shield your cluster
play

Shield your cluster Security with Elasticsearch Alexander Reelsen - PowerPoint PPT Presentation

Dec 25, 2023 •965 likes •1.52k views

Shield your cluster Security with Elasticsearch Alexander Reelsen @spinscale alex@elastic.co Agenda Why? How? Q & A What? Next? Who? About 2012 Elasticsearch got founded Series A investment Trainings Supports subscriptions

  1. Shield your cluster Security with Elasticsearch Alexander Reelsen @spinscale alex@elastic.co

  2. Agenda Why? How? Q & A What? Next? Who?

  3. About 2012 Elasticsearch got founded Series A investment Trainings Supports subscriptions

  4. About 2012 2013 Series B investment Kibana Elasticsearch for Apache Hadoop Integration Logstash Elasticsearch Clients Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

  5. About 2012 2013 2014 Series C investment Marvel released

  6. About 2012 2013 2014 2015 Shield goes GA First user conference & rebrand Found acquired Packetbeat joins Watcher in beta

  7. About 2012 2013 2014 2015 Joined in March 2013 Working on Elasticsearch & Shield Development, Trainings, Conferences, Support, Blog posts We're hiring...

  8. Why? How? Q & A What? Next? Who?

  9. Why? Elasticsearch: No security OOTB No encrypted communication No Authorization No Authentication No Audit Logging

  10. nginx in front client nginx ES Filter by HTTP method, URI or IP User management via basic auth Use aliases & filters

  11. nginx in front client nginx ES How to solve multi index operations? GET /logs-2015.10.10,evil,logs-2015.10.11 { "query" : { "match_all": {} } }

  12. nginx in front client nginx ES How to solve bulk/multi operations? { "index" : { "_index" : "test1", "_type" : "type1", "_id" : "1" } } { "field1" : "value1" } { "delete" : { "_index" : "test2", "_type" : "type1", "_id" : "2" } } { "create" : { "_index" : "test3", "_type" : "type1", "_id" : "3" } } { "field1" : "value3" } { "update" : {"_id" : "1", "_type" : "type1", "_index" : "test4"} } { "doc" : {"field2" : "value2"} }

  13. nginx in front client nginx ES HTTP/Transport Prevent unwanted accesses

  14. nginx in front client nginx ES Firewall

  15. operational overhead client ACL Data IP Filtering Configuration scattered across systems

  16. operational overhead client ACL Data IP Filtering Directory Configuration scattered across systems

  17. Why? How? Q & A What? Next? Who?

  18. How? Elasticsearch modular & pluggable Security as a plugin HTTP + Transport protocols Integration into the ELK stack!

  19. How? Authentication auth_token Authorization Elasticsearch Elasticsearch

  20. How? Authentication auth_token Authorization 200 OK Elasticsearch Elasticsearch

  21. How? Authentication auth_token Authorization 401 Unauthorized Elasticsearch Elasticsearch

  22. How? Getting up and running is easy Install elasticsearch 1.6 bin/plugin install elasticsearch/license/latest bin/plugin install elasticsearch/shield/latest

  23. Why? How? Q & A What? Next? Who?

  24. What? IP Filtering Encrypted communication Authentication Authorization Audit Trail

  25. IP Filtering Configurable in elasticsearch.yml Can be updated dynamically via cluster update settings API shield.transport.filter: allow: "192.168.0.1" deny: "192.168.0.0/24"

  26. Encrypted communication keystore required different config for HTTP and transport protocol (+profiles) shield.ssl.keystore.path: /path/to/keystore.jks shield.ssl.keystore.password: secret shield.transport.ssl: true shield.http.ssl: true

  27. Authentication "Who are you?" Auth mechanisms are called realms Available: esusers , ldap , ad , pki Realms can be chained Support for caching & API for clearing

  28. Authentication shield.authc: realms: esusers: type: esusers order: 0 ldap1: type: ldap order: 1 enabled: false url: 'url_to_ldap1' ... ad1: type: active_directory order: 3 url: 'url_to_ad'

  29. ESusers realm Local files, can be changed via CLI Elasticsearch watches file changes & reloads config/shield/users config/shield/users_roles

  30. ESusers realm bin/shield/esusers useradd alex bin/shield/esusers roles alex -a admin -r user bin/shield/esusers list bin/shield/esusers userdel alex

  31. Anonymous access Fallback to configurable user Disabled by default shield.authc: anonymous: username: anonymous_user roles: role1, role2

  32. Authorization "Are you allowed to do that?" File: config/shield/roles.yml admin: cluster: all indices: '*': all

  33. Role Based Access Control role named set of permissions permission set of cluster wide privileges set of indices/aliases specific privileges privilege set of one or more action names /_search ⬌ indices:data/read/search

  34. Role Based Access Control role permission admin: cluster: all indices: '*': all

  35. Authorization user: indices: '*': read events_user: indices: 'events_*': read

  36. Authorization logfile_user_readonly: indices: "logstash-201?-*": read get_user: indices: 'events_index': 'indices:data/read/get'

  37. Audit Trail Writes an own audit log file Implemented as logger Logs different types of event based on log level (ip filtering, tampered requests, access denied, auth failed) shield.audit.enabled: true

  38. Integration Transport Client Logstash Kibana 3/4 Watcher Marvel

  39. Transport Client TransportClient client = new TransportClient(builder() .put("cluster.name", "myClusterName") .put("shield.user", "test_user:changeme") .put("shield.ssl.keystore.path", "/path/to/client.jks") .put("shield.ssl.keystore.password", "password") .put("shield.transport.ssl", "true")) .addTransportAddress(new InetSocketTransportAddress("localhost", 9300));

  40. Why? How? Q & A What? Next? Who?

  41. Who? Use-case 1: Monitoring application No write access Cluster Health Nodes stats/info Indices Stats

  42. Use-case 2: Logstash No read access (unless input is used) Indices: Indexing Cluster: Index templates

  43. Use-case 3: Marvel marvel_user: cluster: cluster:monitor/nodes/info, cluster:admin/plugin/license/get indices: '.marvel-*': all marvel_agent: cluster: indices:admin/template/get, indices:admin/template/put indices: '.marvel-*': indices:data/write/bulk, create_index

  44. Use-case 4: Ecommerce bulk: indices: 'products_*': write, manage, read updater: indices: 'products': index, delete, indices:admin/optimize webshop: indices: 'products': search, get

  45. Use-case 4: Ecommerce monitoring: cluster: monitor indices: '*': monitor sales_rep : indices: 'sales_*' : all 'social_events' : data_access, monitor

  46. Why? How? Q & A What? Next? Who?

  47. Next? Simplify SSL configuration API driven user/role management Open up realms API Field-level security Index Audit Trail into ES

  48. Why? How? Q & A What? Next? Who?

  49. Q & A Thanks for listening! Alexander Reelsen @spinscale alex@elastic.co We're hiring https://www.elastic.co/about/careers We're helping https://www.elastic.co/subscriptions

  50. Resources Shield documentation https://www.elastic.co/guide/en/shield/current/index.html Shield: Security in ELK https://www.elastic.co/elasticon/2015/sf/security-in-elk Shield and Beyond: Recommendations for a Secure ELK Environment https://www.elastic.co/webinars/shield-and-beyond

  51. Resources https://discuss.elastic.co/c/shield

  52. Resources

  53. Resources

  54. Q & A Thanks for listening! Alexander Reelsen @spinscale alex@elastic.co We're hiring https://www.elastic.co/about/careers We're helping https://www.elastic.co/subscriptions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EE 109 Unit 6 LCD Interfacing 6.2 LCD BOARD 6.3 The EE 109 LCD Shield The LCD shield is a

EE 109 Unit 6 LCD Interfacing 6.2 LCD BOARD 6.3 The EE 109 LCD Shield The LCD shield is a

6.1 EE 109 Unit 6 LCD Interfacing 6.2 LCD BOARD 6.3 The EE 109 LCD Shield The LCD shield is a 16 character by 2 row LCD that mounts on top of the Arduino Uno. The shield also contains five buttons that can be used as input sources.

569 views • 35 slides
EE 109 Unit 9 LCD LCD BOARD 9.3 9.4 How Do We Use It? The EE 109 LCD Shield The LCD

EE 109 Unit 9 LCD LCD BOARD 9.3 9.4 How Do We Use It? The EE 109 LCD Shield The LCD

9.1 9.2 EE 109 Unit 9 LCD LCD BOARD 9.3 9.4 How Do We Use It? The EE 109 LCD Shield The LCD shield is a _____________________ By sending it ______(i.e. _________________ LCD that mounts on top of the Arduino Uno. one at a time)

259 views • 8 slides
Shield Absent Clear Court Guidance Understanding the Scope of the Shield, Leveraging the Defense,

Shield Absent Clear Court Guidance Understanding the Scope of the Shield, Leveraging the Defense,

Presenting a live 90-minute webinar with interactive Q&A Navigating the Clean Water Act Permit Shield Absent Clear Court Guidance Understanding the Scope of the Shield, Leveraging the Defense, Minimizing Liability TUESDAY, JUNE 16, 2015 1pm

433 views • 27 slides
EE 109 Unit 6 LCD Interfacing LCD BOARD 6.3 6.4 How Do We Use It? The EE 109 LCD Shield

EE 109 Unit 6 LCD Interfacing LCD BOARD 6.3 6.4 How Do We Use It? The EE 109 LCD Shield

6.1 6.2 EE 109 Unit 6 LCD Interfacing LCD BOARD 6.3 6.4 How Do We Use It? The EE 109 LCD Shield The LCD shield is a ____________________ By sending it ________ (i.e. ______________ LCD that mounts on top of the Arduino Uno. one at

614 views • 9 slides
Cool Down Cool Down Study of Study of 70 K 70 K Thermal Shield of Thermal Shield of 650MHz

Cool Down Cool Down Study of Study of 70 K 70 K Thermal Shield of Thermal Shield of 650MHz

Cool Down Cool Down Study of Study of 70 K 70 K Thermal Shield of Thermal Shield of 650MHz 650MHz Cryomodule Cryomodule Abhishek Jain, Rupul Ghosh, Shailesh Gilankar, Prashant Khare, Pradeep Kush, A Laxminarayan Outline of talk Part I

548 views • 25 slides
Shield Silver Shield is a patented product that destroys surface bacteria viruses and mold It

Shield Silver Shield is a patented product that destroys surface bacteria viruses and mold It

Remarkable Uses Of Silver Shield Silver Shield is a patented product that destroys surface bacteria viruses and mold It is a powerful surface disinfectant that is able to purify water and help maintain good health United States Patent #

773 views • 58 slides
RECURRENCE WHAT CAUSES CLUSTER HEADACHES? Occasionally referred to as alarm headaches

RECURRENCE WHAT CAUSES CLUSTER HEADACHES? Occasionally referred to as alarm headaches

10/4/18 QUESTIONS : CLUSTER HEADACHES: 1. Have any of you heard of cluster THE WORST PAIN POSSIBLE? headaches? 2. Do you know someone who suffers from cluster headaches? WHAT ARE CLUSTER HEADACHES? TRIGEMINAL NERVE A neurological

514 views • 3 slides
Cluster Presentation Cluster Presentation EU-EECA ICT Cluster is the joint effort of three

Cluster Presentation Cluster Presentation EU-EECA ICT Cluster is the joint effort of three

Cluster Presentation Cluster Presentation EU-EECA ICT Cluster is the joint effort of three FP7-ICT support actions (ISTOK-SOYUZ, SCUBE-ICT, EXTEND) to strengthen the collaboration in ICT research between European Union and Eastern Europe and

3.41k views • 11 slides
Getting started on the cluster Learning Objectives Describe the structure of a compute cluster

Getting started on the cluster Learning Objectives Describe the structure of a compute cluster

Getting started on the cluster Learning Objectives Describe the structure of a compute cluster Log in to the cluster Demonstrate how to start an interactive session with the SLURM job scheduler 2 Cluster Architecture 3 Cluster Terminology

616 views • 14 slides
SHIELD: Target, Test, Tell Draft Presentation for Discussion Purposes 1 COVID-19 SHIELD employs

SHIELD: Target, Test, Tell Draft Presentation for Discussion Purposes 1 COVID-19 SHIELD employs

SHIELD: Target, Test, Tell Draft Presentation for Discussion Purposes 1 COVID-19 SHIELD employs a target, test, tell strategy Target Test Tell Modeling to guide test Fast, scalable saliva Digital exposure frequency and PCR test for SARS-

357 views • 10 slides
Volcanoes Shield Volcanoes What Where Life Cycle with reference to Kauai Composite Volcanoes

Volcanoes Shield Volcanoes What Where Life Cycle with reference to Kauai Composite Volcanoes

Volcanoes Shield Volcanoes What Where Life Cycle with reference to Kauai Composite Volcanoes Shield Volcanoes What are they? A shield volcano is a type of volcano usually built almost entirely of fluid lava flows. They are named for

601 views • 33 slides
history and drivers The Aerospace Cluster The Cluster-Association The Aerospace Cluster The

history and drivers The Aerospace Cluster The Cluster-Association The Aerospace Cluster The

history and drivers The Aerospace Cluster The Cluster-Association The Aerospace Cluster The Cluster-Association The Aerospace Value Chain made up by 64 Members who directly generated Having doubled Turnover and Employment in

584 views • 25 slides
CIMI - SHIELD T h e P r e v e n t i v e S o l u t i o n t o t h e B e d B u g P r o b l e m

CIMI - SHIELD T h e P r e v e n t i v e S o l u t i o n t o t h e B e d B u g P r o b l e m

NOW the Hospitality industry can Prevent / Control the Bed Bug Problem! Introducing CIMI - SHIELD T h e P r e v e n t i v e S o l u t i o n t o t h e B e d B u g P r o b l e m A Revolutionary product thats economical, easy to spray by

84 views • 5 slides
W g v W g W g g v g W g W g W g (4) j M g u g

W g v W g W g g v g W g W g W g (4) j M g u g

A Course in Applied Econometrics 1 . The Linear Model with Cluster Effects . Lecture 7 : Cluster Sampling For each group or cluster g , let y gm , x g , z gm : m 1,..., M g be the observable data, where M g is the number of

403 views • 7 slides
(UAE) Gold Shield Technical Services (UAE) Marbella Marble Trading (Turkey) KAMCOM

(UAE) Gold Shield Technical Services (UAE) Marbella Marble Trading (Turkey) KAMCOM

Golden Shield Fire Fighting Safety Equipment Installation (UAE) Gold Shield Technical Services (UAE) Marbella Marble Trading (Turkey) KAMCOM International FZC (UAE) Alam Al Murjan General GENETECH Trading & Contracting (Pakistan)

564 views • 14 slides
Mu2e Remote Handling Shield Door, Air Seal, and Transfer Cart Design Status Dave Pushka Mu2e

Mu2e Remote Handling Shield Door, Air Seal, and Transfer Cart Design Status Dave Pushka Mu2e

Mu2e Remote Handling Shield Door, Air Seal, and Transfer Cart Design Status Dave Pushka Mu2e Target, Remote Handling, and Heat & Radiation Shield Review November 16-18, 2015 Items Addressed in this Talk: Shield Door between the

569 views • 29 slides
Program Scale-up and Sustainability Julie Buhl-Wiggers (Copenhagen Business School) Jason Kerwin

Program Scale-up and Sustainability Julie Buhl-Wiggers (Copenhagen Business School) Jason Kerwin

Introduction Experiment & Data Results Scale-up Sustainability Conclusions Program Scale-up and Sustainability Julie Buhl-Wiggers (Copenhagen Business School) Jason Kerwin (UMN) Jeffrey Smith (Wisconsin) Rebecca Thornton (UIUC) 2018

1.23k views • 57 slides
Economics 2 Professor Christina Romer Spring 2019 Professor David Romer LECTURE 4 EXTENSIONS

Economics 2 Professor Christina Romer Spring 2019 Professor David Romer LECTURE 4 EXTENSIONS

Economics 2 Professor Christina Romer Spring 2019 Professor David Romer LECTURE 4 EXTENSIONS OF SUPPLY AND DEMAND ANALYSIS January 31, 2019 I. O VERVIEW II. R EVIEW OF THE S UPPLY AND D EMAND F RAMEWORK A. Supply and demand diagram (example:

960 views • 36 slides
Probing Nucleon Spin Structure Using Probing Nucleon Spin Structure Using Deep Inelastic

Probing Nucleon Spin Structure Using Probing Nucleon Spin Structure Using Deep Inelastic

Probing Nucleon Spin Structure Using Probing Nucleon Spin Structure Using Deep Inelastic Scattering Deep Inelastic Scattering E12-06-121: Neutron g 2 and d 2 E12-06-121: Neutron g 2 and d 2 Spokespersons: B. Sawatzky, W. Korsch, T. Averett,

664 views • 32 slides
Dissecting the Effect of Credit Supply on Trade: Evidence from Matched Credit-Export Data Daniel

Dissecting the Effect of Credit Supply on Trade: Evidence from Matched Credit-Export Data Daniel

Dissecting the Effect of Credit Supply on Trade: Evidence from Matched Credit-Export Data Daniel Paravisini, Veronica Rappoport, Philipp Schnabl, and Daniel Wolfenzon August 2013 Motivation What is the role of banks in amplifying economic

364 views • 18 slides
BlackBerry 10 Cascades UI FW: A Different Take Markus Landin, Product Manager, Research In Motion

BlackBerry 10 Cascades UI FW: A Different Take Markus Landin, Product Manager, Research In Motion

BlackBerry 10 Cascades UI FW: A Different Take Markus Landin, Product Manager, Research In Motion TAT November 19, 2012 November 19, 2012 Session absctract: Cascades is the new native UI Framework on BlackBerry 10 Platform. It is built

631 views • 44 slides
A centralised ElasticSearch service: Design ideas and status Motivation for a centralised ES

A centralised ElasticSearch service: Design ideas and status Motivation for a centralised ES

A centralised ElasticSearch service: Design ideas and status Motivation for a centralised ES service Project Mandat Organisation Team Strategy and design Status and resources Issues PaaS Conclusions/summary

653 views • 20 slides
International taxation and company tax policy in small open economies by George R. Zodrow Iris

International taxation and company tax policy in small open economies by George R. Zodrow Iris

Comments on International taxation and company tax policy in small open economies by George R. Zodrow Iris Claus Victoria University of Wellington Tax Policy Conference New Zealand Tax Reform Where To Next? 11-13 February 2009

339 views • 13 slides
Estimating Discrete Choice Models with Market Level Zeroes: An Application to Scanner Data Amit

Estimating Discrete Choice Models with Market Level Zeroes: An Application to Scanner Data Amit

Estimating Discrete Choice Models with Market Level Zeroes: An Application to Scanner Data Amit Gandhi, Zhentong Lu, Xiaoxia Shi University of Wisconsin-Madison February 3, 2015 Introduction I Zeroes are highly prevalent in choice data I

876 views • 40 slides

More recommend