incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guy Incognito <dnd1...@gmail.com>
Subject Re: security
Date Wed, 09 Nov 2011 19:29:42 GMT
ok, thx for the input!

On 09/11/2011 15:19, Mohit Anchlia wrote:
> We lockdown ssh to root from any network. We also provide individual
> logins including sysadmin and they go through LDAP authentication.
> Anyone who does sudo su as root gets logged and alerted via trapsend.
> We use firewalls and also have a separate vlan for datastore servers.
> We then open only specific ports from our application servers to
> datastore servers.
>
> You should also look at Cassandra authentication as additional means
> of securing your data.
>
> On Wed, Nov 9, 2011 at 6:39 AM, Sasha Dolgy<sdolgy@gmail.com>  wrote:
>> Firewall with appropriate rules.
>>
>>> On Tue, Nov 8, 2011 at 6:30 PM, Guy Incognito<dnd1066@gmail.com>  wrote:
>>>> hi,
>>>>
>>>> is there a standard approach to securing cassandra eg within a corporate
>>>> network?  at the moment in our dev environment, anybody with network
>>>> connectivity to the cluster can connect to it and mess with it.  this would
>>>> not be acceptable in prod.  do people generally write custom authenticators
>>>> etc, or just put the cluster behind a firewall with the appropriate rules
to
>>>> limit access?


Mime
View raw message