Cassandra Database Security

Transcription

1 Cassandra Database Security Author: Mohit Bagria NoSQL Database A NoSQL database (sometimes called as Not Only SQL) is a database that provides a mechanism to store and retrieve data other than the tabular relations used in relational databases. These databases are schema-free, support easy replication, have simple API, eventually consistent, and can handle huge amounts of data. The primary objective of a NoSQL database is to have Simplicity of design, Horizontal scaling, and Finer control over availability. History of Cassandra: Cassandra was developed at Facebook for inbox search. It was open-sourced by Facebook in July Cassandra was accepted into Apache Incubator in March It was made an Apache top-level project since February What is Apache Cassandra? Apache Cassandra is an open source, distributed and decentralized/distributed storage system (database), for managing very large amounts of structured data spread out across the world. It provides highly available service with no single point of failure.

2 Listed below are some of the notable points of Apache Cassandra: It is scalable, fault-tolerant, and consistent. It is a column-oriented database. Its distribution design is based on Amazon s Dynamo and its data model on Google s Big table. Created at Facebook, it differs sharply from relational database management systems. Cassandra implements a Dynamo-style replication model with no single point of failure, but adds a more powerful column family data model. Cassandra is being used by some of the biggest companies such as Facebook, Twitter, Cisco, Rackspace, ebay, Twitter, Netflix, and more. Features of Cassandra: 1. Elastic Scalability 2. Always on Architecture 3. Fast Linear Scale Performance 4. Flexible Data Storage 5. Easy Data Distribution 6. Transaction Support 7. Fast Writes Data Replication in Cassandra: In Cassandra, one or more of the nodes in a cluster act as replicas for a given piece of data. If it is detected that some of the nodes responded with an out-of-date value, Cassandra will return the most recent value to the client. After returning the most recent value, Cassandra performs a read repair in the background to update the stale values.

3 The following figure shows a schematic view of how Cassandra uses data replication among the nodes in a cluster to ensure no single point of failure. Security in NoSQL Database: In all the NoSQL databases, Security has been a weak point. No NoSQL database provides complete security. After recognizing this weak point in Cassandra and due to very high demands from customers and open source community, Apache Cassandra and Datastax enterprise decided to provide security feature in Apache Cassandra and Datastax enterprise.

4 There are two types of Security in Apache Cassandra and Datastax Enterprise. 1. Internal Authentication 2. Authorization What is Authentication and Authorization:- Internal authentication is basically validating user connection. The user is authenticated with login and password. All the user accounts are managed in Cassandra internally. Internal authorization deals with user's permission. It deals with what actions user can be performed. For example, we can give user's permission such as which user has only data read permission, which user has data write permission and which user has data delete permission. External authentication is the authentication that is supported with Kerberos (Kerberos is used to manage credentials securely) and LDAP (LDAP is used for holding authoritative information about the accounts, such as what they're allowed to access). Apache Cassandra does not support external authentication. Only Datastax enterprise supports external authentication with Kerberos and LDAP. Whereas internal authentication is supported both in Apache Cassandra as well as Datastax enterprise. Configure Authentication and Authorization In Cassandra, by default authentication and authorization options are disabled. You have to configure Cassandra.yaml file for enabling authentication and authorization. Open Cassandra.yaml file and uncomment lines that deals with internal authentication and authorization.

5 In Cassandra.yaml file, by default, authenticator value is 'AllowAllAuthenticator'. Change this authenticator value from 'AllowAllAuthenticator' to 'com.datastax.bdp.cassandra.auth.passwordauthenticator' Similarly, in Cassandra.yaml file, by default, authorizer value will be 'AllowAllAuthorizor'. Change this authorizer value from 'AllowAllAuthorizor' to 'com.datastax.bdp.cassandra.auth.cassandraauthorizor'. Cassandra Cqlsh: Cassandra provides a prompt Cassandra query language shell (cqlsh) that allows users to communicate with it. Using this shell, you can execute Cassandra Query Language (CQL). Using cqlsh You Can: Define a Schema Insert data Execute a Query

6 Starting Cqlsh: Start cqlsh using the command cqlsh as shown below. It gives the Cassandra cqlsh prompt as output. Cqlsh: As discussed above, this command is used to start the cqlsh prompt. In addition, it supports a few more options as well. The following table explains all the options of cqlsh and their usage.

7 Logging in Cassandra: Now authentication is enabled, if you try to access any key space, Cassandra will return an error. By default, Cassandra provides the super account with user name 'cassandra' and password 'cassandra'. By logging in to 'Cassandra' account, you can do whatever you want. Let's see the below screenshot for this, where it will not allow you to login if you are not using the default Cassandra "username" and "password". Now, in the second screenshot, you can see after using Cassandra default login credential, you are able to login. You can also create another user with this account. It is recommended to change the password from the default. Here is the example of login Cassandra user and change default password.

8 How to Create a New User New accounts can be created with the 'Cassandra' account. For creating a new user, login, the password is specified along with whether the user is super user or not. Only Super user can create new users. Command: cqlsh > create user robin with password manager superuser; Command: cqlsh> create user Laura with password newhire ; You can get a list of all users by the following syntax. Command: Cqlsh> list users; Output: Name User cassandra True Laura False Robin True Droop User by the Syntax:- Command: cqlsh drop user Laura; Authorization: Authorization is the assigning permission to users that what action a particular user can perform. Here is the generic syntax for assigning permission to users.

9 Syntax: GRANT permission ON resource TO user There are following types of permission that can be granted to the user: Here are examples of assigning permission to the user. Cqlsh> create user laura with password newhire ; Cqlsh> grant all on dev.emp to laura; Cqlsh> revoke all on dev.emp from laura; Cqlsh> grant select on dev.emp to laura; A new user 'laura' is created with password 'newhire'. Here is the example where user 'laura' try to access emp_bonus table. Laura has only permission to access dev.emp and no permission to this table dev.emp_bonus that's why an error was returned. Cqlsh:dev> select * from emp_bonus;

10 Bad Request: user laura has no select permission on <table dev.emp_bonus> or any of its parents. You can get a list of all permissions that is assigned to the user. Here is the example of getting permission information. Cqlsh> list all permissions of laura; You can also list all the permission on the resource. Here is the example of getting permission from a table. Other Security: Encryption: Datastax Enterprise includes support for transparent data encryption of data as it is written to disk, but it requires a secure local file system. In addition, if you require the commit logs to be encrypted, you will need a file system encryption capability such as that delivered by IBM Security Guardium Data Encryption.

11 Auditing: This is an area where Guardium provides significant added value. Although Cassandra has a general logging facility (which can be used for troubleshooting and point-in-time recovery) it would require a significant amount of work for an organization to create timely audit reports. And as stated in the product documentation, "increasing logging levels can generate heavy logging output on a moderately trafficked cluster. How Guardium facilitates compliance and protects Cassandra databases We will focus on Guardium Activity Monitoring. Capabilities such as database discovery, data classification, and vulnerability assessment are not currently available in Guardium for Cassandra at this time. How Guardium activity monitoring works Guardium continuously monitors data activity by using lightweight software probes, called S-TAPs, without relying on logs. The S-TAPs also do not require any configuration changes to the Cassandra servers or applications. The other major component in the Guardium architecture is the collector, which is tamper-resistant hardware, software, or virtual appliance. This architecture is optimized for speed and facilitates separation of duties.

12 To keep the processor usage on the database servers very low, the S-TAPS immediately intercept messages at the OS level and forward data activity to the collector. Depending on how much activity you decide to audit, the processor usage on the cluster should be no more than 2-4 percent. Audited data events are stored in the collector's tamper-resistant repository, which is inaccessible other than by the Guardium interfaces and cannot be deleted. These capabilities provide significant added value of reliance on native auditing, including: Separation of Duties: For security and compliance, it's an accepted best practice not to enable privileged users, such as DBAs, to also be in control of security; in addition, it s critical to monitor everything that they do on any system that includes sensitive data. The information security team can administer Guardium regardless of whether audit logging is enabled on the database server or not. Speed of detection and Integration with Security operations: Real-time alerts can be specified for a wide variety of conditions, and you will learn how to specify those here. When breaches occur, being able to detect and react quickly can mean the difference between a hugely damaging loss and a minor inconvenience. Speed of Compliance: Demonstrating compliance can be time consuming and burdensome as these often require some level of regular review and signoff. Guardium not only lets you create the reports that you need to satisfy audit requirements, it also has a robust workflow capability that integrates into your business processes and saves all sign-offs and reviews as part of the audit trail. You'll read more about this later in the article. Guardium includes hundreds of prebuilt reports, including reports that are designed to jump-start compliance reporting for SOX, HIPAA, PCI-DSS, and Data Privacy. See related topics for a link to a developer Works article on using accelerators.

13 Datastax enterprise provides Some Security Features: Client to node encryptions for Cassandra which includes an optional, secure form of communication from client machine to database cluster. Client to server SSL. This ensures that data is not compromised inflight. Administrators can create, drop and alter internal users using CQL that are authenticated to Cassandra database cluster Permissions can be granted to user to perform certain task after their initial authentication JMX authentication can be enabled and tools such as node tool and Datastax Ops Center can be configured to use this authentication Ability Configure and use external Security tools like Kerberos Provides a Transparent data encryption (TDE) to help protect at rest data. (At rest data is data that has been flushed from the memtable in system memory to the SSTables on disk) The following are security issues associated with NoSQL databases: Administrative user or authentication is not enabled by default. It has a very weak password storage Client communicates with server via plaintext(mongodb) Cannot use external encryption tools like LDAP, Kerberos etc Lack of encryption support for the data files Weak authentication both between client and the servers Vulnerability to SQL injection Denial of service attacks. Data at rest is Unencrypted. The Available encryption solution isn t production ready Encryption isn t available for client communication.

14 Configuration Firewall: If the firewall is running, following ports must be opened for communication between nodes including some Cassandra ports. If Cassandra ports will not be opened, Cassandra nodes will act as standalone database server rather than joining the database cluster. Cassandra Client Ports: Port Number Description 9042 Cassandra Client Port 9160 Cassandra Client Port Thrift Cassandra Inter-Node Ports: Public ports: Port Number Description 7000 Cassandra Internode Cluster Communication 7001 Cassandra SSL internode Communication 7199 Cassandra JMX Monitoring Port Port Number Description 22 SSH Ports 8888 Ops Center website. Browse Http Request. Cassandra Ops Center ports: Port Number Description Ops center Monitoring Port Ops Center Agent Port

15 Summary: This tutorial explains about security in Cassandra and configuring Cassandra.yaml file for enabling security. Besides this it also explains how new user account can be created, assignment of permission, configuring the firewall, and so on.