Greetings,
Matt brought to my attention that I shared the document at "view only"
mode. My apologies for that. I corrected permissions and shared the
document personally with everybody, who indicated he/she would review it.
Thanks,
Oleg
On Fri, Feb 12, 2016 at 10:33 PM, oleg yu
nt/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing
Thanks,
Oleg
On Thu, Feb 11, 2016 at 2:29 PM, oleg yusim wrote:
> Greetings,
>
> Performing security assessment of Cassandra with the goal of generating
> STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some
>
Jack,
I updated my document with all the security gaps I was able to find and
posted it there:
https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing
Thanks,
Oleg
On Thu, Feb 11, 2016 at 4:09 PM, oleg yusim wrote:
> Jack,
>
> I asked my m
ent/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing
Thanks,
Oleg
On Thu, Feb 11, 2016 at 3:52 PM, oleg yusim wrote:
> Jack,
>
> This document doesn't cover all the areas where user will need to get
> engaged in explicit mitigation, it only covers those, I wa
at becomes public and when.
>
> -- Jack Krupansky
>
> On Thu, Feb 11, 2016 at 3:23 PM, oleg yusim wrote:
>
>> Hi Dani,
>>
>> As promised, I sort of put all my questions under the "one roof". I would
>> really appreciate you opinion on them.
>>
>
ably be good to have
> doc to highlight areas where users will need to engage in explicit
> mitigation efforts if their infrastructure does not implicitly effect
> mitigation for various security exposures.
>
> -- Jack Krupansky
>
> On Thu, Feb 11, 2016 at 3:21 PM, oleg yusim wrote
Thanks Dani.
Oleg
On Thu, Feb 11, 2016 at 2:27 PM, Dani Traphagen wrote:
> Hi Oleg,
>
> I'm happy to take a look. Will update after review.
>
> Thanks,
> Dani
>
> On Thu, Feb 11, 2016 at 12:23 PM, oleg yusim wrote:
>
>> Hi Dani,
>>
>> As promi
Greetings,
Performing security assessment of Cassandra with the goal of generating
STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some
questions regarding the way certain security features are implemented (or
not) in Cassandra.
I composed the list of questions on these topic
Thanks that helped clear things up! This sounds like a daunting task. I
> wish you all the best with it.
>
> Cheers,
> Dani
>
> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim wrote:
>
>> Dani,
>>
>> I really appreciate you response. Actually, session timeouts and s
Robert, Jack, Bryan,
As you suggested, I put together document, titled
Cassandra_Security_Topics_to_Discuss, put it on Google Drive and shared it
with everybody on this list. The document contains list of questions I have
on Cassandra, my take on it, and has a place for notes Community would like
Greetings,
Is it a way to find out (list or otherwise) if any extensions were
installed with Cassandra base package?
Thanks,
Oleg
ose companies will probably answer some of your questions for free if you
> post on these mailing lists. They’ll likely answer even more if you pay
> them.
>
>
>
> From: oleg yusim
> Reply-To: "user@cassandra.apache.org"
> Date: Friday, January 29, 2016 at 9:16 AM
&g
Thanks Dani!
Oleg
On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen wrote:
> Hi Oleg,
>
> Thanks that helped clear things up! This sounds like a daunting task. I
> wish you all the best with it.
>
> Cheers,
> Dani
>
> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim
find something in the doc.
>
> -- Jack Krupansky
>
> On Fri, Jan 29, 2016 at 5:02 PM, oleg yusim wrote:
>
>> Jack,
>>
>> Appreciate the links. As I mentioned, I looked over both DSE and
>> Cassandra sets of documentation, and ran some experiments on my Cassan
in the software.
>
> In general, if you see a feature in DSE, just do a keyword search in the
> Cassandra doc to see if it is supported outside of DSE.
>
> -- Jack Krupansky
>
> On Fri, Jan 29, 2016 at 4:23 PM, oleg yusim wrote:
>
>> Alex,
>>
>> No offen
compensation controls.
Thanks,
Oleg
On Fri, Jan 29, 2016 at 1:10 PM, Alex Popescu wrote:
>
> On Fri, Jan 29, 2016 at 8:17 AM, oleg yusim wrote:
>
>> Thanks for encouraging me, I kind of grew a bit desperate. I'm security
>> person, not a Cassandra expert, and do
andra-user and cassandra-dev mailing lists are the primary sources
> of knowledge outside of support contracts. For paid support, companies like
> Datastax and The Last Pickle tend to be well respected options. Both of
> those companies will probably answer some of your qu
; security client.
>>
>> DSE has different security aspects rolling out in the next release
>> as addressed earlier by Jack, like commit log and hint encryptions, as well
>> as, unified authentication...but secuirty labels aren't on anyone's radar
>> as a pres
be frustrating to not
> get answers to questions that seem completely basic and obvious, but you're
> asking about areas that *most* people on this list don't have knowledge
> about and zero motivation to learn, because it's not necessary to solve the
> problems we face.
assandra/3.x/cassandra/configuration/secureTOC.html
>
> Also note that on questions of security, DataStax Enterprise may have
> different answers than pure open source Cassandra.
>
> -- Jack Krupansky
>
> On Thu, Jan 28, 2016 at 8:37 PM, oleg yusim wrote:
>
>> Patrick,
gt; Carlos Alonso | Software Engineer | @calonso <https://twitter.com/calonso>
>
> On 29 January 2016 at 14:19, oleg yusim wrote:
>
>> Not a problem, Carlos, at least you tried :) I have overall a big problem
>> with my queries to Cassandra community. Most of them are no
to
> inactivity...
>
> Not sure there's such option. Sorry
>
> Carlos Alonso | Software Engineer | @calonso <https://twitter.com/calonso>
>
> On 29 January 2016 at 13:35, oleg yusim wrote:
>
>> Carlos,
>>
>> I went through Java and Python drivers... did
<https://twitter.com/calonso>
>
> On 29 January 2016 at 13:15, oleg yusim wrote:
>
>> Hi Carlos,
>>
>> Thanks for your anwer. Can you, please, get me a bit me information? What
>> is the driver? JDBC? What is the name of configuration file?
>>
>> Thanks
tionality.
>
> Hope it helps.
>
> Carlos Alonso | Software Engineer | @calonso <https://twitter.com/calonso>
>
> On 28 January 2016 at 22:18, oleg yusim wrote:
>
>> Greetings,
>>
>> Does Cassandra support session timeout? If so, where can I find this
&g
Greetings,
What is the right way to configure Cassandra logging, so it would log all
the connects and disconnects?
Thanks,
Oleg
wrote:
> Cassandra has support for authentication security, but I'm not familiar
> with a security label. Can you describe what you want to do?
>
> Patrick
>
> On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim wrote:
>
>> Greetings,
>>
>> Does Cassandra support s
Greetings,
Does Cassandra support security label concept? If so, where can I read on
how it should be applied?
Thanks,
Oleg
Greetings,
Does Cassandra support session timeout? If so, where can I find this
configuration switch? If not, what kind of hook I can use to write my out
code, terminating session in so many seconds of inactivity?
Thanks,
Oleg
Greetings,
I decided to put together a separate thread with logging configuration
questions I have (I'm trying to figure out what from security best
practices on logging Cassandra can and can't do):
1) Can Cassandra log IP and hostname of the host, DB resides at?
2) Can Cassandra log IP and hostn
Sam, Paulo,
One more question on logging. Can I add IP and hostname to the log message?
If it is possible, can you give me example of how I would need to
change %-5level %date{HH:mm:ss,SSS} %msg%n to add this
information?
Thanks,
Oleg
On Tue, Jan 26, 2016 at 4:42 PM, oleg yusim wrote
which can become quite messy as shown in CASSANDRA-7276.
>>
>> For CQL statements perhaps the query tracing infrastructure could be
>> reused to provide that info, but that would require further investigation.
>> See CASSANDRA-1123 for more details on that.
>>
&g
inherit identifiers from parent threads and cleanup afterwards. See
> CASSANDRA-7276 for more background.
>
> 2016-01-25 12:09 GMT-03:00 oleg yusim :
>
>> I want to try to re-phrase my question here... what I'm trying to achieve
>> is identity-based logging. I.e. every
n Thu, Jan 21, 2016 at 2:57 PM, oleg yusim wrote:
> Joel,
>
> Thanks for reference. What I'm trying to achieve, is to add the name of
> the user, who initiated logged action. I tried c{5}, but what I see is that;
>
> TRACE [GossipTasks:1] c{5} 2016-01-21 20:51:17,619 Goss
ml#conversionWord
>
>
> On Thu, Jan 21, 2016 at 1:21 PM, oleg yusim wrote:
>
>> Greetings,
>>
>> Guys, can you, please, point me to documentation on how to configure
>> format of logs? I want make it clear, I'm talking about formatting i.e.
>> this:
>>
Greetings,
Guys, can you, please, point me to documentation on how to configure format
of logs? I want make it clear, I'm talking about formatting i.e. this:
%-5level %date{HH:mm:ss,SSS} %msg%n
What if I want to add another parameters into this string? Is there a list
of available parameters her
, 2016 at 9:04 PM, oleg yusim wrote:
> Brian - absolutely.
>
> To give you are brief description of what I'm doing. I'm working for
> VMware as security architect, and they tasked me with creating a STIG
> (working with DISA ) for Cassandra DB. To create a STIG I would walk
&
ecurity is here:
>
> https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureIntro.html
>
>
>
> -- Jack Krupansky
>
> On Thu, Jan 14, 2016 at 5:49 PM, oleg yusim wrote:
>
>> Jack,
>>
>> Thanks for your answer. I guess, I'm a little confused
my mobile
> Daemeon C.M. Reiydelle
> USA 415.501.0198
> London +44.0.20.8144.9872
> On Jan 14, 2016 5:16 PM, "oleg yusim" wrote:
>
>> Greetings,
>>
>> Guys, can you please help me to understand following:
>>
>> I'm reading through the way keys
>
> On Thu, Jan 14, 2016 at 5:16 PM, oleg yusim wrote:
>
>> Greetings,
>>
>> Guys, can you please help me to understand following:
>>
>> I'm reading through the way keystore and truststore are implemented, and
>> it is all fine and great, but at
Greetings,
Guys, can you please help me to understand following:
I'm reading through the way keystore and truststore are implemented, and it
is all fine and great, but at the end Cassandra documentation instructing
to extract all the keystore content and leave all certs and keys in a clear.
Do I
Can you describe what avenues you're expecting either intrusion or DOS?
>
> On Wed, Jan 13, 2016 at 6:01 PM, oleg yusim wrote:
>
>> OK Rob, I see what you saying. Well, let's dive into the long questions
>> and answers at this case a bit:
>>
>> 1) Is there
, but what be suggested value not to exceed?
Thanks,
Oleg
On Wed, Jan 13, 2016 at 6:31 PM, Robert Coli wrote:
> On Wed, Jan 13, 2016 at 1:41 PM, oleg yusim wrote:
>
>> Quick question, here: does Cassandra have a configuration switch to limit
>> number of connections per user (p
Greetings,
Quick question, here: does Cassandra have a configuration switch to limit
number of connections per user (protection of DoS attack, security)?
Thanks,
Oleg
43 matches
Mail list logo
