Center for Internet Security Benchmark for Cassandra 4.0

[Joseph Testa]

Is anyone here on the list interested in helping out in working on the next
version of the benchmark?

Would love some assistance and you can potentially get your name on the
document as an author :)

Feel free to reach out, we're always looking for new contributors, you can
check them out here:

https://www.cisecurity.org/

Thanks, Joe

Apache Thrift library 0.9.2 update due to security vulnerability?

[Steinmaurer, Thomas]

Hello,

a Blackduck security scan of our product detected a security vulnerability in 
the Apache Thrift library 0.9.2, which is shipped in Cassandra up to 3.11 
(haven't checked 4.0), also pointed out here:
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-38295/Apache-Thrift.html

Any plans to upgrade the Apache Thrift library?

Thanks,
Thomas


The contents of this e-mail are intended for the named addressee only. It 
contains information that may be confidential. Unless you are the named 
addressee or an authorized designee, you may not copy or use it, or disclose it 
to anyone else. If you received it in error please notify us immediately and 
then destroy it. Dynatrace Austria GmbH (registration number FN 91482h) is a 
company registered in Linz whose registered office is at 4040 Linz, Austria, 
Freist?dterstra?e 313

Security question

[Joseph Testa]

'm working on center for internet security (CIS) security becnhmark for
Cassandra, is there anyone who'd be interested in helping out with it?

Feel free to email me direct at i...@dbsec-it.com and we can discuss,

thanks, Joe

Re: Security Updates

[kurt greaves]

Regarding security releases, nothing currently exists to notify users when
security related patches are released. At the moment I imagine
announcements would only be made in NEWS.txt or on the user mailing list...
but only if you're lucky.

On 31 January 2018 at 19:18, Michael Shuler <mich...@pbandjelly.org> wrote:

> I should also mention the dev@ mailing list - this is where the [VOTE]
> emails are sent and you'd get an advanced heads up on upcoming releases,
> along with the release emails that are sent to both user@ and dev@. The
> dev@ traffic is generally lower than user@, so pretty easy to spot votes
> & releases.
>
> --
> Michael
>
> On 01/31/2018 01:12 PM, Michael Shuler wrote:
> > I usually install cron-apt for Ubuntu & Debian, forward and read root's
> > email to be notified of all system upgrades, including Cassandra.
> >
> > There are likely other utilities for other operating systems, or just a
> > cron script that checks for system update & emails would work, too.
> >
> > Also, it's possible to use something like urlwatch to look for changes
> > on http://cassandra.apache.org/download/ or any site, email out a
> > notification, etc. Maybe http://fetchrss.com/ or similar would work?
> >
> > I think there are a multitude of immediate ways to do this, until there
> > is a site patch submitted to JIRA for RSS addition.
> >
>
>
> -
> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
> For additional commands, e-mail: user-h...@cassandra.apache.org
>
>

Re: Security Updates

[Michael Shuler]

I should also mention the dev@ mailing list - this is where the [VOTE]
emails are sent and you'd get an advanced heads up on upcoming releases,
along with the release emails that are sent to both user@ and dev@. The
dev@ traffic is generally lower than user@, so pretty easy to spot votes
& releases.

-- 
Michael

On 01/31/2018 01:12 PM, Michael Shuler wrote:
> I usually install cron-apt for Ubuntu & Debian, forward and read root's
> email to be notified of all system upgrades, including Cassandra.
> 
> There are likely other utilities for other operating systems, or just a
> cron script that checks for system update & emails would work, too.
> 
> Also, it's possible to use something like urlwatch to look for changes
> on http://cassandra.apache.org/download/ or any site, email out a
> notification, etc. Maybe http://fetchrss.com/ or similar would work?
> 
> I think there are a multitude of immediate ways to do this, until there
> is a site patch submitted to JIRA for RSS addition.
> 


-
To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
For additional commands, e-mail: user-h...@cassandra.apache.org

Re: Security Updates

[Michael Shuler]

I usually install cron-apt for Ubuntu & Debian, forward and read root's
email to be notified of all system upgrades, including Cassandra.

There are likely other utilities for other operating systems, or just a
cron script that checks for system update & emails would work, too.

Also, it's possible to use something like urlwatch to look for changes
on http://cassandra.apache.org/download/ or any site, email out a
notification, etc. Maybe http://fetchrss.com/ or similar would work?

I think there are a multitude of immediate ways to do this, until there
is a site patch submitted to JIRA for RSS addition.

-- 
Michael

On 01/31/2018 12:22 PM, Rob Oxspring wrote:
> Hi,
> 
> As a user of Cassandra I'd like to be able to get notified when there are 
> security releases so that I can get my installation patched ASAP. For feature 
> and patch releases I'm happy to come and look at the web page or trawl 
> through some mail archives, but I'd like for security releases to come and 
> find me.
> 
> Is there a dedicated mailing list for this?
> Or a dedicated list for just announcements without everyday chatter?
> An RSS / atom feed would work just as well.
> 
> Thanks,
> 
> Rob Oxspring
> 
> -
> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
> For additional commands, e-mail: user-h...@cassandra.apache.org
> 


-
To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
For additional commands, e-mail: user-h...@cassandra.apache.org

Security Updates

[Rob Oxspring]

Hi,

As a user of Cassandra I'd like to be able to get notified when there are 
security releases so that I can get my installation patched ASAP. For feature 
and patch releases I'm happy to come and look at the web page or trawl through 
some mail archives, but I'd like for security releases to come and find me.

Is there a dedicated mailing list for this?
Or a dedicated list for just announcements without everyday chatter?
An RSS / atom feed would work just as well.

Thanks,

Rob Oxspring

-
To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
For additional commands, e-mail: user-h...@cassandra.apache.org

Re: Internal Security - Authentication & Authorization

[Sam Tunnicliffe]

>
> Here is what I have pieced together. Please let me know if I am on the
> right track.


You're more or less right regarding the built in
authenticator/authorizer/role manager (which are usually referred to as
"internal" as they store their data in Cassandra tables). One important
thing to note is that using the default superuser credentials (i.e. logging
in as 'cassandra') will make these reads happen at QUORUM, not LOCAL_ONE,
which is one of the reasons you shouldn't use those credentials
after initial setup.

There are 2 settings which govern the lifetime of cached auth data. Once an
item has been cached, it becomes eligible for refresh after the update
interval has passed. A get from the cache will trigger this refresh, which
happens in the background and while it's running, the old (maybe stale)
entry is served from the cache. When the validity period expires for a
cache entry, it is removed from the cache and subsequent reads trigger a
blocking fetch from storage.

There is further detail in the docs here:
http://cassandra.apache.org/doc/latest/operating/security.html

 If NOT EXISTS will use SERIAL consistency


This isn't actually true. Because internal storage is just one
implementation of role/user management, it doesn't rely on LWT. Instead,
the configured role manager is consulted before executing the statement,
which is similar to how IF NOT EXISTS in schema updates work.


On Tue, Mar 14, 2017 at 11:44 PM, Jai Bheemsen Rao Dhanwada <
jaibheem...@gmail.com> wrote:

> I have similar question. when we create users or roles what is the
> consistency level used?
>
> I know, If NOT EXISTS will use SERIAL consistency. what consistency will
> be used if just use CREATE USER ?
>
> On Mon, Mar 13, 2017 at 7:09 PM, Jacob Shadix 
> wrote:
>
>> I'm looking for a deeper understanding of how Cassandra interacts with
>> the system_auth keyspace to authenticate/authorize users.
>>
>> Here is what I have pieced together. Please let me know if I am on the
>> right track.
>>
>> A user attempts to connect to Cassandra. Cassandra checks against
>> system_auth for that user @ LOCAL_ONE - - If the user exists, a connection
>> is established. When CQL is executed, C* again checks system_auth for that
>> user @ LOCAL_ONE to determine if it has the correct privileges to perform
>> the CQL. If so, it executes the CQL and the permissions are stored in a
>> cache. During the cache validity timeframe, future requests for ANY user
>> stored in the cache do not require a lookup against system_auth. After the
>> cache validity runs out, any new requests will require a lookup against
>> system_auth.
>>
>> -- Jacob Shadix
>>
>
>

Re: Internal Security - Authentication & Authorization

[kurt greaves]

Jacob, seems you are on the right track however my understanding is that
only the user that was auth'd has their permissions/roles/creds cached.

Also. Cassandra will query at QUORUM for the "cassandra" user, and at
LOCAL_ONE for *all* other users. This is the same for creating users/roles.

Re: Internal Security - Authentication & Authorization

[Jai Bheemsen Rao Dhanwada]

I have similar question. when we create users or roles what is the
consistency level used?

I know, If NOT EXISTS will use SERIAL consistency. what consistency will be
used if just use CREATE USER ?

On Mon, Mar 13, 2017 at 7:09 PM, Jacob Shadix  wrote:

> I'm looking for a deeper understanding of how Cassandra interacts with the
> system_auth keyspace to authenticate/authorize users.
>
> Here is what I have pieced together. Please let me know if I am on the
> right track.
>
> A user attempts to connect to Cassandra. Cassandra checks against
> system_auth for that user @ LOCAL_ONE - - If the user exists, a connection
> is established. When CQL is executed, C* again checks system_auth for that
> user @ LOCAL_ONE to determine if it has the correct privileges to perform
> the CQL. If so, it executes the CQL and the permissions are stored in a
> cache. During the cache validity timeframe, future requests for ANY user
> stored in the cache do not require a lookup against system_auth. After the
> cache validity runs out, any new requests will require a lookup against
> system_auth.
>
> -- Jacob Shadix
>

Internal Security - Authentication & Authorization

[Jacob Shadix]

I'm looking for a deeper understanding of how Cassandra interacts with the
system_auth keyspace to authenticate/authorize users.

Here is what I have pieced together. Please let me know if I am on the
right track.

A user attempts to connect to Cassandra. Cassandra checks against
system_auth for that user @ LOCAL_ONE - - If the user exists, a connection
is established. When CQL is executed, C* again checks system_auth for that
user @ LOCAL_ONE to determine if it has the correct privileges to perform
the CQL. If so, it executes the CQL and the permissions are stored in a
cache. During the cache validity timeframe, future requests for ANY user
stored in the cache do not require a lookup against system_auth. After the
cache validity runs out, any new requests will require a lookup against
system_auth.

-- Jacob Shadix

Re: Security assessment of Cassandra

[Jack Krupansky]

Just following up... Oleg, have you gotten a satisfactory level of feedback
from the community on the security assessment issues?

And if there is any sort of final assessment that can be publicly accessed,
that would be great.

-- Jack Krupansky

On Thu, Feb 11, 2016 at 3:29 PM, oleg yusim <olegyu...@gmail.com> wrote:

> Greetings,
>
> Performing security assessment of Cassandra with the goal of generating
> STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some
> questions regarding the way certain security features are implemented (or
> not) in Cassandra.
>
> I composed the list of questions on these topics, which I wasn't able to
> find definitive answer to anywhere else and posted it here:
>
> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>
> It is shared with all the members of that list, and any of the members of
> this list is welcome to comment on this document (there is a place for
> community comments specially reserved near each of the questions and my
> take on it).
>
> I would greatly appreciate Cassandra community help here.
>
> Thanks,
>
> Oleg
>

Re: Security assessment of Cassandra

[oleg yusim]

Greetings,

Matt brought to my attention that I shared the document at "view only"
mode. My apologies for that. I corrected permissions and shared the
document personally with everybody, who indicated he/she would review it.

Thanks,

Oleg

On Fri, Feb 12, 2016 at 10:33 PM, oleg yusim <olegyu...@gmail.com> wrote:

> Greetings,
>
> Following Jack's and Matt's suggestions, I moved the doc to Google Docs
> and added to it all the security gaps in Cassandra I was able to discover
> (please, see second table below fist).
>
> Here is an updated link to my document:
>
>
> https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing
>
> Thanks,
>
> Oleg
>
> On Thu, Feb 11, 2016 at 2:29 PM, oleg yusim <olegyu...@gmail.com> wrote:
>
>> Greetings,
>>
>> Performing security assessment of Cassandra with the goal of generating
>> STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across
>> some questions regarding the way certain security features are implemented
>> (or not) in Cassandra.
>>
>> I composed the list of questions on these topics, which I wasn't able to
>> find definitive answer to anywhere else and posted it here:
>>
>> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>>
>> It is shared with all the members of that list, and any of the members of
>> this list is welcome to comment on this document (there is a place for
>> community comments specially reserved near each of the questions and my
>> take on it).
>>
>> I would greatly appreciate Cassandra community help here.
>>
>> Thanks,
>>
>> Oleg
>>
>
>

Re: Security labels

[oleg yusim]

Jack,

I updated my document with all the security gaps I was able to find and
posted it there:
https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing

Thanks,

Oleg

On Thu, Feb 11, 2016 at 4:09 PM, oleg yusim <olegyu...@gmail.com> wrote:

> Jack,
>
> I asked my management, if I can share with community my assessment
> spreadsheet (whole thing, with gaps and desired configurations). Let's wait
> for their answer. I would definitely update the document I shared with the
> rest of gaps, so you, guys, would have it for sure.
>
> Now, in case if my management would say no:
>
> 1) Here: http://iase.disa.mil/stigs/Pages/a-z.aspx the document titled
> vRealize Operations STIG would be published. As part of it, there would be
> Cassandra STIG (Cassadra is part of vRealize Operations VMware product).
> This STIG would contain only suggestions on right (from the security point
> of view) configuration, where it can be configured.
> 2) Community would have a full list of gaps (things which are needed, but
> can't be configured) after I would update my document
> 3) The rest of the assessment are Not Applicable and Applicable -
> Inherently Meet items, which nobody is interested at.
> 4) Also, when STIG for vRealize Operations would be published, look at the
> VMware site for Security Guidelines for vRealize Operations. They would be
> posted open to public and you would be able to download them free of
> charge. Those would include mitigation, which VMware implemented for some
> of the Cassandra gaps.
>
> Thanks,
>
> Oleg
>
> On Thu, Feb 11, 2016 at 2:55 PM, Jack Krupansky <jack.krupan...@gmail.com>
> wrote:
>
>> Thanks for putting the items together in a list. This allows people to
>> see things with more context. Give people in the user community a little
>> time to respond. A week, maybe. Hopefully some of the senior Cassandra
>> committers will take a look as well.
>>
>> Will the final assessment become a public document or is it strictly
>> internal for your employer? I know there is a database of these
>> assessments, but I don't know who controls what becomes public and when.
>>
>> -- Jack Krupansky
>>
>> On Thu, Feb 11, 2016 at 3:23 PM, oleg yusim <olegyu...@gmail.com> wrote:
>>
>>> Hi Dani,
>>>
>>> As promised, I sort of put all my questions under the "one roof". I
>>> would really appreciate you opinion on them.
>>>
>>> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>>>
>>> Thanks,
>>>
>>> Oleg
>>>
>>> On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen <
>>> dani.trapha...@datastax.com> wrote:
>>>
>>>> ​Hi Oleg,
>>>>
>>>> Thanks that helped clear things up! This sounds like a daunting task. I
>>>> wish you all the best with it.
>>>>
>>>> Cheers,
>>>> Dani​
>>>>
>>>> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim <olegyu...@gmail.com>
>>>> wrote:
>>>>
>>>>> Dani,
>>>>>
>>>>> I really appreciate you response. Actually, session timeouts and
>>>>> security labels are two different topics (first is about attack when
>>>>> somebody opened, say, ssh window to DB, left his machine unattended and
>>>>> somebody else stole his session, second - to enable DB to support what
>>>>> called MAC access model - stays for mandatory access control. It is widely
>>>>> used in the government and military, but not outside of it, we all are 
>>>>> used
>>>>> to DAC access control model). However, I think you are right and I should
>>>>> move all my queries under the one big roof and call this thread 
>>>>> "Security".
>>>>> I will do this today.
>>>>>
>>>>> Now, about what you have said, I just answered the same to Jon, in
>>>>> Session Timeout thread, but would quickly re-cap here. I understand that
>>>>> Cassandra's architecture was aimed and tailored for completely different
>>>>> type of scenario. However, unfortunately, that doesn't mean that Cassandra
>>>>> is not vulnerable to the same very set of attacks relational database 
>>>>> would
>>>>> be vulnerable to. It just means Cassandra is not protected against those
>>>>> attacks, because protection against them was not thought of, when database
>>>>> was created. I already gave the AAA and session's timeout exam

Re: Security assessment of Cassandra

[oleg yusim]

Greetings,

Following Jack's and Matt's suggestions, I moved the doc to Google Docs and
added to it all the security gaps in Cassandra I was able to discover
(please, see second table below fist).

Here is an updated link to my document:

https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing

Thanks,

Oleg

On Thu, Feb 11, 2016 at 2:29 PM, oleg yusim <olegyu...@gmail.com> wrote:

> Greetings,
>
> Performing security assessment of Cassandra with the goal of generating
> STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some
> questions regarding the way certain security features are implemented (or
> not) in Cassandra.
>
> I composed the list of questions on these topics, which I wasn't able to
> find definitive answer to anywhere else and posted it here:
>
> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>
> It is shared with all the members of that list, and any of the members of
> this list is welcome to comment on this document (there is a place for
> community comments specially reserved near each of the questions and my
> take on it).
>
> I would greatly appreciate Cassandra community help here.
>
> Thanks,
>
> Oleg
>

Re: Security labels

[oleg yusim]

Hi Dani,

As promised, I sort of put all my questions under the "one roof". I would
really appreciate you opinion on them.

https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM

Thanks,

Oleg

On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen <dani.trapha...@datastax.com
> wrote:

> ​Hi Oleg,
>
> Thanks that helped clear things up! This sounds like a daunting task. I
> wish you all the best with it.
>
> Cheers,
> Dani​
>
> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim <olegyu...@gmail.com> wrote:
>
>> Dani,
>>
>> I really appreciate you response. Actually, session timeouts and security
>> labels are two different topics (first is about attack when somebody
>> opened, say, ssh window to DB, left his machine unattended and somebody
>> else stole his session, second - to enable DB to support what called MAC
>> access model - stays for mandatory access control. It is widely used in the
>> government and military, but not outside of it, we all are used to DAC
>> access control model). However, I think you are right and I should move all
>> my queries under the one big roof and call this thread "Security". I will
>> do this today.
>>
>> Now, about what you have said, I just answered the same to Jon, in
>> Session Timeout thread, but would quickly re-cap here. I understand that
>> Cassandra's architecture was aimed and tailored for completely different
>> type of scenario. However, unfortunately, that doesn't mean that Cassandra
>> is not vulnerable to the same very set of attacks relational database would
>> be vulnerable to. It just means Cassandra is not protected against those
>> attacks, because protection against them was not thought of, when database
>> was created. I already gave the AAA and session's timeout example in Jon's
>> thread, and those are just one of many.
>>
>> Now what I'm trying to do, I'm trying to create a STIG - security federal
>> compliance document, which will assess Cassandra against SRG concepts
>> (security federal compliance recommendations for databases overall) and
>> will highlight what is not met, and can't be in current design (i.e. what
>> system architects should keep in mind and what they need to compensate for
>> with other controls on different layers of system model) and  what can be
>> met either with configuration or with little enhancement (and how).
>>
>> That document would be of great help for Cassandra as a product because
>> it would allow it to be marketed as a product with existing security
>> assessment and guidelines, performed according to DoD standards. It would
>> also allow to move product in the general direction of improving its
>> security posture. Finally, the document would be posted on DISA site (
>> http://iase.disa.mil/stigs/Pages/a-z.aspx) available for every security
>> architect to utilize, which would greatly reduce the risk for Cassandra
>> product to be hacked in a field.
>>
>> To clear things out - what I ask about are not my expectations. I really
>> do not expect developers of Cassandra to run and start implementing
>> security labels, just because I asked about it. :) My questions are to
>> build my internal knowledge of DB current design, so that I can build my
>> security assessment based of it, not more, not less.
>>
>> I guess, summarizing what I said on top, from what I'm doing Cassandra as
>> a product would end up benefiting quite a bit. That is why I think it would
>> make sense for Cassandra community to help me with my questions even if
>> they sound completely of the traditional "grid".
>>
>> Thanks again, I really appreciate your response and conversation overall.
>>
>> Oleg
>>
>> On Fri, Jan 29, 2016 at 11:20 AM, Dani Traphagen <
>> dani.trapha...@datastax.com> wrote:
>>
>>> Also -- it looks like you're really asking questions about session
>>> timeouts and security labels as they associate, would be more helpful to
>>> keep in one thread. :)
>>>
>>>
>>> On Friday, January 29, 2016, Dani Traphagen <dani.trapha...@datastax.com>
>>> wrote:
>>>
>>>> Hi Oleg,
>>>>
>>>> I understand your frustration but unfortunately, in the terms of your
>>>> security assessment, you have fallen into a mismatch for Cassandra's
>>>> utility.
>>>>
>>>> The eventuality of having multiple sockets open without the query input
>>>> for long durations of time isn't something that was
>>>> architected...because...Cassnadra was built to take mas

Re: Security labels

[Dani Traphagen]

Hi Oleg,

I'm happy to take a look. Will update after review.

Thanks,
Dani

On Thu, Feb 11, 2016 at 12:23 PM, oleg yusim <olegyu...@gmail.com> wrote:

> Hi Dani,
>
> As promised, I sort of put all my questions under the "one roof". I would
> really appreciate you opinion on them.
>
> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>
> Thanks,
>
> Oleg
>
> On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen <
> dani.trapha...@datastax.com> wrote:
>
>> ​Hi Oleg,
>>
>> Thanks that helped clear things up! This sounds like a daunting task. I
>> wish you all the best with it.
>>
>> Cheers,
>> Dani​
>>
>> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim <olegyu...@gmail.com> wrote:
>>
>>> Dani,
>>>
>>> I really appreciate you response. Actually, session timeouts and
>>> security labels are two different topics (first is about attack when
>>> somebody opened, say, ssh window to DB, left his machine unattended and
>>> somebody else stole his session, second - to enable DB to support what
>>> called MAC access model - stays for mandatory access control. It is widely
>>> used in the government and military, but not outside of it, we all are used
>>> to DAC access control model). However, I think you are right and I should
>>> move all my queries under the one big roof and call this thread "Security".
>>> I will do this today.
>>>
>>> Now, about what you have said, I just answered the same to Jon, in
>>> Session Timeout thread, but would quickly re-cap here. I understand that
>>> Cassandra's architecture was aimed and tailored for completely different
>>> type of scenario. However, unfortunately, that doesn't mean that Cassandra
>>> is not vulnerable to the same very set of attacks relational database would
>>> be vulnerable to. It just means Cassandra is not protected against those
>>> attacks, because protection against them was not thought of, when database
>>> was created. I already gave the AAA and session's timeout example in Jon's
>>> thread, and those are just one of many.
>>>
>>> Now what I'm trying to do, I'm trying to create a STIG - security
>>> federal compliance document, which will assess Cassandra against SRG
>>> concepts (security federal compliance recommendations for databases
>>> overall) and will highlight what is not met, and can't be in current design
>>> (i.e. what system architects should keep in mind and what they need to
>>> compensate for with other controls on different layers of system model) and
>>>  what can be met either with configuration or with little enhancement (and
>>> how).
>>>
>>> That document would be of great help for Cassandra as a product because
>>> it would allow it to be marketed as a product with existing security
>>> assessment and guidelines, performed according to DoD standards. It would
>>> also allow to move product in the general direction of improving its
>>> security posture. Finally, the document would be posted on DISA site (
>>> http://iase.disa.mil/stigs/Pages/a-z.aspx) available for every security
>>> architect to utilize, which would greatly reduce the risk for Cassandra
>>> product to be hacked in a field.
>>>
>>> To clear things out - what I ask about are not my expectations. I really
>>> do not expect developers of Cassandra to run and start implementing
>>> security labels, just because I asked about it. :) My questions are to
>>> build my internal knowledge of DB current design, so that I can build my
>>> security assessment based of it, not more, not less.
>>>
>>> I guess, summarizing what I said on top, from what I'm doing Cassandra
>>> as a product would end up benefiting quite a bit. That is why I think it
>>> would make sense for Cassandra community to help me with my questions even
>>> if they sound completely of the traditional "grid".
>>>
>>> Thanks again, I really appreciate your response and conversation overall.
>>>
>>> Oleg
>>>
>>> On Fri, Jan 29, 2016 at 11:20 AM, Dani Traphagen <
>>> dani.trapha...@datastax.com> wrote:
>>>
>>>> Also -- it looks like you're really asking questions about session
>>>> timeouts and security labels as they associate, would be more helpful to
>>>> keep in one thread. :)
>>>>
>>>>
>>>> On Friday, January 29, 2016, Dani Traphagen <
>>>> dani.trapha

Security assessment of Cassandra

[oleg yusim]

Greetings,

Performing security assessment of Cassandra with the goal of generating
STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some
questions regarding the way certain security features are implemented (or
not) in Cassandra.

I composed the list of questions on these topics, which I wasn't able to
find definitive answer to anywhere else and posted it here:

https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM

It is shared with all the members of that list, and any of the members of
this list is welcome to comment on this document (there is a place for
community comments specially reserved near each of the questions and my
take on it).

I would greatly appreciate Cassandra community help here.

Thanks,

Oleg

Re: Security labels

[oleg yusim]

Thanks Dani.

Oleg

On Thu, Feb 11, 2016 at 2:27 PM, Dani Traphagen <dani.trapha...@datastax.com
> wrote:

> Hi Oleg,
>
> I'm happy to take a look. Will update after review.
>
> Thanks,
> Dani
>
> On Thu, Feb 11, 2016 at 12:23 PM, oleg yusim <olegyu...@gmail.com> wrote:
>
>> Hi Dani,
>>
>> As promised, I sort of put all my questions under the "one roof". I would
>> really appreciate you opinion on them.
>>
>> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>>
>> Thanks,
>>
>> Oleg
>>
>> On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen <
>> dani.trapha...@datastax.com> wrote:
>>
>>> ​Hi Oleg,
>>>
>>> Thanks that helped clear things up! This sounds like a daunting task. I
>>> wish you all the best with it.
>>>
>>> Cheers,
>>> Dani​
>>>
>>> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim <olegyu...@gmail.com>
>>> wrote:
>>>
>>>> Dani,
>>>>
>>>> I really appreciate you response. Actually, session timeouts and
>>>> security labels are two different topics (first is about attack when
>>>> somebody opened, say, ssh window to DB, left his machine unattended and
>>>> somebody else stole his session, second - to enable DB to support what
>>>> called MAC access model - stays for mandatory access control. It is widely
>>>> used in the government and military, but not outside of it, we all are used
>>>> to DAC access control model). However, I think you are right and I should
>>>> move all my queries under the one big roof and call this thread "Security".
>>>> I will do this today.
>>>>
>>>> Now, about what you have said, I just answered the same to Jon, in
>>>> Session Timeout thread, but would quickly re-cap here. I understand that
>>>> Cassandra's architecture was aimed and tailored for completely different
>>>> type of scenario. However, unfortunately, that doesn't mean that Cassandra
>>>> is not vulnerable to the same very set of attacks relational database would
>>>> be vulnerable to. It just means Cassandra is not protected against those
>>>> attacks, because protection against them was not thought of, when database
>>>> was created. I already gave the AAA and session's timeout example in Jon's
>>>> thread, and those are just one of many.
>>>>
>>>> Now what I'm trying to do, I'm trying to create a STIG - security
>>>> federal compliance document, which will assess Cassandra against SRG
>>>> concepts (security federal compliance recommendations for databases
>>>> overall) and will highlight what is not met, and can't be in current design
>>>> (i.e. what system architects should keep in mind and what they need to
>>>> compensate for with other controls on different layers of system model) and
>>>>  what can be met either with configuration or with little enhancement (and
>>>> how).
>>>>
>>>> That document would be of great help for Cassandra as a product because
>>>> it would allow it to be marketed as a product with existing security
>>>> assessment and guidelines, performed according to DoD standards. It would
>>>> also allow to move product in the general direction of improving its
>>>> security posture. Finally, the document would be posted on DISA site (
>>>> http://iase.disa.mil/stigs/Pages/a-z.aspx) available for every
>>>> security architect to utilize, which would greatly reduce the risk for
>>>> Cassandra product to be hacked in a field.
>>>>
>>>> To clear things out - what I ask about are not my expectations. I
>>>> really do not expect developers of Cassandra to run and start implementing
>>>> security labels, just because I asked about it. :) My questions are to
>>>> build my internal knowledge of DB current design, so that I can build my
>>>> security assessment based of it, not more, not less.
>>>>
>>>> I guess, summarizing what I said on top, from what I'm doing Cassandra
>>>> as a product would end up benefiting quite a bit. That is why I think it
>>>> would make sense for Cassandra community to help me with my questions even
>>>> if they sound completely of the traditional "grid".
>>>>
>>>> Thanks again, I really appreciate your response and conversation
>>>> overall.
>>>>
>>>

Re: Security labels

[Jack Krupansky]

Thanks for putting the items together in a list. This allows people to see
things with more context. Give people in the user community a little time
to respond. A week, maybe. Hopefully some of the senior Cassandra
committers will take a look as well.

Will the final assessment become a public document or is it strictly
internal for your employer? I know there is a database of these
assessments, but I don't know who controls what becomes public and when.

-- Jack Krupansky

On Thu, Feb 11, 2016 at 3:23 PM, oleg yusim <olegyu...@gmail.com> wrote:

> Hi Dani,
>
> As promised, I sort of put all my questions under the "one roof". I would
> really appreciate you opinion on them.
>
> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>
> Thanks,
>
> Oleg
>
> On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen <
> dani.trapha...@datastax.com> wrote:
>
>> ​Hi Oleg,
>>
>> Thanks that helped clear things up! This sounds like a daunting task. I
>> wish you all the best with it.
>>
>> Cheers,
>> Dani​
>>
>> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim <olegyu...@gmail.com> wrote:
>>
>>> Dani,
>>>
>>> I really appreciate you response. Actually, session timeouts and
>>> security labels are two different topics (first is about attack when
>>> somebody opened, say, ssh window to DB, left his machine unattended and
>>> somebody else stole his session, second - to enable DB to support what
>>> called MAC access model - stays for mandatory access control. It is widely
>>> used in the government and military, but not outside of it, we all are used
>>> to DAC access control model). However, I think you are right and I should
>>> move all my queries under the one big roof and call this thread "Security".
>>> I will do this today.
>>>
>>> Now, about what you have said, I just answered the same to Jon, in
>>> Session Timeout thread, but would quickly re-cap here. I understand that
>>> Cassandra's architecture was aimed and tailored for completely different
>>> type of scenario. However, unfortunately, that doesn't mean that Cassandra
>>> is not vulnerable to the same very set of attacks relational database would
>>> be vulnerable to. It just means Cassandra is not protected against those
>>> attacks, because protection against them was not thought of, when database
>>> was created. I already gave the AAA and session's timeout example in Jon's
>>> thread, and those are just one of many.
>>>
>>> Now what I'm trying to do, I'm trying to create a STIG - security
>>> federal compliance document, which will assess Cassandra against SRG
>>> concepts (security federal compliance recommendations for databases
>>> overall) and will highlight what is not met, and can't be in current design
>>> (i.e. what system architects should keep in mind and what they need to
>>> compensate for with other controls on different layers of system model) and
>>>  what can be met either with configuration or with little enhancement (and
>>> how).
>>>
>>> That document would be of great help for Cassandra as a product because
>>> it would allow it to be marketed as a product with existing security
>>> assessment and guidelines, performed according to DoD standards. It would
>>> also allow to move product in the general direction of improving its
>>> security posture. Finally, the document would be posted on DISA site (
>>> http://iase.disa.mil/stigs/Pages/a-z.aspx) available for every security
>>> architect to utilize, which would greatly reduce the risk for Cassandra
>>> product to be hacked in a field.
>>>
>>> To clear things out - what I ask about are not my expectations. I really
>>> do not expect developers of Cassandra to run and start implementing
>>> security labels, just because I asked about it. :) My questions are to
>>> build my internal knowledge of DB current design, so that I can build my
>>> security assessment based of it, not more, not less.
>>>
>>> I guess, summarizing what I said on top, from what I'm doing Cassandra
>>> as a product would end up benefiting quite a bit. That is why I think it
>>> would make sense for Cassandra community to help me with my questions even
>>> if they sound completely of the traditional "grid".
>>>
>>> Thanks again, I really appreciate your response and conversation overall.
>>>
>>> Oleg
>>>
>>> On Fri, Jan 29, 2016 at 11:20 AM, Dani Trapha

Re: Security labels

[oleg yusim]

Jack,

I asked my management, if I can share with community my assessment
spreadsheet (whole thing, with gaps and desired configurations). Let's wait
for their answer. I would definitely update the document I shared with the
rest of gaps, so you, guys, would have it for sure.

Now, in case if my management would say no:

1) Here: http://iase.disa.mil/stigs/Pages/a-z.aspx the document titled
vRealize Operations STIG would be published. As part of it, there would be
Cassandra STIG (Cassadra is part of vRealize Operations VMware product).
This STIG would contain only suggestions on right (from the security point
of view) configuration, where it can be configured.
2) Community would have a full list of gaps (things which are needed, but
can't be configured) after I would update my document
3) The rest of the assessment are Not Applicable and Applicable -
Inherently Meet items, which nobody is interested at.
4) Also, when STIG for vRealize Operations would be published, look at the
VMware site for Security Guidelines for vRealize Operations. They would be
posted open to public and you would be able to download them free of
charge. Those would include mitigation, which VMware implemented for some
of the Cassandra gaps.

Thanks,

Oleg

On Thu, Feb 11, 2016 at 2:55 PM, Jack Krupansky <jack.krupan...@gmail.com>
wrote:

> Thanks for putting the items together in a list. This allows people to see
> things with more context. Give people in the user community a little time
> to respond. A week, maybe. Hopefully some of the senior Cassandra
> committers will take a look as well.
>
> Will the final assessment become a public document or is it strictly
> internal for your employer? I know there is a database of these
> assessments, but I don't know who controls what becomes public and when.
>
> -- Jack Krupansky
>
> On Thu, Feb 11, 2016 at 3:23 PM, oleg yusim <olegyu...@gmail.com> wrote:
>
>> Hi Dani,
>>
>> As promised, I sort of put all my questions under the "one roof". I would
>> really appreciate you opinion on them.
>>
>> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>>
>> Thanks,
>>
>> Oleg
>>
>> On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen <
>> dani.trapha...@datastax.com> wrote:
>>
>>> ​Hi Oleg,
>>>
>>> Thanks that helped clear things up! This sounds like a daunting task. I
>>> wish you all the best with it.
>>>
>>> Cheers,
>>> Dani​
>>>
>>> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim <olegyu...@gmail.com>
>>> wrote:
>>>
>>>> Dani,
>>>>
>>>> I really appreciate you response. Actually, session timeouts and
>>>> security labels are two different topics (first is about attack when
>>>> somebody opened, say, ssh window to DB, left his machine unattended and
>>>> somebody else stole his session, second - to enable DB to support what
>>>> called MAC access model - stays for mandatory access control. It is widely
>>>> used in the government and military, but not outside of it, we all are used
>>>> to DAC access control model). However, I think you are right and I should
>>>> move all my queries under the one big roof and call this thread "Security".
>>>> I will do this today.
>>>>
>>>> Now, about what you have said, I just answered the same to Jon, in
>>>> Session Timeout thread, but would quickly re-cap here. I understand that
>>>> Cassandra's architecture was aimed and tailored for completely different
>>>> type of scenario. However, unfortunately, that doesn't mean that Cassandra
>>>> is not vulnerable to the same very set of attacks relational database would
>>>> be vulnerable to. It just means Cassandra is not protected against those
>>>> attacks, because protection against them was not thought of, when database
>>>> was created. I already gave the AAA and session's timeout example in Jon's
>>>> thread, and those are just one of many.
>>>>
>>>> Now what I'm trying to do, I'm trying to create a STIG - security
>>>> federal compliance document, which will assess Cassandra against SRG
>>>> concepts (security federal compliance recommendations for databases
>>>> overall) and will highlight what is not met, and can't be in current design
>>>> (i.e. what system architects should keep in mind and what they need to
>>>> compensate for with other controls on different layers of system model) and
>>>>  what can be met either with configuration or with little enhancement (and
>>>> how).

Re: Security labels

[oleg yusim]

Jack,

Thanks for your suggestion. I'm familiar with Cassandra documentation, and
I'm aware of differences between DSE and Cassandra.

Questions I ask here are those, I found no mention about in documentation.
Let's take security labels for instance. Cassandra documentation is
completely silent on this regard and so is Google. I assume, based on it,
Cassandra doesn't support it. But I can't create federal compliance
security document for Cassandra basing it of my assumptions and lack of
information solely. That is where my questions stem from.

Thanks,

Oleg

On Fri, Jan 29, 2016 at 10:17 AM, Jack Krupansky <jack.krupan...@gmail.com>
wrote:

> To answer any future questions along these same lines, I suggest that you
> start by simply searching the doc and search the github repo for the source
> code for the relevant keywords. That will give you the definitive answers
> quickly. If something is missing, feel free to propose that it be added (if
> you really need it). And feel free to confirm here if a quick search
> doesn't give you a solid answer.
>
> Here's the root page for security in the Cassandra doc:
>
> https://docs.datastax.com/en/cassandra/3.x/cassandra/configuration/secureTOC.html
>
> Also note that on questions of security, DataStax Enterprise may have
> different answers than pure open source Cassandra.
>
> -- Jack Krupansky
>
> On Thu, Jan 28, 2016 at 8:37 PM, oleg yusim <olegyu...@gmail.com> wrote:
>
>> Patrick,
>>
>> Absolutely. Security label is mechanism of access control, utilized by
>> MAC (mandatory access control) model, and not utilized by DAC
>> (discretionary access control) model, we all are used to. In database
>> content it is illustrated for instance here:
>> http://www.postgresql.org/docs/current/static/sql-security-label.html
>>
>> Now, as per my goals, I'm making a security assessment for Cassandra DB
>> with a goal to produce STIG on this product. That is one of the parameters
>> in database SRG I have to assess against.
>>
>> Thanks,
>>
>> Oleg
>>
>>
>> On Thu, Jan 28, 2016 at 6:32 PM, Patrick McFadin <pmcfa...@gmail.com>
>> wrote:
>>
>>> Cassandra has support for authentication security, but I'm not familiar
>>> with a security label. Can you describe what you want to do?
>>>
>>> Patrick
>>>
>>> On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegyu...@gmail.com> wrote:
>>>
>>>> Greetings,
>>>>
>>>> Does Cassandra support security label concept? If so, where can I read
>>>> on how it should be applied?
>>>>
>>>> Thanks,
>>>>
>>>> Oleg
>>>>
>>>
>>>
>>
>

Security labels

[Dani Traphagen]

Hi Oleg,

I understand your frustration but unfortunately, in the terms of your
security assessment, you have fallen into a mismatch for Cassandra's
utility.

The eventuality of having multiple sockets open without the query input for
long durations of time isn't something that was
architected...because...Cassnadra was built to take massive quantities
of queries both in volume and velocity.

Your expectation of the database isn't in line with how our why it was
designed. Generally, security solutions are architected
around Cassandra, baked into the data model, many solutions
are home-brewed, written into the application or provided by using another
security client.

DSE has different security aspects rolling out in the next release
as addressed earlier by Jack, like commit log and hint encryptions, as well
as, unified authentication...but secuirty labels aren't on anyone's radar
as a pressing "need." It's not something I've heard about as a
priority before anyway.

Hope this helps!

Cheers,
Dani

On Friday, January 29, 2016, oleg yusim <olegyu...@gmail.com
<javascript:_e(%7B%7D,'cvml','olegyu...@gmail.com');>> wrote:

> Jack,
>
> Thanks for your suggestion. I'm familiar with Cassandra documentation, and
> I'm aware of differences between DSE and Cassandra.
>
> Questions I ask here are those, I found no mention about in documentation.
> Let's take security labels for instance. Cassandra documentation is
> completely silent on this regard and so is Google. I assume, based on it,
> Cassandra doesn't support it. But I can't create federal compliance
> security document for Cassandra basing it of my assumptions and lack of
> information solely. That is where my questions stem from.
>
> Thanks,
>
> Oleg
>
> On Fri, Jan 29, 2016 at 10:17 AM, Jack Krupansky <jack.krupan...@gmail.com
> > wrote:
>
>> To answer any future questions along these same lines, I suggest that you
>> start by simply searching the doc and search the github repo for the source
>> code for the relevant keywords. That will give you the definitive answers
>> quickly. If something is missing, feel free to propose that it be added (if
>> you really need it). And feel free to confirm here if a quick search
>> doesn't give you a solid answer.
>>
>> Here's the root page for security in the Cassandra doc:
>>
>> https://docs.datastax.com/en/cassandra/3.x/cassandra/configuration/secureTOC.html
>>
>> Also note that on questions of security, DataStax Enterprise may have
>> different answers than pure open source Cassandra.
>>
>> -- Jack Krupansky
>>
>> On Thu, Jan 28, 2016 at 8:37 PM, oleg yusim <olegyu...@gmail.com> wrote:
>>
>>> Patrick,
>>>
>>> Absolutely. Security label is mechanism of access control, utilized by
>>> MAC (mandatory access control) model, and not utilized by DAC
>>> (discretionary access control) model, we all are used to. In database
>>> content it is illustrated for instance here:
>>> http://www.postgresql.org/docs/current/static/sql-security-label.html
>>>
>>> Now, as per my goals, I'm making a security assessment for Cassandra DB
>>> with a goal to produce STIG on this product. That is one of the parameters
>>> in database SRG I have to assess against.
>>>
>>> Thanks,
>>>
>>> Oleg
>>>
>>>
>>> On Thu, Jan 28, 2016 at 6:32 PM, Patrick McFadin <pmcfa...@gmail.com>
>>> wrote:
>>>
>>>> Cassandra has support for authentication security, but I'm not familiar
>>>> with a security label. Can you describe what you want to do?
>>>>
>>>> Patrick
>>>>
>>>> On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegyu...@gmail.com>
>>>> wrote:
>>>>
>>>>> Greetings,
>>>>>
>>>>> Does Cassandra support security label concept? If so, where can I read
>>>>> on how it should be applied?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Oleg
>>>>>
>>>>
>>>>
>>>
>>
>

-- 
Sent from mobile -- apologizes for brevity or errors.

Re: Security labels

[Jack Krupansky]

To answer any future questions along these same lines, I suggest that you
start by simply searching the doc and search the github repo for the source
code for the relevant keywords. That will give you the definitive answers
quickly. If something is missing, feel free to propose that it be added (if
you really need it). And feel free to confirm here if a quick search
doesn't give you a solid answer.

Here's the root page for security in the Cassandra doc:
https://docs.datastax.com/en/cassandra/3.x/cassandra/configuration/secureTOC.html

Also note that on questions of security, DataStax Enterprise may have
different answers than pure open source Cassandra.

-- Jack Krupansky

On Thu, Jan 28, 2016 at 8:37 PM, oleg yusim <olegyu...@gmail.com> wrote:

> Patrick,
>
> Absolutely. Security label is mechanism of access control, utilized by MAC
> (mandatory access control) model, and not utilized by DAC (discretionary
> access control) model, we all are used to. In database content it is
> illustrated for instance here:
> http://www.postgresql.org/docs/current/static/sql-security-label.html
>
> Now, as per my goals, I'm making a security assessment for Cassandra DB
> with a goal to produce STIG on this product. That is one of the parameters
> in database SRG I have to assess against.
>
> Thanks,
>
> Oleg
>
>
> On Thu, Jan 28, 2016 at 6:32 PM, Patrick McFadin <pmcfa...@gmail.com>
> wrote:
>
>> Cassandra has support for authentication security, but I'm not familiar
>> with a security label. Can you describe what you want to do?
>>
>> Patrick
>>
>> On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegyu...@gmail.com> wrote:
>>
>>> Greetings,
>>>
>>> Does Cassandra support security label concept? If so, where can I read
>>> on how it should be applied?
>>>
>>> Thanks,
>>>
>>> Oleg
>>>
>>
>>
>

Re: Security labels

[oleg yusim]

Dani,

I really appreciate you response. Actually, session timeouts and security
labels are two different topics (first is about attack when somebody
opened, say, ssh window to DB, left his machine unattended and somebody
else stole his session, second - to enable DB to support what called MAC
access model - stays for mandatory access control. It is widely used in the
government and military, but not outside of it, we all are used to DAC
access control model). However, I think you are right and I should move all
my queries under the one big roof and call this thread "Security". I will
do this today.

Now, about what you have said, I just answered the same to Jon, in Session
Timeout thread, but would quickly re-cap here. I understand that
Cassandra's architecture was aimed and tailored for completely different
type of scenario. However, unfortunately, that doesn't mean that Cassandra
is not vulnerable to the same very set of attacks relational database would
be vulnerable to. It just means Cassandra is not protected against those
attacks, because protection against them was not thought of, when database
was created. I already gave the AAA and session's timeout example in Jon's
thread, and those are just one of many.

Now what I'm trying to do, I'm trying to create a STIG - security federal
compliance document, which will assess Cassandra against SRG concepts
(security federal compliance recommendations for databases overall) and
will highlight what is not met, and can't be in current design (i.e. what
system architects should keep in mind and what they need to compensate for
with other controls on different layers of system model) and  what can be
met either with configuration or with little enhancement (and how).

That document would be of great help for Cassandra as a product because it
would allow it to be marketed as a product with existing security
assessment and guidelines, performed according to DoD standards. It would
also allow to move product in the general direction of improving its
security posture. Finally, the document would be posted on DISA site (
http://iase.disa.mil/stigs/Pages/a-z.aspx) available for every security
architect to utilize, which would greatly reduce the risk for Cassandra
product to be hacked in a field.

To clear things out - what I ask about are not my expectations. I really do
not expect developers of Cassandra to run and start implementing security
labels, just because I asked about it. :) My questions are to build my
internal knowledge of DB current design, so that I can build my security
assessment based of it, not more, not less.

I guess, summarizing what I said on top, from what I'm doing Cassandra as a
product would end up benefiting quite a bit. That is why I think it would
make sense for Cassandra community to help me with my questions even if
they sound completely of the traditional "grid".

Thanks again, I really appreciate your response and conversation overall.

Oleg

On Fri, Jan 29, 2016 at 11:20 AM, Dani Traphagen <
dani.trapha...@datastax.com> wrote:

> Also -- it looks like you're really asking questions about session
> timeouts and security labels as they associate, would be more helpful to
> keep in one thread. :)
>
>
> On Friday, January 29, 2016, Dani Traphagen <dani.trapha...@datastax.com>
> wrote:
>
>> Hi Oleg,
>>
>> I understand your frustration but unfortunately, in the terms of your
>> security assessment, you have fallen into a mismatch for Cassandra's
>> utility.
>>
>> The eventuality of having multiple sockets open without the query input
>> for long durations of time isn't something that was
>> architected...because...Cassnadra was built to take massive quantities
>> of queries both in volume and velocity.
>>
>> Your expectation of the database isn't in line with how our why it was
>> designed. Generally, security solutions are architected
>> around Cassandra, baked into the data model, many solutions
>> are home-brewed, written into the application or provided by using another
>> security client.
>>
>> DSE has different security aspects rolling out in the next release
>> as addressed earlier by Jack, like commit log and hint encryptions, as well
>> as, unified authentication...but secuirty labels aren't on anyone's radar
>> as a pressing "need." It's not something I've heard about as a
>> priority before anyway.
>>
>> Hope this helps!
>>
>> Cheers,
>> Dani
>>
>> On Friday, January 29, 2016, oleg yusim <olegyu...@gmail.com> wrote:
>>
>>> Jack,
>>>
>>> Thanks for your suggestion. I'm familiar with Cassandra documentation,
>>> and I'm aware of differences between DSE and Cassandra.
>>>
>>> Questions I ask here are those, I found no

Re: Security labels

[Dani Traphagen]

Also -- it looks like you're really asking questions about session timeouts
and security labels as they associate, would be more helpful to keep in one
thread. :)

On Friday, January 29, 2016, Dani Traphagen <dani.trapha...@datastax.com>
wrote:

> Hi Oleg,
>
> I understand your frustration but unfortunately, in the terms of your
> security assessment, you have fallen into a mismatch for Cassandra's
> utility.
>
> The eventuality of having multiple sockets open without the query input
> for long durations of time isn't something that was
> architected...because...Cassnadra was built to take massive quantities
> of queries both in volume and velocity.
>
> Your expectation of the database isn't in line with how our why it was
> designed. Generally, security solutions are architected
> around Cassandra, baked into the data model, many solutions
> are home-brewed, written into the application or provided by using another
> security client.
>
> DSE has different security aspects rolling out in the next release
> as addressed earlier by Jack, like commit log and hint encryptions, as well
> as, unified authentication...but secuirty labels aren't on anyone's radar
> as a pressing "need." It's not something I've heard about as a
> priority before anyway.
>
> Hope this helps!
>
> Cheers,
> Dani
>
> On Friday, January 29, 2016, oleg yusim <olegyu...@gmail.com> wrote:
>
>> Jack,
>>
>> Thanks for your suggestion. I'm familiar with Cassandra documentation,
>> and I'm aware of differences between DSE and Cassandra.
>>
>> Questions I ask here are those, I found no mention about in
>> documentation. Let's take security labels for instance. Cassandra
>> documentation is completely silent on this regard and so is Google. I
>> assume, based on it, Cassandra doesn't support it. But I can't create
>> federal compliance security document for Cassandra basing it of my
>> assumptions and lack of information solely. That is where my questions stem
>> from.
>>
>> Thanks,
>>
>> Oleg
>>
>> On Fri, Jan 29, 2016 at 10:17 AM, Jack Krupansky <
>> jack.krupan...@gmail.com> wrote:
>>
>>> To answer any future questions along these same lines, I suggest that
>>> you start by simply searching the doc and search the github repo for the
>>> source code for the relevant keywords. That will give you the definitive
>>> answers quickly. If something is missing, feel free to propose that it be
>>> added (if you really need it). And feel free to confirm here if a quick
>>> search doesn't give you a solid answer.
>>>
>>> Here's the root page for security in the Cassandra doc:
>>>
>>> https://docs.datastax.com/en/cassandra/3.x/cassandra/configuration/secureTOC.html
>>>
>>> Also note that on questions of security, DataStax Enterprise may have
>>> different answers than pure open source Cassandra.
>>>
>>> -- Jack Krupansky
>>>
>>> On Thu, Jan 28, 2016 at 8:37 PM, oleg yusim <olegyu...@gmail.com> wrote:
>>>
>>>> Patrick,
>>>>
>>>> Absolutely. Security label is mechanism of access control, utilized by
>>>> MAC (mandatory access control) model, and not utilized by DAC
>>>> (discretionary access control) model, we all are used to. In database
>>>> content it is illustrated for instance here:
>>>> http://www.postgresql.org/docs/current/static/sql-security-label.html
>>>>
>>>> Now, as per my goals, I'm making a security assessment for Cassandra DB
>>>> with a goal to produce STIG on this product. That is one of the parameters
>>>> in database SRG I have to assess against.
>>>>
>>>> Thanks,
>>>>
>>>> Oleg
>>>>
>>>>
>>>> On Thu, Jan 28, 2016 at 6:32 PM, Patrick McFadin <pmcfa...@gmail.com>
>>>> wrote:
>>>>
>>>>> Cassandra has support for authentication security, but I'm not
>>>>> familiar with a security label. Can you describe what you want to do?
>>>>>
>>>>> Patrick
>>>>>
>>>>> On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegyu...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Greetings,
>>>>>>
>>>>>> Does Cassandra support security label concept? If so, where can I
>>>>>> read on how it should be applied?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Oleg
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
> --
> Sent from mobile -- apologizes for brevity or errors.
>


-- 
Sent from mobile -- apologizes for brevity or errors.

Re: Security labels

[oleg yusim]

Thanks Dani!

Oleg

On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen <dani.trapha...@datastax.com
> wrote:

> ​Hi Oleg,
>
> Thanks that helped clear things up! This sounds like a daunting task. I
> wish you all the best with it.
>
> Cheers,
> Dani​
>
> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim <olegyu...@gmail.com> wrote:
>
>> Dani,
>>
>> I really appreciate you response. Actually, session timeouts and security
>> labels are two different topics (first is about attack when somebody
>> opened, say, ssh window to DB, left his machine unattended and somebody
>> else stole his session, second - to enable DB to support what called MAC
>> access model - stays for mandatory access control. It is widely used in the
>> government and military, but not outside of it, we all are used to DAC
>> access control model). However, I think you are right and I should move all
>> my queries under the one big roof and call this thread "Security". I will
>> do this today.
>>
>> Now, about what you have said, I just answered the same to Jon, in
>> Session Timeout thread, but would quickly re-cap here. I understand that
>> Cassandra's architecture was aimed and tailored for completely different
>> type of scenario. However, unfortunately, that doesn't mean that Cassandra
>> is not vulnerable to the same very set of attacks relational database would
>> be vulnerable to. It just means Cassandra is not protected against those
>> attacks, because protection against them was not thought of, when database
>> was created. I already gave the AAA and session's timeout example in Jon's
>> thread, and those are just one of many.
>>
>> Now what I'm trying to do, I'm trying to create a STIG - security federal
>> compliance document, which will assess Cassandra against SRG concepts
>> (security federal compliance recommendations for databases overall) and
>> will highlight what is not met, and can't be in current design (i.e. what
>> system architects should keep in mind and what they need to compensate for
>> with other controls on different layers of system model) and  what can be
>> met either with configuration or with little enhancement (and how).
>>
>> That document would be of great help for Cassandra as a product because
>> it would allow it to be marketed as a product with existing security
>> assessment and guidelines, performed according to DoD standards. It would
>> also allow to move product in the general direction of improving its
>> security posture. Finally, the document would be posted on DISA site (
>> http://iase.disa.mil/stigs/Pages/a-z.aspx) available for every security
>> architect to utilize, which would greatly reduce the risk for Cassandra
>> product to be hacked in a field.
>>
>> To clear things out - what I ask about are not my expectations. I really
>> do not expect developers of Cassandra to run and start implementing
>> security labels, just because I asked about it. :) My questions are to
>> build my internal knowledge of DB current design, so that I can build my
>> security assessment based of it, not more, not less.
>>
>> I guess, summarizing what I said on top, from what I'm doing Cassandra as
>> a product would end up benefiting quite a bit. That is why I think it would
>> make sense for Cassandra community to help me with my questions even if
>> they sound completely of the traditional "grid".
>>
>> Thanks again, I really appreciate your response and conversation overall.
>>
>> Oleg
>>
>> On Fri, Jan 29, 2016 at 11:20 AM, Dani Traphagen <
>> dani.trapha...@datastax.com> wrote:
>>
>>> Also -- it looks like you're really asking questions about session
>>> timeouts and security labels as they associate, would be more helpful to
>>> keep in one thread. :)
>>>
>>>
>>> On Friday, January 29, 2016, Dani Traphagen <dani.trapha...@datastax.com>
>>> wrote:
>>>
>>>> Hi Oleg,
>>>>
>>>> I understand your frustration but unfortunately, in the terms of your
>>>> security assessment, you have fallen into a mismatch for Cassandra's
>>>> utility.
>>>>
>>>> The eventuality of having multiple sockets open without the query input
>>>> for long durations of time isn't something that was
>>>> architected...because...Cassnadra was built to take massive quantities
>>>> of queries both in volume and velocity.
>>>>
>>>> Your expectation of the database isn't in line with how our why it was
>>>>

Re: Security labels

[Dani Traphagen]

​Hi Oleg,

Thanks that helped clear things up! This sounds like a daunting task. I
wish you all the best with it.

Cheers,
Dani​

On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim <olegyu...@gmail.com> wrote:

> Dani,
>
> I really appreciate you response. Actually, session timeouts and security
> labels are two different topics (first is about attack when somebody
> opened, say, ssh window to DB, left his machine unattended and somebody
> else stole his session, second - to enable DB to support what called MAC
> access model - stays for mandatory access control. It is widely used in the
> government and military, but not outside of it, we all are used to DAC
> access control model). However, I think you are right and I should move all
> my queries under the one big roof and call this thread "Security". I will
> do this today.
>
> Now, about what you have said, I just answered the same to Jon, in Session
> Timeout thread, but would quickly re-cap here. I understand that
> Cassandra's architecture was aimed and tailored for completely different
> type of scenario. However, unfortunately, that doesn't mean that Cassandra
> is not vulnerable to the same very set of attacks relational database would
> be vulnerable to. It just means Cassandra is not protected against those
> attacks, because protection against them was not thought of, when database
> was created. I already gave the AAA and session's timeout example in Jon's
> thread, and those are just one of many.
>
> Now what I'm trying to do, I'm trying to create a STIG - security federal
> compliance document, which will assess Cassandra against SRG concepts
> (security federal compliance recommendations for databases overall) and
> will highlight what is not met, and can't be in current design (i.e. what
> system architects should keep in mind and what they need to compensate for
> with other controls on different layers of system model) and  what can be
> met either with configuration or with little enhancement (and how).
>
> That document would be of great help for Cassandra as a product because it
> would allow it to be marketed as a product with existing security
> assessment and guidelines, performed according to DoD standards. It would
> also allow to move product in the general direction of improving its
> security posture. Finally, the document would be posted on DISA site (
> http://iase.disa.mil/stigs/Pages/a-z.aspx) available for every security
> architect to utilize, which would greatly reduce the risk for Cassandra
> product to be hacked in a field.
>
> To clear things out - what I ask about are not my expectations. I really
> do not expect developers of Cassandra to run and start implementing
> security labels, just because I asked about it. :) My questions are to
> build my internal knowledge of DB current design, so that I can build my
> security assessment based of it, not more, not less.
>
> I guess, summarizing what I said on top, from what I'm doing Cassandra as
> a product would end up benefiting quite a bit. That is why I think it would
> make sense for Cassandra community to help me with my questions even if
> they sound completely of the traditional "grid".
>
> Thanks again, I really appreciate your response and conversation overall.
>
> Oleg
>
> On Fri, Jan 29, 2016 at 11:20 AM, Dani Traphagen <
> dani.trapha...@datastax.com> wrote:
>
>> Also -- it looks like you're really asking questions about session
>> timeouts and security labels as they associate, would be more helpful to
>> keep in one thread. :)
>>
>>
>> On Friday, January 29, 2016, Dani Traphagen <dani.trapha...@datastax.com>
>> wrote:
>>
>>> Hi Oleg,
>>>
>>> I understand your frustration but unfortunately, in the terms of your
>>> security assessment, you have fallen into a mismatch for Cassandra's
>>> utility.
>>>
>>> The eventuality of having multiple sockets open without the query input
>>> for long durations of time isn't something that was
>>> architected...because...Cassnadra was built to take massive quantities
>>> of queries both in volume and velocity.
>>>
>>> Your expectation of the database isn't in line with how our why it was
>>> designed. Generally, security solutions are architected
>>> around Cassandra, baked into the data model, many solutions
>>> are home-brewed, written into the application or provided by using another
>>> security client.
>>>
>>> DSE has different security aspects rolling out in the next release
>>> as addressed earlier by Jack, like commit log and hint encryptions, as well
>>> as, unified au

Security labels

[oleg yusim]

Greetings,

Does Cassandra support security label concept? If so, where can I read on
how it should be applied?

Thanks,

Oleg

Re: Security labels

[Patrick McFadin]

Cassandra has support for authentication security, but I'm not familiar
with a security label. Can you describe what you want to do?

Patrick

On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegyu...@gmail.com> wrote:

> Greetings,
>
> Does Cassandra support security label concept? If so, where can I read on
> how it should be applied?
>
> Thanks,
>
> Oleg
>

Re: Security labels

[oleg yusim]

Patrick,

Absolutely. Security label is mechanism of access control, utilized by MAC
(mandatory access control) model, and not utilized by DAC (discretionary
access control) model, we all are used to. In database content it is
illustrated for instance here:
http://www.postgresql.org/docs/current/static/sql-security-label.html

Now, as per my goals, I'm making a security assessment for Cassandra DB
with a goal to produce STIG on this product. That is one of the parameters
in database SRG I have to assess against.

Thanks,

Oleg


On Thu, Jan 28, 2016 at 6:32 PM, Patrick McFadin <pmcfa...@gmail.com> wrote:

> Cassandra has support for authentication security, but I'm not familiar
> with a security label. Can you describe what you want to do?
>
> Patrick
>
> On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegyu...@gmail.com> wrote:
>
>> Greetings,
>>
>> Does Cassandra support security label concept? If so, where can I read on
>> how it should be applied?
>>
>> Thanks,
>>
>> Oleg
>>
>
>

Logging configuration (security)

[oleg yusim]

Greetings,

I decided to put together a separate thread with logging configuration
questions I have (I'm trying to figure out what from security best
practices on logging Cassandra can and can't do):

1) Can Cassandra log IP and hostname of the host, DB resides at?
2) Can Cassandra log IP and hostname of the client?
3) Can Cassandra be configured to be automatically shut down in case if it
ran out of space to store logs?
4) Can Cassandra be configured to automatically overwrite audit logs in
case if no more space is available (oldest first) ?

Thanks,

Oleg

Re: Cassandra security using openssl or keytool

[Robert Coli]

On Thu, Oct 29, 2015 at 1:08 AM, Vishwajeet Singh <vishwajeet...@gmail.com>
wrote:

> But I want to do using OpenSSL because It's my requirement.
>
> Can somebody please guide me, How I will do Cassandra Client to node
> security using SSL and I want to use OpenSSL (Not keytool).
>

Google words like :

"
import openssl private key into keytool
"

Find results like :

http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i/8224863#8224863

?

It looks like, as Jason says, "a real pain" but should be doable if you
really have a requirement of using OpenSSL to generate the private key?

If you want to somehow not use keytool at all in the process, I think
you're out of luck.

=Rob

Re: Cassandra security using openssl or keytool

[Robert Coli]

On Thu, Oct 29, 2015 at 4:18 PM, Jason J. W. Williams <
jasonjwwilli...@gmail.com> wrote:

> I wasted 4-5 hours of my life recently importing an OpenSSL key in a PEM
>> into a Cassandra keystore using exactly that article as a starting point
>> (the server's hostname already had a certificate and key in our ops CA, and
>> for various reasons we didn't want to revoke and reissue it.).
>>
>
I certainly don't vouch for the advisability of attempting a task you've
described as a "real pain" ... but if OP wants/needs to, it's their
funeral? :D

=Rob

Re: Cassandra security using openssl or keytool

[Jason J. W. Williams]

>
> Google words like :
>
> "
> import openssl private key into keytool
> "
>
> Find results like :
>
>
> http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i/8224863#8224863
>
>
I wasted 4-5 hours of my life recently importing an OpenSSL key in a PEM
into a Cassandra keystore using exactly that article as a starting point
(the server's hostname already had a certificate and key in our ops CA, and
for various reasons we didn't want to revoke and reissue it.).

Even when you get the key imported, keytool will then frequently refuse to
pair that key entry with the certificate when you import the
certificate...and it will instead store the certificate in a new keystore
entry. Which won't work because the alias names on the keystore entries for
the key and certificate will be different (you need one entry storing both
key and certificate).  I did _finally_ get it to work but I can't tell you
how I did it...it was a lot of manually editing PEM files, converting them
to DERs and then trying every possible combination of keytool import flags.

-J

Re: Cassandra security using openssl or keytool

[Jason J. W. Williams]

>
> I certainly don't vouch for the advisability of attempting a task you've
> described as a "real pain" ... but if OP wants/needs to, it's their
> funeral? :D
>

Agreed. I just wanted to elaborate what a "real pain" meant so OP would
know I wasn't just blowing him off.

-J

Re: Cassandra security using openssl or keytool

[Jason Williams]

Because when you use keytool it stores the generated private key in the 
keystore and tags it waiting for the certificate. Then when you import the 
issued certificate it is paired in the same record with the key. It's a real 
pain to get OpenSSL encoded private keys into a keytool keystore. Don't fight 
it, just use keytool. :)

Sent via iPhone

> On Oct 29, 2015, at 00:06, Vishwajeet Singh <vishwajeet...@gmail.com> wrote:
> 
> Hi,
> 
> I saw Cassandra documentation. 
> 
> http://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureSSLCertificates_t.html
> 
> I found this line "SSL certificates must be generated using keytool".
> 
> Can somebody explain me why SSL certificates must be generated using keytool?
> 
> Can we use OpenSSL for generating certificates?
> I am trying using openssl but it's not working. Why?
> 
> Thanks,
> Vishwajeet

Re: Cassandra security using openssl or keytool

[Vishwajeet Singh]

But I want to do using OpenSSL because It's my requirement.

Can somebody please guide me, How I will do Cassandra Client to node
security using SSL and I want to use OpenSSL (Not keytool).

On Thu, Oct 29, 2015 at 12:40 PM, Jason Williams <jasonjwwilli...@gmail.com>
wrote:

> Because when you use keytool it stores the generated private key in the
> keystore and tags it waiting for the certificate. Then when you import the
> issued certificate it is paired in the same record with the key. It's a
> real pain to get OpenSSL encoded private keys into a keytool keystore.
> Don't fight it, just use keytool. :)
>
> Sent via iPhone
>
> On Oct 29, 2015, at 00:06, Vishwajeet Singh <vishwajeet...@gmail.com>
> wrote:
>
> Hi,
>
> I saw Cassandra documentation.
>
>
> http://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureSSLCertificates_t.html
>
> I found this line "SSL certificates must be generated using keytool".
>
> Can somebody explain me why SSL certificates must be generated using
> keytool?
>
> Can we use OpenSSL for generating certificates?
> I am trying using openssl but it's not working. Why?
>
> Thanks,
> Vishwajeet
>
>

Cassandra security using openssl or keytool

[Vishwajeet Singh]

Hi,

I saw Cassandra documentation.

http://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureSSLCertificates_t.html

I found this line "SSL certificates must be generated using keytool".

Can somebody explain me why SSL certificates must be generated using
keytool?

Can we use OpenSSL for generating certificates?
I am trying using openssl but it's not working. Why?

Thanks,
Vishwajeet

Issue with Cassandra client to node security using SSL

[Vishwajeet Singh]

Hi,

I am using cassandra 2.1 . My goal is to do cassandra client to node
security using SSL with my self-signed CA.

Self-signed CA is giving me following files.
1. ca.crt
2. ca.key
3. client.csr
4. client.crt
5. client.key
6. client.p12

I am creating .jks (client.jks) file from client.p12 using below command so
that I can use client.jks as a keystore and truststore in cassandra.yaml
file. (We can't use .p12 file as a keystore and truststore because it's not
in X.509 format).

"keytool -importkeystore -srckeystore client.p12 -srcstoretype pkcs12
-destkeystore client.jks -deststoretype jks -deststorepass "

I have to connect cassandra with cql.

I am creating cqlshrc file in .cassandra directory and I am putting
client.crt as a certfile and usercert. I am putting client.key as a userkey.

When I am running "cqlsh --ssl". I am getting error (mentioned below).

"Connection error: ('Unable to connect to any servers', {'127.0.0.1':
error(1, u"Tried connecting to [('127.0.0.1', 9042)]. Last error: [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)")})"

Second thing is when I am using ca.key and ca.crt and again creating client
certificate(node_cer_user1.pem), client key(node_key_user1.pem) and
keystore(node.keystore) using below commands then It's working.

1. keytool -importcert -alias  -file ca.crt -keystore
 -storepass 
2. keytool -genkeypair -alias  -keyalg RSA -keysize 2048 -keypass
 -keystore  -storepass  -validity 365
3. keytool -keystore  -alias  -certreq -file
 -storepass  -keypass 
4. openssl x509 -req -CA ca.crt -CAkey ca.key -in  -out
 -days 365 -CAcreateserial
5. keytool -keystore  -storepass  -alias 
-import -file ca.crt -noprompt
6. keytool -keystore  -storepass  -alias 
-import -file  -keypass 
7. keytool -importkeystore -srckeystore  -destkeystore
 -deststoretype PKCS12
8. openssl pkcs12 -in  -nokeys -out 
-passin pass:
9. openssl pkcs12 -in  -nodes -nocerts -out
 -passin pass:



Self-signed CA is giving me client.crt, client.key and keystore, then Why
It's not working? Why I have to create certificates again using ca.crt and
ca.key?


Thanks,
Vishwajeet

Fwd: Issue with Cassandra client to node security using SSL

[Vishwajeet Singh]

Hi,

I am using cassandra version 2.1 . My goal is to do cassandra client to
node security using SSL with my self-signed CA.

Self-signed CA is giving me following files.
1. ca.crt
2. ca.key
3. client.csr
4. client.crt
5. client.key
6. client.p12

I am creating .jks (client.jks) file from client.p12 using below command so
that I can use client.jks as a keystore and truststore in cassandra.yaml
file. (We can't use .p12 file as a keystore and truststore because it's not
in X.509 format).

"keytool -importkeystore -srckeystore client.p12 -srcstoretype pkcs12
-destkeystore client.jks -deststoretype jks -deststorepass "

I have to connect cassandra with cql.

I am creating cqlshrc file in .cassandra directory and I am putting
client.crt as a certfile and usercert. I am putting client.key as a userkey.

When I am running "cqlsh --ssl". I am getting error (mentioned below).

"Connection error: ('Unable to connect to any servers', {'127.0.0.1':
error(1, u"Tried connecting to [('127.0.0.1', 9042)]. Last error: [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)")})"

Second thing is when I am using ca.key and ca.crt and again creating client
certificate(node_cer_user1.pem), client key(node_key_user1.pem) and
keystore(node.keystore) using below commands then It's working.

1. keytool -importcert -alias  -file ca.crt -keystore
 -storepass 
2. keytool -genkeypair -alias  -keyalg RSA -keysize 2048 -keypass
 -keystore  -storepass  -validity 365
3. keytool -keystore  -alias  -certreq -file
 -storepass  -keypass 
4. openssl x509 -req -CA ca.crt -CAkey ca.key -in  -out
 -days 365 -CAcreateserial
5. keytool -keystore  -storepass  -alias 
-import -file ca.crt -noprompt
6. keytool -keystore  -storepass  -alias 
-import -file  -keypass 
7. keytool -importkeystore -srckeystore  -destkeystore
 -deststoretype PKCS12
8. openssl pkcs12 -in  -nokeys -out 
-passin pass:
9. openssl pkcs12 -in  -nodes -nocerts -out
 -passin pass:


Self-signed CA is giving me client.crt, client.key and keystore, then Why
It's not working? Why I have to create certificates again using ca.crt and
ca.key?


Thanks,
Vishwajeet

Re: DSE 4.7 security

[Jack Krupansky]

Cassandra authorization is at the keyspace and table level. Click on the
GRANT link on the doc page, to get more info:
http://docs.datastax.com/en/cql/3.1/cql/cql_reference/grant_r.html

Which says *Permissions to access all keyspaces, a named keyspace, or a
table can be granted to a user.*

There is no finer-grain authorization at the row, column, or cell level.

You might want to open a Jira for this valuable feature.

-- Jack Krupansky

On Sun, Jun 7, 2015 at 5:19 PM, Moshe Kranc moshekr...@gmail.com wrote:

 The DSE 4.7 documentation says: You use the familiar relational database
 GRANT/REVOKE paradigm to grant or revoke permissions to

 access Cassandra data.

 Does this mean authorization is per table?

 What if I need finer grain authorization, e.g., per row or even per cell
 (e.g., a specific column in a specific row may not be seen by users in a
 group)?

 Do I need to implement this in my application, because Cassandra does not
 support it?

DSE 4.7 security

[Moshe Kranc]

The DSE 4.7 documentation says: You use the familiar relational database
GRANT/REVOKE paradigm to grant or revoke permissions to

access Cassandra data.

Does this mean authorization is per table?

What if I need finer grain authorization, e.g., per row or even per cell
(e.g., a specific column in a specific row may not be seen by users in a
group)?

Do I need to implement this in my application, because Cassandra does not
support it?

[SECURITY ANNOUNCEMENT] CVE-2015-0225

[Jake Luciani]

CVE-2015-0225: Apache Cassandra remote execution of arbitrary code

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Cassandra 1.2.0 to 1.2.19
Cassandra 2.0.0 to 2.0.13
Cassandra 2.1.0 to 2.1.3

Description:
Under its default configuration, Cassandra binds an unauthenticated
JMX/RMI interface to all network interfaces.  As RMI is an API for the
transport and remote execution of serialized Java, anyone with access
to this interface can execute arbitrary code as the running user.

Mitigation:
1.2.x has reached EOL, so users of = 1.2.x are recommended to upgrade
to a supported version of Cassandra, or manually configure encryption
and authentication of JMX,
(seehttps://wiki.apache.org/cassandra/JmxSecurity).
2.0.x users should upgrade to 2.0.14
2.1.x users should upgrade to 2.1.4
Alternately, users of any version not wishing to upgrade can
reconfigure JMX/RMI to enable encryption and authentication according
to https://wiki.apache.org/cassandra/JmxSecurityor
http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html

Credit:
This issue was discovered by Georgi Geshev of MWR InfoSecurity

Re: Turning on internal security with no downtime

[Sam Tunnicliffe]

If you're able to configure your clients so that they don't send requests
to 1 node in the cluster you can enable PasswordAuthenticator 
CassandraAuthorizer on that node only and use cqlsh to setup all your users
 permissions. The rest of the cluster will continue to serve client
requests as normal. Once you've done configuring, alter the RF on
system_auth then run repair on the rest of the nodes (just for the
system_auth ks). Finally, do a rolling restart to enable auth on the nodes
that don't yet have it.

On 25 February 2015 at 22:03, sean_r_dur...@homedepot.com wrote:

  Cassandra 1.2.19



 We would like to turn on Cassandra’s internal security
 (PasswordAuthenticator and CassandraAuthorizer) on the ring (away from
 AllowAll). (Clients are already passing credentials in their connections.)
 However, I know all nodes have to be switched to those before the basic
 security objects (system_auth) are created. So, an outage would be required
 to change all the nodes, let system_auth get created, alter system_auth for
 replication strategy, create all the users/permissions, repair system_auth.



 For DataStax, there is a TransitionalAuthorizer that allows the
 system_auth to get created, but doesn’t really require passwords. So, with
 a double, rolling bounce, you can implement security with no downtime.
 Anything like that for open source? Any other ways you have activated
 security without downtime?







 Sean R. Durity





 --

 The information in this Internet Email is confidential and may be legally
 privileged. It is intended solely for the addressee. Access to this Email
 by anyone else is unauthorized. If you are not the intended recipient, any
 disclosure, copying, distribution or any action taken or omitted to be
 taken in reliance on it, is prohibited and may be unlawful. When addressed
 to our clients any opinions or advice contained in this Email are subject
 to the terms and conditions expressed in any applicable governing The Home
 Depot terms of business or client engagement letter. The Home Depot
 disclaims all responsibility and liability for the accuracy and content of
 this attachment and for any damages or losses arising from any
 inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other
 items of a destructive nature, which may be contained in this attachment
 and shall not be liable for direct, indirect, consequential or special
 damages in connection with this e-mail message or its attachment.

Turning on internal security with no downtime

[SEAN_R_DURITY]

Cassandra 1.2.19

We would like to turn on Cassandra's internal security (PasswordAuthenticator 
and CassandraAuthorizer) on the ring (away from AllowAll). (Clients are already 
passing credentials in their connections.) However, I know all nodes have to be 
switched to those before the basic security objects (system_auth) are created. 
So, an outage would be required to change all the nodes, let system_auth get 
created, alter system_auth for replication strategy, create all the 
users/permissions, repair system_auth.

For DataStax, there is a TransitionalAuthorizer that allows the system_auth to 
get created, but doesn't really require passwords. So, with a double, rolling 
bounce, you can implement security with no downtime. Anything like that for 
open source? Any other ways you have activated security without downtime?



Sean R. Durity





The information in this Internet Email is confidential and may be legally 
privileged. It is intended solely for the addressee. Access to this Email by 
anyone else is unauthorized. If you are not the intended recipient, any 
disclosure, copying, distribution or any action taken or omitted to be taken in 
reliance on it, is prohibited and may be unlawful. When addressed to our 
clients any opinions or advice contained in this Email are subject to the terms 
and conditions expressed in any applicable governing The Home Depot terms of 
business or client engagement letter. The Home Depot disclaims all 
responsibility and liability for the accuracy and content of this attachment 
and for any damages or losses arising from any inaccuracies, errors, viruses, 
e.g., worms, trojan horses, etc., or other items of a destructive nature, which 
may be contained in this attachment and shall not be liable for direct, 
indirect, consequential or special damages in connection with this e-mail 
message or its attachment.

Fw: Security at ApacheCon Denver

[Melissa Warnkin]

Hello Security Enthusiasts, 


As you are no doubt aware, ApacheCon North America will be held in Denver, 
Colorado starting on April 7th.  Security has 4 talks; check it out here:  
http://apacheconnorthamerica2014.sched.org/overview/type/security#.UxccIYV9JUE

We would love to see you in Denver next month.  Register soon, as prices go up 
on March 14th. http://na.apachecon.com/.

Best regards,

Melissa
ApacheCon Planning Team

cell-level security for cassandra ?

[Frank Hsueh]

has there been any thought about adding cell-level security to Cassandra ?

something similar to:

http://accumulo.apache.org/1.5/accumulo_user_manual.html#_security

?


-- 
Frank Hsueh | frank.hs...@gmail.com

Security?

[Hartzman, Leslie]

Does Cassandra have any security features to restrict access or does this have 
to be done at the business tier?

Thanks.

Les


[CONFIDENTIALITY AND PRIVACY NOTICE]

Information transmitted by this email is proprietary to Medtronic and is 
intended for use only by the individual or entity to which it is addressed, and 
may contain information that is private, privileged, confidential or exempt 
from disclosure under applicable law. If you are not the intended recipient or 
it appears that this mail has been forwarded to you without proper authority, 
you are notified that any use or dissemination of this information in any 
manner is strictly prohibited. In such cases, please delete this mail from your 
records.

To view this notice in other languages you can either select the following link 
or manually copy and paste the link into the address bar of a web browser: 
http://emaildisclaimer.medtronic.com

RE: Security?

[Hartzman, Leslie]

Thanks for the info.

So open-source Cassandra does not provide for auditing?

-Original Message-
From: Jeremy Hanna [mailto:jeremy.hanna1...@gmail.com] 
Sent: Thursday, September 05, 2013 9:47 AM
To: user@cassandra.apache.org
Subject: Re: Security?

For open-source Cassandra, there is a framework for security (see the security 
book-thing in the sidebar):
http://www.datastax.com/documentation/cassandra/1.2/webhelp/index.html

For those wanting additional things like auditing and other features, there's 
DataStax Enterprise: 
http://www.datastax.com/docs/datastax_enterprise3.1/security/index

Disclaimer - I work at DataStax, but hopefully the docs are helpful.

On 5 Sep 2013, at 17:36, Hartzman, Leslie leslie.d.hartz...@medtronic.com 
wrote:

 Does Cassandra have any security features to restrict access or does this 
 have to be done at the business tier?
  
 Thanks.
  
 Les
  
 [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is 
 proprietary to Medtronic and is intended for use only by the individual or 
 entity to which it is addressed, and may contain information that is private, 
 privileged, confidential or exempt from disclosure under applicable law. If 
 you are not the intended recipient or it appears that this mail has been 
 forwarded to you without proper authority, you are notified that any use or 
 dissemination of this information in any manner is strictly prohibited. In 
 such cases, please delete this mail from your records. To view this notice in 
 other languages you can either select the following link or manually copy and 
 paste the link into the address bar of a web browser: 
 http://emaildisclaimer.medtronic.com
 

Re: Security?

[Jeremy Hanna]

For open-source Cassandra, there is a framework for security (see the security 
book-thing in the sidebar):
http://www.datastax.com/documentation/cassandra/1.2/webhelp/index.html

For those wanting additional things like auditing and other features, there's 
DataStax Enterprise: 
http://www.datastax.com/docs/datastax_enterprise3.1/security/index

Disclaimer - I work at DataStax, but hopefully the docs are helpful.

On 5 Sep 2013, at 17:36, Hartzman, Leslie leslie.d.hartz...@medtronic.com 
wrote:

 Does Cassandra have any security features to restrict access or does this 
 have to be done at the business tier?
  
 Thanks.
  
 Les
  
 [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is 
 proprietary to Medtronic and is intended for use only by the individual or 
 entity to which it is addressed, and may contain information that is private, 
 privileged, confidential or exempt from disclosure under applicable law. If 
 you are not the intended recipient or it appears that this mail has been 
 forwarded to you without proper authority, you are notified that any use or 
 dissemination of this information in any manner is strictly prohibited. In 
 such cases, please delete this mail from your records. To view this notice in 
 other languages you can either select the following link or manually copy and 
 paste the link into the address bar of a web browser: 
 http://emaildisclaimer.medtronic.com
 

Re: Security?

[Jeremy Hanna]

Right so the auditing feature is one that is only in the DataStax Enterprise 
version.  This sub-topic in the DSE documentation describes what's in Apache 
Cassandra versus what's in DataStax Enterprise with respect to security: 
http://www.datastax.com/docs/datastax_enterprise3.1/security/security_features

On 5 Sep 2013, at 17:51, Hartzman, Leslie leslie.d.hartz...@medtronic.com 
wrote:

 Thanks for the info.
 
 So open-source Cassandra does not provide for auditing?
 
 -Original Message-
 From: Jeremy Hanna [mailto:jeremy.hanna1...@gmail.com] 
 Sent: Thursday, September 05, 2013 9:47 AM
 To: user@cassandra.apache.org
 Subject: Re: Security?
 
 For open-source Cassandra, there is a framework for security (see the 
 security book-thing in the sidebar):
 http://www.datastax.com/documentation/cassandra/1.2/webhelp/index.html
 
 For those wanting additional things like auditing and other features, there's 
 DataStax Enterprise: 
 http://www.datastax.com/docs/datastax_enterprise3.1/security/index
 
 Disclaimer - I work at DataStax, but hopefully the docs are helpful.
 
 On 5 Sep 2013, at 17:36, Hartzman, Leslie leslie.d.hartz...@medtronic.com 
 wrote:
 
 Does Cassandra have any security features to restrict access or does this 
 have to be done at the business tier?
 
 Thanks.
 
 Les
 
 [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email 
 is proprietary to Medtronic and is intended for use only by the individual 
 or entity to which it is addressed, and may contain information that is 
 private, privileged, confidential or exempt from disclosure under applicable 
 law. If you are not the intended recipient or it appears that this mail has 
 been forwarded to you without proper authority, you are notified that any 
 use or dissemination of this information in any manner is strictly 
 prohibited. In such cases, please delete this mail from your records. To 
 view this notice in other languages you can either select the following link 
 or manually copy and paste the link into the address bar of a web browser: 
 http://emaildisclaimer.medtronic.com
 
 
 
 

Re: JNA + Cassandra security

[Rob Coli]

On Mon, Apr 30, 2012 at 6:48 PM, Jonathan Ellis jbel...@gmail.com wrote:
 On Mon, Apr 30, 2012 at 7:49 PM, Cord MacLeod cordmacl...@gmail.com wrote:
 Hello group,

 I'm a new Cassandra and Java user so I'm still trying to get my head around 
 a few things.  If you've disabled swap on a machine what is the reason to 
 use JNA?

 Faster snapshots, giving hints to the page cache with fadvise.

If you are running in Linux, you really do want this enabled.
Otherwise, for example, compaction blows out your page cache.

(FWIW, in case it is not immediately apparent what sort of hints
Cassandra might give to the page cache with fadvise..)

https://issues.apache.org/jira/browse/CASSANDRA-1470

=Rob

-- 
=Robert Coli
AIMGTALK - rc...@palominodb.com
YAHOO - rcoli.palominob
SKYPE - rcoli_palominodb

JNA + Cassandra security

[Cord MacLeod]

Hello group,

I'm a new Cassandra and Java user so I'm still trying to get my head around a 
few things.  If you've disabled swap on a machine what is the reason to use 
JNA?  A second question is doesn't JNA break the Java inherent security 
mechanisms by allowing access to direct system calls outside of the JVM?  Are 
there any concerns around this?

Re: JNA + Cassandra security

[aaron morton]

 If you've disabled swap on a machine what is the reason to use JNA?
JNA will still be used to efficiently make hard links for snapshots. It's not 
necessary to lock the JVM memory when swap is disabled. 

 A second question is doesn't JNA break the Java inherent security mechanisms 
 by allowing access to direct system calls outside of the JVM?  Are there any 
 concerns around this?

Anyone else have an answer? 

Cheers

-
Aaron Morton
Freelance Developer
@aaronmorton
http://www.thelastpickle.com

On 1/05/2012, at 12:49 PM, Cord MacLeod wrote:

 Hello group,
 
 I'm a new Cassandra and Java user so I'm still trying to get my head around a 
 few things.  If you've disabled swap on a machine what is the reason to use 
 JNA?  A second question is doesn't JNA break the Java inherent security 
 mechanisms by allowing access to direct system calls outside of the JVM?  Are 
 there any concerns around this?

Re: JNA + Cassandra security

[Jonathan Ellis]

On Mon, Apr 30, 2012 at 7:49 PM, Cord MacLeod cordmacl...@gmail.com wrote:
 Hello group,

 I'm a new Cassandra and Java user so I'm still trying to get my head around a 
 few things.  If you've disabled swap on a machine what is the reason to use 
 JNA?

Faster snapshots, giving hints to the page cache with fadvise.

  A second question is doesn't JNA break the Java inherent security mechanisms 
 by allowing access to direct system calls outside of the JVM?  Are there any 
 concerns around this?

We're not trying to sandbox anything here; there's lots of places
where we explicitly allow arbitrary Java code to be injected into
Cassandra.  You don't need native code to do dangerous things with
that!

-- 
Jonathan Ellis
Project Chair, Apache Cassandra
co-founder of DataStax, the source for professional Cassandra support
http://www.datastax.com

Re: security

[Brian O'Neill]

Not sure this is the standard approach, probably more what we came up
with. ;)

We plan to deploy Cassandra behind a firewall denying all traffic on all
ports other than 8080.  Access from applications will be limited to the
REST/HTTP layer, which we'll lock down with standard HTTP authentication
mechanisms. (using built-in apache or the servlet container)

Long term, we'll probably also introduce authorization/access control by
URL as well, whereby only certain users/apps will have access to certain
keyspaces and/or column families. (again... most likely using built-in
apache mechanisms, or the servlet container)

-brian


On Tue, Nov 8, 2011 at 6:30 PM, Guy Incognito dnd1...@gmail.com wrote:

 hi,

 is there a standard approach to securing cassandra eg within a corporate
 network?  at the moment in our dev environment, anybody with network
 connectivity to the cluster can connect to it and mess with it.  this would
 not be acceptable in prod.  do people generally write custom authenticators
 etc, or just put the cluster behind a firewall with the appropriate rules
 to limit access?




-- 
Brian ONeill
Lead Architect, Health Market Science (http://healthmarketscience.com)
mobile:215.588.6024
blog: http://weblogs.java.net/blog/boneill42/
blog: http://brianoneill.blogspot.com/

Re: security

[Sasha Dolgy]

Firewall with appropriate rules.

 On Tue, Nov 8, 2011 at 6:30 PM, Guy Incognito dnd1...@gmail.com wrote:

 hi,

 is there a standard approach to securing cassandra eg within a corporate
 network?  at the moment in our dev environment, anybody with network
 connectivity to the cluster can connect to it and mess with it.  this would
 not be acceptable in prod.  do people generally write custom authenticators
 etc, or just put the cluster behind a firewall with the appropriate rules to
 limit access?

Re: security

[Mohit Anchlia]

We lockdown ssh to root from any network. We also provide individual
logins including sysadmin and they go through LDAP authentication.
Anyone who does sudo su as root gets logged and alerted via trapsend.
We use firewalls and also have a separate vlan for datastore servers.
We then open only specific ports from our application servers to
datastore servers.

You should also look at Cassandra authentication as additional means
of securing your data.

On Wed, Nov 9, 2011 at 6:39 AM, Sasha Dolgy sdo...@gmail.com wrote:
 Firewall with appropriate rules.

 On Tue, Nov 8, 2011 at 6:30 PM, Guy Incognito dnd1...@gmail.com wrote:

 hi,

 is there a standard approach to securing cassandra eg within a corporate
 network?  at the moment in our dev environment, anybody with network
 connectivity to the cluster can connect to it and mess with it.  this would
 not be acceptable in prod.  do people generally write custom authenticators
 etc, or just put the cluster behind a firewall with the appropriate rules to
 limit access?

Re: security

[Guy Incognito]

ok, thx for the input!

On 09/11/2011 15:19, Mohit Anchlia wrote:

We lockdown ssh to root from any network. We also provide individual
logins including sysadmin and they go through LDAP authentication.
Anyone who does sudo su as root gets logged and alerted via trapsend.
We use firewalls and also have a separate vlan for datastore servers.
We then open only specific ports from our application servers to
datastore servers.

You should also look at Cassandra authentication as additional means
of securing your data.

On Wed, Nov 9, 2011 at 6:39 AM, Sasha Dolgysdo...@gmail.com  wrote:

Firewall with appropriate rules.


On Tue, Nov 8, 2011 at 6:30 PM, Guy Incognitodnd1...@gmail.com  wrote:

hi,

is there a standard approach to securing cassandra eg within a corporate
network?  at the moment in our dev environment, anybody with network
connectivity to the cluster can connect to it and mess with it.  this would
not be acceptable in prod.  do people generally write custom authenticators
etc, or just put the cluster behind a firewall with the appropriate rules to
limit access?

security

[Guy Incognito]

hi,

is there a standard approach to securing cassandra eg within a corporate 
network?  at the moment in our dev environment, anybody with network 
connectivity to the cluster can connect to it and mess with it.  this 
would not be acceptable in prod.  do people generally write custom 
authenticators etc, or just put the cluster behind a firewall with the 
appropriate rules to limit access?

Data storage security

[A J]

Are there any options to encrypt the column families when they are
stored in the database. Say in a given keyspace some CF has sensitive
info and I don't want a 'select *' of that CF to layout the data in
plain text.

Thanks.

Re: Data storage security

[Eric tamme]

On Wed, Jun 29, 2011 at 12:37 PM, A J s5a...@gmail.com wrote:
 Are there any options to encrypt the column families when they are
 stored in the database. Say in a given keyspace some CF has sensitive
 info and I don't want a 'select *' of that CF to layout the data in
 plain text.

 Thanks.


I think this is an application layer issue - just encrypt/decrypt
there.  The data stored within the column value can be any arbitrary
bytes, and since column data is not indexed it wont affect how you can
access the data with Cassandra in any way.

-Eric

Re: Cassandra security model? ( or, authentication docs ?)

[Yang]

Thanks a lot

On Mon, Oct 18, 2010 at 11:44 AM, Eric Evans eev...@rackspace.com wrote:
 On Sun, 2010-10-17 at 21:26 -0700, Yang wrote:
 I searched around, it seems that this is not clearly documented yet;
 the closest I found is:
 http://www.riptano.com/docs/0.6.5/install/auth-config
 http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/Authentication-td5285013.html#a5285013

 I did start cassandra with the args mentioned above:

 bin/cassandra -Dpasswd.properties=mypasswd.properties
 -Daccess.properties=myaccess.properties -f

 Try
 http://www.riptano.com/docs/0.6.5/install/storage-config#Authenticator


 --
 Eric Evans
 eev...@rackspace.com

Re: Cassandra security model? ( or, authentication docs ?)

[Jeremy Hanna]

just as an fyi, I created something in the wiki yesterday - it's just a start 
though - http://wiki.apache.org/cassandra/ExtensibleAuth
there's also a FAQ entry on it now - http://wiki.apache.org/cassandra/FAQ#auth
just for going forward - on the wiki itself, just trying to help there.

On Oct 19, 2010, at 3:06 AM, Yang wrote:

 Thanks a lot
 
 On Mon, Oct 18, 2010 at 11:44 AM, Eric Evans eev...@rackspace.com wrote:
 On Sun, 2010-10-17 at 21:26 -0700, Yang wrote:
 I searched around, it seems that this is not clearly documented yet;
 the closest I found is:
 http://www.riptano.com/docs/0.6.5/install/auth-config
 http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/Authentication-td5285013.html#a5285013
 
 I did start cassandra with the args mentioned above:
 
 bin/cassandra -Dpasswd.properties=mypasswd.properties
 -Daccess.properties=myaccess.properties -f
 
 Try
 http://www.riptano.com/docs/0.6.5/install/storage-config#Authenticator
 
 
 --
 Eric Evans
 eev...@rackspace.com
 
 

Re: Cassandra security model? ( or, authentication docs ?)

[Eric Evans]

On Sun, 2010-10-17 at 21:26 -0700, Yang wrote:
 I searched around, it seems that this is not clearly documented yet;
 the closest I found is:
 http://www.riptano.com/docs/0.6.5/install/auth-config
 http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/Authentication-td5285013.html#a5285013
 
 I did start cassandra with the args mentioned above:
 
 bin/cassandra -Dpasswd.properties=mypasswd.properties
 -Daccess.properties=myaccess.properties -f

Try
http://www.riptano.com/docs/0.6.5/install/storage-config#Authenticator


-- 
Eric Evans
eev...@rackspace.com

Cassandra security model? ( or, authentication docs ?)

[Yang]

I see that the raw thrift API has  a   login() method,
but when I setup a one-node cluster, I can simply connect
localhost/9160 without any passwd

what is the current picture of the security model? how can I enforce
authentication?

I searched around, it seems that this is not clearly documented yet;
the closest I found is:
http://www.riptano.com/docs/0.6.5/install/auth-config
http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/Authentication-td5285013.html#a5285013

I did start cassandra with the args mentioned above:

bin/cassandra -Dpasswd.properties=mypasswd.properties
-Daccess.properties=myaccess.properties -f

but then I can still simply use the command line interface to
connect localhost/9160
use myKeyspace

without any authentication passwd

security, firewall level only?

[S Ahmed]

Is security in terms of remote clients connecting to a cassandra node done
purely at the hardware/firewall level?

i.e. there is no username/pwd like in mysql/sqlserver correct?

Or permissions at the column family level per user ?