You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by Marc Richter <ma...@marc-richter.info> on 2019/06/28 13:55:13 UTC
Securing cluster communication
Hi everyone,
I'm completely new to Cassandra DB, so please do not roast me for asking
obvious stuff.
I managed to setup one Cassandra node and enter some data to it,
successfully. Next, I installed a second node, which connects to that
first one via port 7000 and sync all that data from it. This worked fine
as well.
But doing so, it leaves me puzzled a bit because of the security aspect
of this: Neither did I need to authenticate to the seeding (first) node,
nor did I find a resource which describes how to secure that cluster
communication by implementing some kind of authentication, which
prevents everyone on the same net to connect to the nodes.
How is this dealt with in Cassandra? Is setting up firewalls the only
way to allow only some nodes to connect to the ports 7000/7001?
BR,
Marc
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
For additional commands, e-mail: user-help@cassandra.apache.org
Re: Securing cluster communication
Posted by Hannu Kröger <hk...@gmail.com>.
I would start checking this page: http://cassandra.apache.org/doc/latest/operating/security.html
Then move to this:
https://thelastpickle.com/blog/2015/09/30/hardening-cassandra-step-by-step-part-1-server-to-server.html
Cheers,
Hannu
> Marc Richter <ma...@marc-richter.info> kirjoitti 28.6.2019 kello 16.55:
>
> Hi everyone,
>
> I'm completely new to Cassandra DB, so please do not roast me for asking obvious stuff.
>
> I managed to setup one Cassandra node and enter some data to it, successfully. Next, I installed a second node, which connects to that first one via port 7000 and sync all that data from it. This worked fine as well.
>
> But doing so, it leaves me puzzled a bit because of the security aspect of this: Neither did I need to authenticate to the seeding (first) node, nor did I find a resource which describes how to secure that cluster communication by implementing some kind of authentication, which prevents everyone on the same net to connect to the nodes.
>
> How is this dealt with in Cassandra? Is setting up firewalls the only way to allow only some nodes to connect to the ports 7000/7001?
>
> BR,
> Marc
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: user-help@cassandra.apache.org
>
Re: Securing cluster communication
Posted by Oleksandr Shulgin <ol...@zalando.de>.
On Fri, Jun 28, 2019 at 3:57 PM Marc Richter <ma...@marc-richter.info> wrote:
>
> How is this dealt with in Cassandra? Is setting up firewalls the only
> way to allow only some nodes to connect to the ports 7000/7001?
>
Hi,
You can set
server_encryption_options:
internode_encryption: all
...
and distribute the same key/trust-store on each node of the same cluster.
Cheers,
--
Alex