Re: Security assessment of Cassandra
Just following up... Oleg, have you gotten a satisfactory level of feedback from the community on the security assessment issues? And if there is any sort of final assessment that can be publicly accessed, that would be great. -- Jack Krupansky On Thu, Feb 11, 2016 at 3:29 PM, oleg yusim wrote: > Greetings, > > Performing security assessment of Cassandra with the goal of generating > STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some > questions regarding the way certain security features are implemented (or > not) in Cassandra. > > I composed the list of questions on these topics, which I wasn't able to > find definitive answer to anywhere else and posted it here: > > https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM > > It is shared with all the members of that list, and any of the members of > this list is welcome to comment on this document (there is a place for > community comments specially reserved near each of the questions and my > take on it). > > I would greatly appreciate Cassandra community help here. > > Thanks, > > Oleg >
Re: Security assessment of Cassandra
Greetings, Matt brought to my attention that I shared the document at "view only" mode. My apologies for that. I corrected permissions and shared the document personally with everybody, who indicated he/she would review it. Thanks, Oleg On Fri, Feb 12, 2016 at 10:33 PM, oleg yusim wrote: > Greetings, > > Following Jack's and Matt's suggestions, I moved the doc to Google Docs > and added to it all the security gaps in Cassandra I was able to discover > (please, see second table below fist). > > Here is an updated link to my document: > > > https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing > > Thanks, > > Oleg > > On Thu, Feb 11, 2016 at 2:29 PM, oleg yusim wrote: > >> Greetings, >> >> Performing security assessment of Cassandra with the goal of generating >> STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across >> some questions regarding the way certain security features are implemented >> (or not) in Cassandra. >> >> I composed the list of questions on these topics, which I wasn't able to >> find definitive answer to anywhere else and posted it here: >> >> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM >> >> It is shared with all the members of that list, and any of the members of >> this list is welcome to comment on this document (there is a place for >> community comments specially reserved near each of the questions and my >> take on it). >> >> I would greatly appreciate Cassandra community help here. >> >> Thanks, >> >> Oleg >> > >
Re: Security assessment of Cassandra
Greetings, Following Jack's and Matt's suggestions, I moved the doc to Google Docs and added to it all the security gaps in Cassandra I was able to discover (please, see second table below fist). Here is an updated link to my document: https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing Thanks, Oleg On Thu, Feb 11, 2016 at 2:29 PM, oleg yusim wrote: > Greetings, > > Performing security assessment of Cassandra with the goal of generating > STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some > questions regarding the way certain security features are implemented (or > not) in Cassandra. > > I composed the list of questions on these topics, which I wasn't able to > find definitive answer to anywhere else and posted it here: > > https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM > > It is shared with all the members of that list, and any of the members of > this list is welcome to comment on this document (there is a place for > community comments specially reserved near each of the questions and my > take on it). > > I would greatly appreciate Cassandra community help here. > > Thanks, > > Oleg >
Security assessment of Cassandra
Greetings, Performing security assessment of Cassandra with the goal of generating STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some questions regarding the way certain security features are implemented (or not) in Cassandra. I composed the list of questions on these topics, which I wasn't able to find definitive answer to anywhere else and posted it here: https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM It is shared with all the members of that list, and any of the members of this list is welcome to comment on this document (there is a place for community comments specially reserved near each of the questions and my take on it). I would greatly appreciate Cassandra community help here. Thanks, Oleg