shield your cluster
play

Shield your cluster Security with Elasticsearch Alexander Reelsen - PowerPoint PPT Presentation

Dec 25, 2023 •965 likes •1.52k views

Shield your cluster Security with Elasticsearch Alexander Reelsen @spinscale alex@elastic.co Agenda Why? How? Q & A What? Next? Who? About 2012 Elasticsearch got founded Series A investment Trainings Supports subscriptions

  1. Shield your cluster Security with Elasticsearch Alexander Reelsen @spinscale alex@elastic.co

  2. Agenda Why? How? Q & A What? Next? Who?

  3. About 2012 Elasticsearch got founded Series A investment Trainings Supports subscriptions

  4. About 2012 2013 Series B investment Kibana Elasticsearch for Apache Hadoop Integration Logstash Elasticsearch Clients Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

  5. About 2012 2013 2014 Series C investment Marvel released

  6. About 2012 2013 2014 2015 Shield goes GA First user conference & rebrand Found acquired Packetbeat joins Watcher in beta

  7. About 2012 2013 2014 2015 Joined in March 2013 Working on Elasticsearch & Shield Development, Trainings, Conferences, Support, Blog posts We're hiring...

  8. Why? How? Q & A What? Next? Who?

  9. Why? Elasticsearch: No security OOTB No encrypted communication No Authorization No Authentication No Audit Logging

  10. nginx in front client nginx ES Filter by HTTP method, URI or IP User management via basic auth Use aliases & filters

  11. nginx in front client nginx ES How to solve multi index operations? GET /logs-2015.10.10,evil,logs-2015.10.11 { "query" : { "match_all": {} } }

  12. nginx in front client nginx ES How to solve bulk/multi operations? { "index" : { "_index" : "test1", "_type" : "type1", "_id" : "1" } } { "field1" : "value1" } { "delete" : { "_index" : "test2", "_type" : "type1", "_id" : "2" } } { "create" : { "_index" : "test3", "_type" : "type1", "_id" : "3" } } { "field1" : "value3" } { "update" : {"_id" : "1", "_type" : "type1", "_index" : "test4"} } { "doc" : {"field2" : "value2"} }

  13. nginx in front client nginx ES HTTP/Transport Prevent unwanted accesses

  14. nginx in front client nginx ES Firewall

  15. operational overhead client ACL Data IP Filtering Configuration scattered across systems

  16. operational overhead client ACL Data IP Filtering Directory Configuration scattered across systems

  17. Why? How? Q & A What? Next? Who?

  18. How? Elasticsearch modular & pluggable Security as a plugin HTTP + Transport protocols Integration into the ELK stack!

  19. How? Authentication auth_token Authorization Elasticsearch Elasticsearch

  20. How? Authentication auth_token Authorization 200 OK Elasticsearch Elasticsearch

  21. How? Authentication auth_token Authorization 401 Unauthorized Elasticsearch Elasticsearch

  22. How? Getting up and running is easy Install elasticsearch 1.6 bin/plugin install elasticsearch/license/latest bin/plugin install elasticsearch/shield/latest

  23. Why? How? Q & A What? Next? Who?

  24. What? IP Filtering Encrypted communication Authentication Authorization Audit Trail

  25. IP Filtering Configurable in elasticsearch.yml Can be updated dynamically via cluster update settings API shield.transport.filter: allow: "192.168.0.1" deny: "192.168.0.0/24"

  26. Encrypted communication keystore required different config for HTTP and transport protocol (+profiles) shield.ssl.keystore.path: /path/to/keystore.jks shield.ssl.keystore.password: secret shield.transport.ssl: true shield.http.ssl: true

  27. Authentication "Who are you?" Auth mechanisms are called realms Available: esusers , ldap , ad , pki Realms can be chained Support for caching & API for clearing

  28. Authentication shield.authc: realms: esusers: type: esusers order: 0 ldap1: type: ldap order: 1 enabled: false url: 'url_to_ldap1' ... ad1: type: active_directory order: 3 url: 'url_to_ad'

  29. ESusers realm Local files, can be changed via CLI Elasticsearch watches file changes & reloads config/shield/users config/shield/users_roles

  30. ESusers realm bin/shield/esusers useradd alex bin/shield/esusers roles alex -a admin -r user bin/shield/esusers list bin/shield/esusers userdel alex

  31. Anonymous access Fallback to configurable user Disabled by default shield.authc: anonymous: username: anonymous_user roles: role1, role2

  32. Authorization "Are you allowed to do that?" File: config/shield/roles.yml admin: cluster: all indices: '*': all

  33. Role Based Access Control role named set of permissions permission set of cluster wide privileges set of indices/aliases specific privileges privilege set of one or more action names /_search ⬌ indices:data/read/search

  34. Role Based Access Control role permission admin: cluster: all indices: '*': all

  35. Authorization user: indices: '*': read events_user: indices: 'events_*': read

  36. Authorization logfile_user_readonly: indices: "logstash-201?-*": read get_user: indices: 'events_index': 'indices:data/read/get'

  37. Audit Trail Writes an own audit log file Implemented as logger Logs different types of event based on log level (ip filtering, tampered requests, access denied, auth failed) shield.audit.enabled: true

  38. Integration Transport Client Logstash Kibana 3/4 Watcher Marvel

  39. Transport Client TransportClient client = new TransportClient(builder() .put("cluster.name", "myClusterName") .put("shield.user", "test_user:changeme") .put("shield.ssl.keystore.path", "/path/to/client.jks") .put("shield.ssl.keystore.password", "password") .put("shield.transport.ssl", "true")) .addTransportAddress(new InetSocketTransportAddress("localhost", 9300));

  40. Why? How? Q & A What? Next? Who?

  41. Who? Use-case 1: Monitoring application No write access Cluster Health Nodes stats/info Indices Stats

  42. Use-case 2: Logstash No read access (unless input is used) Indices: Indexing Cluster: Index templates

  43. Use-case 3: Marvel marvel_user: cluster: cluster:monitor/nodes/info, cluster:admin/plugin/license/get indices: '.marvel-*': all marvel_agent: cluster: indices:admin/template/get, indices:admin/template/put indices: '.marvel-*': indices:data/write/bulk, create_index

  44. Use-case 4: Ecommerce bulk: indices: 'products_*': write, manage, read updater: indices: 'products': index, delete, indices:admin/optimize webshop: indices: 'products': search, get

  45. Use-case 4: Ecommerce monitoring: cluster: monitor indices: '*': monitor sales_rep : indices: 'sales_*' : all 'social_events' : data_access, monitor

  46. Why? How? Q & A What? Next? Who?

  47. Next? Simplify SSL configuration API driven user/role management Open up realms API Field-level security Index Audit Trail into ES

  48. Why? How? Q & A What? Next? Who?

  49. Q & A Thanks for listening! Alexander Reelsen @spinscale alex@elastic.co We're hiring https://www.elastic.co/about/careers We're helping https://www.elastic.co/subscriptions

  50. Resources Shield documentation https://www.elastic.co/guide/en/shield/current/index.html Shield: Security in ELK https://www.elastic.co/elasticon/2015/sf/security-in-elk Shield and Beyond: Recommendations for a Secure ELK Environment https://www.elastic.co/webinars/shield-and-beyond

  51. Resources https://discuss.elastic.co/c/shield

  52. Resources

  53. Resources

  54. Q & A Thanks for listening! Alexander Reelsen @spinscale alex@elastic.co We're hiring https://www.elastic.co/about/careers We're helping https://www.elastic.co/subscriptions

Recommend

EE 109 Unit 6 LCD Interfacing 6.2 LCD BOARD 6.3 The EE 109 LCD Shield The LCD shield is a

EE 109 Unit 6 LCD Interfacing 6.2 LCD BOARD 6.3 The EE 109 LCD Shield The LCD shield is a

6.1 EE 109 Unit 6 LCD Interfacing 6.2 LCD BOARD 6.3 The EE 109 LCD Shield The LCD shield is a 16 character by 2 row LCD that mounts on top of the Arduino Uno. The shield also contains five buttons that can be used as input sources.

569 views • 35 slides
EE 109 Unit 9 LCD LCD BOARD 9.3 9.4 How Do We Use It? The EE 109 LCD Shield The LCD

EE 109 Unit 9 LCD LCD BOARD 9.3 9.4 How Do We Use It? The EE 109 LCD Shield The LCD

9.1 9.2 EE 109 Unit 9 LCD LCD BOARD 9.3 9.4 How Do We Use It? The EE 109 LCD Shield The LCD shield is a _____________________ By sending it ______(i.e. _________________ LCD that mounts on top of the Arduino Uno. one at a time)

259 views • 8 slides
Shield Absent Clear Court Guidance Understanding the Scope of the Shield, Leveraging the Defense,

Shield Absent Clear Court Guidance Understanding the Scope of the Shield, Leveraging the Defense,

Presenting a live 90-minute webinar with interactive Q&A Navigating the Clean Water Act Permit Shield Absent Clear Court Guidance Understanding the Scope of the Shield, Leveraging the Defense, Minimizing Liability TUESDAY, JUNE 16, 2015 1pm

433 views • 27 slides
EE 109 Unit 6 LCD Interfacing LCD BOARD 6.3 6.4 How Do We Use It? The EE 109 LCD Shield

EE 109 Unit 6 LCD Interfacing LCD BOARD 6.3 6.4 How Do We Use It? The EE 109 LCD Shield

6.1 6.2 EE 109 Unit 6 LCD Interfacing LCD BOARD 6.3 6.4 How Do We Use It? The EE 109 LCD Shield The LCD shield is a ____________________ By sending it ________ (i.e. ______________ LCD that mounts on top of the Arduino Uno. one at

614 views • 9 slides
Cool Down Cool Down Study of Study of 70 K 70 K Thermal Shield of Thermal Shield of 650MHz

Cool Down Cool Down Study of Study of 70 K 70 K Thermal Shield of Thermal Shield of 650MHz

Cool Down Cool Down Study of Study of 70 K 70 K Thermal Shield of Thermal Shield of 650MHz 650MHz Cryomodule Cryomodule Abhishek Jain, Rupul Ghosh, Shailesh Gilankar, Prashant Khare, Pradeep Kush, A Laxminarayan Outline of talk Part I

548 views • 25 slides
Shield Silver Shield is a patented product that destroys surface bacteria viruses and mold It

Shield Silver Shield is a patented product that destroys surface bacteria viruses and mold It

Remarkable Uses Of Silver Shield Silver Shield is a patented product that destroys surface bacteria viruses and mold It is a powerful surface disinfectant that is able to purify water and help maintain good health United States Patent #

773 views • 58 slides
RECURRENCE WHAT CAUSES CLUSTER HEADACHES? Occasionally referred to as alarm headaches

RECURRENCE WHAT CAUSES CLUSTER HEADACHES? Occasionally referred to as alarm headaches

10/4/18 QUESTIONS : CLUSTER HEADACHES: 1. Have any of you heard of cluster THE WORST PAIN POSSIBLE? headaches? 2. Do you know someone who suffers from cluster headaches? WHAT ARE CLUSTER HEADACHES? TRIGEMINAL NERVE A neurological

514 views • 3 slides
Cluster Presentation Cluster Presentation EU-EECA ICT Cluster is the joint effort of three

Cluster Presentation Cluster Presentation EU-EECA ICT Cluster is the joint effort of three

Cluster Presentation Cluster Presentation EU-EECA ICT Cluster is the joint effort of three FP7-ICT support actions (ISTOK-SOYUZ, SCUBE-ICT, EXTEND) to strengthen the collaboration in ICT research between European Union and Eastern Europe and

3.41k views • 11 slides
Getting started on the cluster Learning Objectives Describe the structure of a compute cluster

Getting started on the cluster Learning Objectives Describe the structure of a compute cluster

Getting started on the cluster Learning Objectives Describe the structure of a compute cluster Log in to the cluster Demonstrate how to start an interactive session with the SLURM job scheduler 2 Cluster Architecture 3 Cluster Terminology

616 views • 14 slides
SHIELD: Target, Test, Tell Draft Presentation for Discussion Purposes 1 COVID-19 SHIELD employs

SHIELD: Target, Test, Tell Draft Presentation for Discussion Purposes 1 COVID-19 SHIELD employs

SHIELD: Target, Test, Tell Draft Presentation for Discussion Purposes 1 COVID-19 SHIELD employs a target, test, tell strategy Target Test Tell Modeling to guide test Fast, scalable saliva Digital exposure frequency and PCR test for SARS-

357 views • 10 slides
Volcanoes Shield Volcanoes What Where Life Cycle with reference to Kauai Composite Volcanoes

Volcanoes Shield Volcanoes What Where Life Cycle with reference to Kauai Composite Volcanoes

Volcanoes Shield Volcanoes What Where Life Cycle with reference to Kauai Composite Volcanoes Shield Volcanoes What are they? A shield volcano is a type of volcano usually built almost entirely of fluid lava flows. They are named for

601 views • 33 slides
history and drivers The Aerospace Cluster The Cluster-Association The Aerospace Cluster The

history and drivers The Aerospace Cluster The Cluster-Association The Aerospace Cluster The

history and drivers The Aerospace Cluster The Cluster-Association The Aerospace Cluster The Cluster-Association The Aerospace Value Chain made up by 64 Members who directly generated Having doubled Turnover and Employment in

584 views • 25 slides
CIMI - SHIELD T h e P r e v e n t i v e S o l u t i o n t o t h e B e d B u g P r o b l e m

CIMI - SHIELD T h e P r e v e n t i v e S o l u t i o n t o t h e B e d B u g P r o b l e m

NOW the Hospitality industry can Prevent / Control the Bed Bug Problem! Introducing CIMI - SHIELD T h e P r e v e n t i v e S o l u t i o n t o t h e B e d B u g P r o b l e m A Revolutionary product thats economical, easy to spray by

84 views • 5 slides
W g v W g W g g v g W g W g W g (4) j M g u g

W g v W g W g g v g W g W g W g (4) j M g u g

A Course in Applied Econometrics 1 . The Linear Model with Cluster Effects . Lecture 7 : Cluster Sampling For each group or cluster g , let y gm , x g , z gm : m 1,..., M g be the observable data, where M g is the number of

403 views • 7 slides
(UAE) Gold Shield Technical Services (UAE) Marbella Marble Trading (Turkey) KAMCOM

(UAE) Gold Shield Technical Services (UAE) Marbella Marble Trading (Turkey) KAMCOM

Golden Shield Fire Fighting Safety Equipment Installation (UAE) Gold Shield Technical Services (UAE) Marbella Marble Trading (Turkey) KAMCOM International FZC (UAE) Alam Al Murjan General GENETECH Trading & Contracting (Pakistan)

564 views • 14 slides
Mu2e Remote Handling Shield Door, Air Seal, and Transfer Cart Design Status Dave Pushka Mu2e

Mu2e Remote Handling Shield Door, Air Seal, and Transfer Cart Design Status Dave Pushka Mu2e

Mu2e Remote Handling Shield Door, Air Seal, and Transfer Cart Design Status Dave Pushka Mu2e Target, Remote Handling, and Heat & Radiation Shield Review November 16-18, 2015 Items Addressed in this Talk: Shield Door between the

569 views • 29 slides
Temporary Floor Protector Overview u Jona Shield is a temporary floor protection that is

Temporary Floor Protector Overview u Jona Shield is a temporary floor protection that is

Temporary Floor Protector Overview u Jona Shield is a temporary floor protection that is breathable, waterproof, anti-skid and reusable. Jona Shield is reverse wound and with its adhesive underside, it allows for quick installation that retains

81 views • 6 slides
emergency response modeling Jeffrey Copeland PhD Urban Shield Objectives: To predict the

emergency response modeling Jeffrey Copeland PhD Urban Shield Objectives: To predict the

Shield A system for urban emergency response modeling Jeffrey Copeland PhD Urban Shield Objectives: To predict the transport of hazardous materials that are released into the atmosphere in urban areas. Provide results to other systems

590 views • 26 slides
1 CPU-Intensive Jobs Taskfarming Parallelisable, for example Taskfarming Sentence by sentence

1 CPU-Intensive Jobs Taskfarming Parallelisable, for example Taskfarming Sentence by sentence

Outline Why do we need a cluster? Architecture: Machines and Properties Taskfarming Estimating Walltime Limits Common Pitfalls of Using the Cluster Joachim Wagner 2009-07-01 Why do we need a cluster? Cluster Architecture More efficient and

249 views • 4 slides
MS Cluster on KVM Vadim Rozenfeld vrozenfe@redhat.com 25 Aug, 2016 Cluster: Servers Combined to

MS Cluster on KVM Vadim Rozenfeld vrozenfe@redhat.com 25 Aug, 2016 Cluster: Servers Combined to

MS Cluster on KVM Vadim Rozenfeld vrozenfe@redhat.com 25 Aug, 2016 Cluster: Servers Combined to Improve Availability and Scalability. - Cluster: A group of independent systems working together as a single system. Clients see scalable and

903 views • 28 slides
Cebu - Shelter Cluster Meeting 14:00, Dec 13, 2013 Shelter Cluster Philippines

Cebu - Shelter Cluster Meeting 14:00, Dec 13, 2013 Shelter Cluster Philippines

Cebu - Shelter Cluster Meeting 14:00, Dec 13, 2013 Shelter Cluster Philippines ShelterCluster.org Coordinating Humanitarian Shelter Agenda 1. Introductions - Last meeting's minutes review 2. Shelter Cluster update - Strategic Response Plan

375 views • 21 slides
Computing Cluster Usage Visualization Tool Compu&ng Cluster Usage Visualiza&on

Computing Cluster Usage Visualization Tool Compu&ng Cluster Usage Visualiza&on

Computing Cluster Usage Visualization Tool Compu&ng Cluster Usage Visualiza&on Tool Sinisa Jovanovic Prometheus - Cluster Computer Cluster utilization November 2012 01.11. 30.11. Compu&ng

319 views • 11 slides
Computing Cluster Usage Visualization Tool Compu&ng Cluster Usage Visualiza&on

Computing Cluster Usage Visualization Tool Compu&ng Cluster Usage Visualiza&on

Computing Cluster Usage Visualization Tool Compu&ng Cluster Usage Visualiza&on Tool Sinisa Jovanovic Prometheus - Cluster Computer Cluster utilization December 2012 01.12. 31.12. Compu&ng

265 views • 12 slides
Photo(C)John Rodsted www.stopclustermunitions.org Cluster bombs The cluster bomb problem A

Photo(C)John Rodsted www.stopclustermunitions.org Cluster bombs The cluster bomb problem A

Photo(C)John Rodsted www.stopclustermunitions.org Cluster bombs The cluster bomb problem A cluster bomb releases dozens to hundreds of submunitions shattering over vast amounts of land It is an indiscriminate weapon; it cant

393 views • 13 slides

More recommend