You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by oleg yusim <ol...@gmail.com> on 2016/02/11 21:29:25 UTC
Security assessment of Cassandra
Greetings,
Performing security assessment of Cassandra with the goal of generating
STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some
questions regarding the way certain security features are implemented (or
not) in Cassandra.
I composed the list of questions on these topics, which I wasn't able to
find definitive answer to anywhere else and posted it here:
https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
It is shared with all the members of that list, and any of the members of
this list is welcome to comment on this document (there is a place for
community comments specially reserved near each of the questions and my
take on it).
I would greatly appreciate Cassandra community help here.
Thanks,
Oleg
Re: Security assessment of Cassandra
Posted by Jack Krupansky <ja...@gmail.com>.
Just following up... Oleg, have you gotten a satisfactory level of feedback
from the community on the security assessment issues?
And if there is any sort of final assessment that can be publicly accessed,
that would be great.
-- Jack Krupansky
On Thu, Feb 11, 2016 at 3:29 PM, oleg yusim <ol...@gmail.com> wrote:
> Greetings,
>
> Performing security assessment of Cassandra with the goal of generating
> STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some
> questions regarding the way certain security features are implemented (or
> not) in Cassandra.
>
> I composed the list of questions on these topics, which I wasn't able to
> find definitive answer to anywhere else and posted it here:
>
> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>
> It is shared with all the members of that list, and any of the members of
> this list is welcome to comment on this document (there is a place for
> community comments specially reserved near each of the questions and my
> take on it).
>
> I would greatly appreciate Cassandra community help here.
>
> Thanks,
>
> Oleg
>
Re: Security assessment of Cassandra
Posted by oleg yusim <ol...@gmail.com>.
Greetings,
Matt brought to my attention that I shared the document at "view only"
mode. My apologies for that. I corrected permissions and shared the
document personally with everybody, who indicated he/she would review it.
Thanks,
Oleg
On Fri, Feb 12, 2016 at 10:33 PM, oleg yusim <ol...@gmail.com> wrote:
> Greetings,
>
> Following Jack's and Matt's suggestions, I moved the doc to Google Docs
> and added to it all the security gaps in Cassandra I was able to discover
> (please, see second table below fist).
>
> Here is an updated link to my document:
>
>
> https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing
>
> Thanks,
>
> Oleg
>
> On Thu, Feb 11, 2016 at 2:29 PM, oleg yusim <ol...@gmail.com> wrote:
>
>> Greetings,
>>
>> Performing security assessment of Cassandra with the goal of generating
>> STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across
>> some questions regarding the way certain security features are implemented
>> (or not) in Cassandra.
>>
>> I composed the list of questions on these topics, which I wasn't able to
>> find definitive answer to anywhere else and posted it here:
>>
>> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>>
>> It is shared with all the members of that list, and any of the members of
>> this list is welcome to comment on this document (there is a place for
>> community comments specially reserved near each of the questions and my
>> take on it).
>>
>> I would greatly appreciate Cassandra community help here.
>>
>> Thanks,
>>
>> Oleg
>>
>
>
Re: Security assessment of Cassandra
Posted by oleg yusim <ol...@gmail.com>.
Greetings,
Following Jack's and Matt's suggestions, I moved the doc to Google Docs and
added to it all the security gaps in Cassandra I was able to discover
(please, see second table below fist).
Here is an updated link to my document:
https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing
Thanks,
Oleg
On Thu, Feb 11, 2016 at 2:29 PM, oleg yusim <ol...@gmail.com> wrote:
> Greetings,
>
> Performing security assessment of Cassandra with the goal of generating
> STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some
> questions regarding the way certain security features are implemented (or
> not) in Cassandra.
>
> I composed the list of questions on these topics, which I wasn't able to
> find definitive answer to anywhere else and posted it here:
>
> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>
> It is shared with all the members of that list, and any of the members of
> this list is welcome to comment on this document (there is a place for
> community comments specially reserved near each of the questions and my
> take on it).
>
> I would greatly appreciate Cassandra community help here.
>
> Thanks,
>
> Oleg
>