce, Apache Hadoop
NDBI040: Big Data Management and NoSQL Databases hp://www.ksi.mff.cuni.cz/ svoboda/courses/2016-1-ndbi040/ Lecture 2 MapReduce, Apache Hadoop Marn Svoboda svoboda@ksi.mff.cuni.cz 11. 10. 2016 Charles University
More informationBig Data Hadoop Course Content
Big Data Hadoop Course Content Topics covered in the training Introduction to Linux and Big Data Virtual Machine ( VM) Introduction/ Installation of VirtualBox and the Big Data VM Introduction to Linux
More informationWeb Pen Tes)ng. Michael Hicks CMSC 498L, Fall 2012 Part 2 slides due to Eric Eames, Lead Penetra)on Tester, SAIC, March 2012
Web Pen Tes)ng Michael Hicks CMSC 498L, Fall 2012 Part 2 slides due to Eric Eames, Lead Penetra)on Tester, SAIC, March 2012 Exploi)ng Vulnerabili)es Code injec)on Cross site scrip)ng, SQL injec)on, (buffer
More informationMulG-Vendor Key Management with KMIP
MulG-Vendor Key Management with KMIP Tim Hudson CTO Cryptso2 tjh@cryptso2.com GS13A 19-May-2016 1:35pm Key Management 1000011010100100101100101010000010101000101001101001111010001100 Key Management Standards
More informationCloud Adop)on, Risks & Security & GDPR An Ac)on Guide
April 2016 Cloud Adop)on, Risks & Security & GDPR An Ac)on Guide Nigel Hawthorn, Skyhigh Networks Cloud Adop)on and Risk Agenda Skyhigh Networks An Introduc)on European Cloud Adop)on and Risk Report Q1
More informationDigital Trust Ecosystem
Digital Trust Ecosystem IoT Risks and Solutions Chris Edwards CTO - Intercede What s the Problem? Billions of devices Millions of services Mixed closed / open trust networks Devices transferring between
More informationExpert Lecture plan proposal Hadoop& itsapplication
Expert Lecture plan proposal Hadoop& itsapplication STARTING UP WITH BIG Introduction to BIG Data Use cases of Big Data The Big data core components Knowing the requirements, knowledge on Analyst job profile
More informationKnox Implementation with AD/LDAP
Knox Implementation with AD/LDAP Theory part Introduction REST API and Application Gateway for the Apache Hadoop Ecosystem: The Apache Knox Gateway is an Application Gateway for interacting with the REST
More informationSDC EMEA 2019 Tel Aviv
Integrating Storage Systems into Active Directory SDC EMEA 2019 Tel Aviv Volker Lendecke Samba Team / SerNet 2019-01-30 Volker Lendecke AD integration (2 / 16) Overview Active Directory Authentication
More informationFujitsu PalmSecure - the next level in security for SAP ERP and the HANA
Fujitsu PalmSecure - the next level in security for SAP ERP and the HANA pla@orm Mar$n Lum Vice President, Marke$ng, real$me NA Room IT, HANA & Project Leadership 25/10/2017 10:00 10:40 Radisson Hotel
More informationAnalyze Big Data Faster and Store it Cheaper. Dominick Huang CenterPoint Energy Henry Le - Utegra8on Russell Hull - SAP
Analyze Big Data Faster and Store it Cheaper Dominick Huang CenterPoint Energy Henry Le - Utegra8on Russell Hull - SAP ABOUT CENTERPOINT ENERGY, INC. Ø Ø Ø Ø Ø Ø Publicly traded on New York Stock Exchange
More informationBig Data Hadoop Stack
Big Data Hadoop Stack Lecture #1 Hadoop Beginnings What is Hadoop? Apache Hadoop is an open source software framework for storage and large scale processing of data-sets on clusters of commodity hardware
More informationComputer Security: Crypto & Web Security
CSE 484 / CSE M 584 Computer Security: Crypto & Web Security TA: Thomas Crosley tcrosley@cs Many slides by Franziska Roesner and Adrian Sham HTTP://XKCD.COM/1323/ Lab 1 Deadline Reminders Lab 1 Final due
More informationStreamSets Control Hub Installation Guide
StreamSets Control Hub Installation Guide Version 3.2.1 2018, StreamSets, Inc. All rights reserved. Table of Contents 2 Table of Contents Chapter 1: What's New...1 What's New in 3.2.1... 2 What's New in
More informationIn The Middle of Printers The (In)Security of Pull Prin8ng Solu8ons. Jakub Kałużny. SecuRing
In The Middle of Printers The (In)Security of Pull Prin8ng Solu8ons Jakub Kałużny SecuRing #whoami IT Security Consultant at SecuRing Consul8ng all phases of SDLC Previously worked for ESA and online money
More informationInformatica Cloud Spring Hadoop Connector Guide
Informatica Cloud Spring 2017 Hadoop Connector Guide Informatica Cloud Hadoop Connector Guide Spring 2017 December 2017 Copyright Informatica LLC 2015, 2017 This software and documentation are provided
More informationHDP Security Overview
3 HDP Security Overview Date of Publish: 2018-07-15 http://docs.hortonworks.com Contents HDP Security Overview...3 Understanding Data Lake Security... 3 What's New in This Release: Knox... 5 What's New
More informationHDP Security Overview
3 HDP Security Overview Date of Publish: 2018-07-15 http://docs.hortonworks.com Contents HDP Security Overview...3 Understanding Data Lake Security... 3 What's New in This Release: Knox... 5 What's New
More informationCS 378 Big Data Programming
CS 378 Big Data Programming Lecture 11 more on Data Organiza:on Pa;erns CS 378 - Fall 2016 Big Data Programming 1 Assignment 5 - Review Define an Avro object for user session One user session for each
More informationHadoop. Introduction / Overview
Hadoop Introduction / Overview Preface We will use these PowerPoint slides to guide us through our topic. Expect 15 minute segments of lecture Expect 1-4 hour lab segments Expect minimal pretty pictures
More informationCloudera Improvements in Apache Spark
Cloudera Improvements in Apache Spark Brian Baillod Sales Engineer 1 Agenda Introduc@on Spark One PlaCorm Ini@a@ve Spark Overview and Improvements Spark Proof of Concept Kudu and Record Service 2 Cloudera
More informationImportant Notice Cloudera, Inc. All rights reserved.
Cloudera Security Important Notice 2010-2017 Cloudera, Inc. All rights reserved. Cloudera, the Cloudera logo, and any other product or service names or slogans contained in this document are trademarks
More informationConfiguring Apache Knox SSO
3 Configuring Apache Knox SSO Date of Publish: 2018-07-15 http://docs.hortonworks.com Contents Configuring Knox SSO... 3 Configuring an Identity Provider (IdP)... 4 Configuring an LDAP/AD Identity Provider
More informationComposite Compliance: Demonstra1ng Suitability of Cloud Layering for Sensi1ve and Regulated Workloads
Composite Compliance: Demonstra1ng Suitability of Cloud Layering for Sensi1ve and Regulated Workloads Heather Hinton, PhD hhinton@us.ibm.com IBM Dis1nguished Engineer Master Inventor, Member IBM AoT 7
More informationStay Informed During and AEer OpenWorld
Stay Informed During and AEer OpenWorld TwiIer: @OracleBigData, @OracleExadata, @Infrastructure Follow #CloudReady LinkedIn: Oracle IT Infrastructure Oracle Showcase Page Oracle Big Data Oracle Showcase
More informationGPFS- OpenStack Integra2on. Vladimir Sapunenko, INFN- CNAF Tutorial Days di CCR, 18 dicembre 2014
GPFS- OpenStack Integra2on Vladimir Sapunenko, INFN- CNAF Tutorial Days di CCR, 18 dicembre 2014 Outline GPFS features as they relate to cloud scenarios GPFS integra2on with OpenStack components Glance
More informationIRODS USER GROUP 2014 CAMBRIDGE,MA John Burns. 6/25/14 Archive Analy3cs Solu3ons 1
IRODS USER GROUP 2014 CAMBRIDGE,MA John Burns 6/25/14 Archive Analy3cs Solu3ons 1 Credits Archive Analy3cs Solu3ons is presen3ng an archive system that embodies best prac3ce for long- term, high integrity
More informationHadoop An Overview. - Socrates CCDH
Hadoop An Overview - Socrates CCDH What is Big Data? Volume Not Gigabyte. Terabyte, Petabyte, Exabyte, Zettabyte - Due to handheld gadgets,and HD format images and videos - In total data, 90% of them collected
More informationServer Certificate Validation
Understanding Server Certificate Validation and 802.1X Update Kevin Koster Founder & Principal Cloudpath Networks Special Thanks To: Robert Hopley, RSA Chris Hessing, Cloudpath & OpenSEA Alex Sharaz, University
More informationComputer System Design and Administration
Department of Computer and Electrical Engineering This work is published under a License: Creative Commons BY-NC-SA 4.0 Secure information service: Puzzle Information server Single sign-on model LDAP clients
More informationCrea:ng a pla>orm of trust Meter data transmission the secure way
Crea:ng a pla>orm of trust Meter data transmission the secure way Chris&an Giroux EUW 2014 Landis+Gyr November 4, 2014 Focus of this presenta&on n The informa:on flow between smart meters and head end
More informationISILON ONEFS WITH HADOOP KERBEROS AND IDENTITY MANAGEMENT APPROACHES. Technical Solution Guide
ISILON ONEFS WITH HADOOP KERBEROS AND IDENTITY MANAGEMENT APPROACHES Technical Solution Guide Hadoop and OneFS cluster configurations for secure access and file permissions management ABSTRACT This technical
More informationSubtitle: Join Sun Solaris Systems to Active Directory with Likewise
Keywords: join solaris to active directory, solaris active directory integration, solaris AD, solaris active directory, solaris winbind, Sun Identity Manager, Unix authentication, solaris authentication,
More informationNFS 3/25/14. Overview. Intui>on. Disconnec>on. Challenges
NFS Overview Sharing files is useful Network file systems give users seamless integra>on of a shared file system with the local file system Many op>ons: NFS, SMB/CIFS, AFS, etc. Security an important considera>on
More informationModifying an Exis.ng Commercial Product for Cryptographic Module Evalua.on
Modifying an Exis.ng Commercial Product for Cryptographic Module Evalua.on ICMC16 O?awa, Canada 18-20 May 2016 Presented by Alan Gornall Introduc.on I provide cer.fica.on support to my clients: compliance
More informationLeviathan redux. John L. Manferdelli Intel Science and Technology Center for Secure Compu;ng UC, Berkeley
Leviathan redux John L. Manferdelli Intel Science and Technology Center for Secure Compu;ng UC, Berkeley Joint work with Tom Roeder (Google), Fred Schneider (Cornell) And Kevin Walsh of Mt Holyoke College
More informationNFS. CSE/ISE 311: Systems Administra5on
NFS CSE/ISE 311: Systems Administra5on Sharing files is useful Overview Network file systems give users seamless integra8on of a shared file system with the local file system Many op8ons: NFS, SMB/CIFS,
More informationConfiguring Ports for Big Data Management, Data Integration Hub, Enterprise Information Catalog, and Intelligent Data Lake 10.2
Configuring s for Big Data Management, Data Integration Hub, Enterprise Information Catalog, and Intelligent Data Lake 10.2 Copyright Informatica LLC 2016, 2017. Informatica, the Informatica logo, Big
More informationWeb Applica+on Security
Web Applica+on Security Raluca Ada Popa Feb 25, 2013 6.857: Computer and Network Security See last slide for credits Outline Web basics: HTTP Web security: Authen+ca+on: passwords, cookies Security amacks
More informationTale of a mobile application ruining the security of global solution because of a broken API design. SIGS Geneva 21/09/2016 Jérémy MATOS
Tale of a mobile application ruining the security of global solution because of a broken API design SIGS Geneva 21/09/2016 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationToday s Objec2ves. AWS/MR Review Final Projects Distributed File Systems. Nov 3, 2017 Sprenkle - CSCI325
Today s Objec2ves AWS/MR Review Final Projects Distributed File Systems Nov 3, 2017 Sprenkle - CSCI325 1 Inverted Index final input files have been posted Another email out to AWS Google cloud Nov 3, 2017
More informationConfiguring and Deploying Hadoop Cluster Deployment Templates
Configuring and Deploying Hadoop Cluster Deployment Templates This chapter contains the following sections: Hadoop Cluster Profile Templates, on page 1 Creating a Hadoop Cluster Profile Template, on page
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users Learning Objectives Explain why authentication is a critical aspect of network security Explain
More informationHands-on Exercise Hadoop
Department of Economics and Business Administration Chair of Business Information Systems I Prof. Dr. Barbara Dinter Big Data Management Hands-on Exercise Hadoop Building and Testing a Hadoop Cluster by
More informationSai Praveen Sadhu George Mason University Fall 2014, ECE 646
Sai Praveen Sadhu George Mason University Fall 2014, ECE 646 VoIP - > Voice over IP Technology to send voice and mul9media over Internet Protocol. Skype is a good example of VoIP. Skype was developed in
More informationNew PCI DSS Version 3.0: Can it Reduce Breaches? Dharshan Shanthamurthy, CEO, SISA Informa2on Security Inc. Core Competencies C11
New PCI DSS Version 3.0: Can it Reduce Breaches? Dharshan Shanthamurthy, CEO, SISA Informa2on Security Inc. Core Competencies C11 SISA Informa2on Security Formal Risk Assessment Specialists Authors of
More informationIntroduc)on to Apache Ka1a. Jun Rao Co- founder of Confluent
Introduc)on to Apache Ka1a Jun Rao Co- founder of Confluent Agenda Why people use Ka1a Technical overview of Ka1a What s coming What s Apache Ka1a Distributed, high throughput pub/sub system Ka1a Usage
More informationSecuring the Oracle BDA - 1
Hello and welcome to this online, self-paced course titled Administering and Managing the Oracle Big Data Appliance (BDA). This course contains several lessons. This lesson is titled Securing the Oracle
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationOracle Big Data Connectors
Oracle Big Data Connectors Oracle Big Data Connectors is a software suite that integrates processing in Apache Hadoop distributions with operations in Oracle Database. It enables the use of Hadoop to process
More informationAWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS
AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS suneys@amazon.com AWS Core Infrastructure and Services Traditional Infrastructure Amazon Web Services Security Security Firewalls ACLs
More informationConfiguring Hadoop Security with Cloudera Manager
Configuring Hadoop Security with Cloudera Manager Important Notice (c) 2010-2015 Cloudera, Inc. All rights reserved. Cloudera, the Cloudera logo, Cloudera Impala, and any other product or service names
More informationSAP Vora - AWS Marketplace Production Edition Reference Guide
SAP Vora - AWS Marketplace Production Edition Reference Guide 1. Introduction 2 1.1. SAP Vora 2 1.2. SAP Vora Production Edition in Amazon Web Services 2 1.2.1. Vora Cluster Composition 3 1.2.2. Ambari
More informationNa#ve Applica#ons WG (NAPPS) May 5/14 Paul Madsen, Ping
Na#ve Applica#ons WG (NAPPS) May 5/14 Paul Madsen, Ping NAPPS value proposi#on OAuth & Connect enable na#ve applica#ons calling APIs Popularity of na#ve applica#on model has led to an explosion enterprise
More informationMicrosoft MB Microsoft Dynamics CRM 2016 Installation. Download Full version :
Microsoft MB2-711 Microsoft Dynamics CRM 2016 Installation Download Full version : https://killexams.com/pass4sure/exam-detail/mb2-711 Answer: D QUESTION: 87 Which two components are required to enable
More informationClient Certificates Are Going Away
Client Certificates Are Going Away What now? Garrett Wollman, TIG May 2, 2016 1 Overview of this talk 1. Review of the current situation and how we got here 2. Our response to the deprecation of client
More informationDesktop Integrators You Mean I Can Load Data Straight From a Spreadsheet? Lee Briggs Director, Financials Denovo
Desktop Integrators You Mean I Can Load Data Straight From a Spreadsheet? Lee Briggs Director, Financials Prac@ce Denovo LBriggs@Denovo-us.com Agenda Introduc@ons Applica@on Desktop Integrator and Web-ADI
More informationComputer Security Course. Public Key Crypto. Slides credit: Dan Boneh
Computer Security Course. Dawn Song Public Key Crypto Slides credit: Dan Boneh Administra>ve Issues Security is a fast- changing field We cover a broad spectrum of areas in computer security Hence, there
More informationAccess Control. Chester Rebeiro. Indian Institute of Technology Madras
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Subjects : User/ process/ applica5on Read/Write/
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationApplica'on-level protocols, AAA, Management, Security
LP-WAN BOF Applica'on-level protocols, AAA, Management, Security Rafa Mar'n Lopez (rafa@um.es) Dan García Carrillo (dan.garcia@um.es) LP-WAN network access control Only authen'cated and authorized nodes
More informationApache Ranger User Guide
Apache Ranger 0.5 - User Guide USER GUIDE Version : 0.5.0 September 2015 About this document Getting started General Features Login to the system: Log out to the system: Service Manager (Access Manager)
More informationHadoop & Big Data Analytics Complete Practical & Real-time Training
An ISO Certified Training Institute A Unit of Sequelgate Innovative Technologies Pvt. Ltd. www.sqlschool.com Hadoop & Big Data Analytics Complete Practical & Real-time Training Mode : Instructor Led LIVE
More information26- April- 2010, Spring Member Mee4ng Chris Hyzer, Grouper developer
26- April- 2010, Spring Member Mee4ng Chris Hyzer, Grouper developer XMPP integra4on XMPP and the Grouper loader XMPP and the Grouper client Kuali Rice integra4on Rice groups Rice subjects Automa4c workflow
More informationPattern Recognition and Applications Lab WEB Security. Giorgio Giacinto.
Pattern Recognition and Applications Lab WEB Security Giorgio Giacinto giacinto@diee.unica.it Sicurezza Informa1ca, 2015-2016 Department of Electrical and Electronic Engineering University of Cagliari,
More informationHortonworks PR PowerCenter Data Integration 9.x Administrator Specialist.
Hortonworks PR000007 PowerCenter Data Integration 9.x Administrator Specialist https://killexams.com/pass4sure/exam-detail/pr000007 QUESTION: 102 When can a reduce class also serve as a combiner without
More informationEnforcing declara.ve data policies
Enforcing declara.ve data policies Peter Druschel with Anjo Vahldiek, Eslam Elnikety, Aastha Mehta, Deepak Garg, MPI- SWS (with contribu@ons from Rodrigo Rodrigues Nova Lisboa, Johannes Gehrke Cornell/Microso>,
More informationCan Parallel Replication Benefit Hadoop Distributed File System for High Performance Interconnects?
Can Parallel Replication Benefit Hadoop Distributed File System for High Performance Interconnects? N. S. Islam, X. Lu, M. W. Rahman, and D. K. Panda Network- Based Compu2ng Laboratory Department of Computer
More informationModular arithme.c and cryptography
Modular arithme.c and cryptography CSC 1300 Discrete Structures Villanova University Public Key Cryptography (Slides 11-32) by Dr. Lillian Cassel, Villanova University Villanova CSC 1300 - Dr Papalaskari
More informationHow to Run the Big Data Management Utility Update for 10.1
How to Run the Big Data Management Utility Update for 10.1 2016 Informatica LLC. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording
More information8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop
Bishop Encryption and Decryption centralized Single point of contact First line of defense If working with VPC Creation and management of security groups Provides additional networking and security options
More informationApache Commons Crypto: Another wheel of Apache Commons. Dapeng Sun/ Xianda Ke
Apache Commons Crypto: Another wheel of Apache Commons Dapeng Sun/ Xianda Ke About us Dapeng Sun @Intel Apache Commons Committer Apache Sentry PMC Xianda Ke @Intel Apache Commons Crypto Apache Pig(Pig
More informationThreat modeling. Tuomas Aura T Informa1on security technology. Aalto University, autumn 2012
Threat modeling Tuomas Aura T- 110.4206 Informa1on security technology Aalto University, autumn 2012 Threats Threat = something bad that can happen Given an system or product Assets: what is there to protect?
More informationSecure hashing, authen/ca/on
Secure hashing, authen/ca/on root@topi:/etc# more shadow root:$6$1z2.cqoj$bib7hoc7byvsvclmpc1c5f/h.gaddflg1xa2fqknmaoabwzi1ysldik2gikuebeo ugj33w8h4qdiwyvamlfij2eu.:15138:0:99999:7::: daemon:*:15040:0:99999:7:::
More informationADVENTURES IN OPENBANKING: UNDERSTANDING OAUTH AND OPENID CONNECT CLIENT ECOSYSTEMS
SESSION ID: IDY-R04 ADVENTURES IN OPENBANKING: UNDERSTANDING OAUTH AND OPENID CONNECT CLIENT ECOSYSTEMS Pamela Dingle Director of Iden7ty Standards @ Microso= @pamelarosiedee Disclaimer The work I describe
More informationBig Data Analytics using Apache Hadoop and Spark with Scala
Big Data Analytics using Apache Hadoop and Spark with Scala Training Highlights : 80% of the training is with Practical Demo (On Custom Cloudera and Ubuntu Machines) 20% Theory Portion will be important
More informationDelegated Access for Hadoop Clusters in the Cloud
Delegated Access for Hadoop Clusters in the Cloud David Nuñez, Isaac Agudo, and Javier Lopez Network, Information and Computer Security Laboratory (NICS Lab) Universidad de Málaga, Spain Email: dnunez@lcc.uma.es
More information