Jeff, Understood. Thanks for your response. I would put together my questions in one thread here, will title it "Security". Then I will move whatever was not answered to the dev thread.
Thanks, Oleg On Fri, Jan 29, 2016 at 11:42 AM, Jeff Jirsa <jeff.ji...@crowdstrike.com> wrote: > > > For instance, way AAA (authentication, authorization, audit) is done, > doesn't allow for centralized account and access control management, which > in reality translates into shared accounts and no hierarchy. > > Authentication and Authorization are both pluggable. Any organization can > write their own, and tie it to any AAA system they currently have. If they > were feeling generous, they could open source it for the community, and > perhaps bring it upstream. There’s nothing fundamentally preventing your > organization from writing an Authenticator ( > https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/auth/IAuthenticator.java > ) > or Authorizor ( > https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/auth/IAuthorizer.java > ) > if they were so inclined. > > Audit is something that’s being actively discussed ( > https://issues.apache.org/jira/browse/CASSANDRA-8844 ). > > It’s an open source project with a very small number of commercial > vendors. In general, that means there are 3 options: > > 1. Wait for someone else to write it to fit their need, and hopefully > they open source it. > 2. Write it yourself > 3. Pay a vendor (such as Datastax), and let them know in advance it’s > a requirement to get it on their roadmap. This is really #2 with some > polish to make it easier to get through your legal/AP systems. > > > So far it doesn't work quite well, and from what you are saying, it > wouldn't, because of lack of knowledge and lack of motivation to get it. > What would be your suggestion? Who is capable of answering my questions? Is > there another community, I should turn to? > > The cassandra-user and cassandra-dev mailing lists are the primary sources > of knowledge outside of support contracts. For paid support, companies like > Datastax and The Last Pickle tend to be well respected options. Both of > those companies will probably answer some of your questions for free if you > post on these mailing lists. They’ll likely answer even more if you pay > them. > > > > From: oleg yusim > Reply-To: "user@cassandra.apache.org" > Date: Friday, January 29, 2016 at 9:16 AM > To: "user@cassandra.apache.org" > Subject: Re: Session timeout > > Jon, > > I suspected something like that. I did a bit of learning on Cassandra > before starting my assessment, and I understand that you are right, and it > is generally not used like that. > > However (taking off my developer hat and putting on my security architect > hat), from the security point of view the way Cassandra is used now is not > very secure. For instance, way AAA (authentication, authorization, audit) > is done, doesn't allow for centralized account and access control > management, which in reality translates into shared accounts and no > hierarchy. That in turn translates into situation when one person > compromising credentials means complete disaster - administrative access to > DB was just given up, with all the consequences. To top it all logging > currently implemented in horrible manner too. It doesn't even allow to log > username - basic requirement for any product, which would allow DBA or ISSO > to figure out who did what on DB and recover in case of attack or crash. In > general, logs the way they are today are targeted toward developer, making > changes in DB, not toward the DBA, using it, and doesn't make much sense in > my opinion. > > Now if you are interested in that subject, that document: > http://iasecontent.disa.mil/stigs/zip/Jan2016/U_Database_V2R3_SRG.zip > covers security concerns which should be taken in the account, when we are > designing database. It also explains why each of them is important and what > exactly would happen if it would be neglected. > > Jon, I would also appreciate suggestion. What I do right now is called > "writing a STIG".That is when somebody takes concepts from SRG (the > document I gave you link to above) and figures out how those are applied to > that particular product. What is met (and what configuration on product > leads to it, exactly), what is not met, but can be with little enhancement > (and again - what those would be exactly), and what is not met and can't be > met at current design. All that is combined into one document, called STIG > and published by government (DISA) on > http://iase.disa.mil/stigs/Pages/a-z.aspx page. Those STIGs mean a great > deal from the security point of view because they: > > - Allow to save a lot of time on re-assessment of the product every > single time > - Allow to know what are the products limitations are from the > security point of view before hands (and as such, place it right on the > system, implementing all right compensation controls around it) > - Allow to automate, both configuration checks from the security point > of view and hardening of the product > - Give product pass to DoD framework because if product has STIG and > was configured in accordance to it, it is secure by DoD definition > > So overall, it is to the great benefit for the product to have STIG > written for it, since it advances it on security market quite a bit and at > the end - improves product's security posture quite a bit as well. My > initial idea was that I would bring on board my knowledge of security > concepts, and when I would lack understanding of intricate details of DB, I > would turn to the Cassandra community for support. > > So far it doesn't work quite well, and from what you are saying, it > wouldn't, because of lack of knowledge and lack of motivation to get it. > What would be your suggestion? Who is capable of answering my questions? Is > there another community, I should turn to? > > Would really appreciate your input on that, > > Thanks, > > Oleg > > > > > > On Fri, Jan 29, 2016 at 10:24 AM, Jonathan Haddad <j...@jonhaddad.com> > wrote: > >> I think the reason why most of your queries aren't being answered is >> because you're asking questions that most people don't have the answer to. >> On the automatic disconnect, anyone using Cassandra in prod doesn't really >> need to think about it because we're always running queries, perhaps >> millions a second. Queries are multiplexed over a single connection. >> Almost nobody ever actually runs into a case of leaving a socket open for >> hours without a query, so to find out if it actually happens, someone would >> have to look it up in the source. >> >> Your questions about auditing are geared more towards if you're using a >> database that's built for multi user access. Cassandra was built to solve >> a very different problem. In most cases, you don't have hundreds of people >> connecting from a shell, leaving connections open, casually querying for BI >> reports. This isn't how *most* people use Cassandra, it wasn't really >> built for that. There's better support for users & roles nowadays but it's >> relatively new and that's about all you have right now. >> >> I realize you're new to the community, and it can be frustrating to not >> get answers to questions that seem completely basic and obvious, but you're >> asking about areas that *most* people on this list don't have knowledge >> about and zero motivation to learn, because it's not necessary to solve the >> problems we face. >> >> >> On Fri, Jan 29, 2016 at 6:19 AM oleg yusim <olegyu...@gmail.com> wrote: >> >>> Not a problem, Carlos, at least you tried :) I have overall a big >>> problem with my queries to Cassandra community. Most of them are not >>> getting answered. >>> >>> Oleg >>> >>> On Fri, Jan 29, 2016 at 8:03 AM, Carlos Alonso <i...@mrcalonso.com> >>> wrote: >>> >>>> Oh, I thought you meant read/write timeout, not session timeout due to >>>> inactivity... >>>> >>>> Not sure there's such option. Sorry >>>> >>>> Carlos Alonso | Software Engineer | @calonso >>>> <https://twitter.com/calonso> >>>> >>>> On 29 January 2016 at 13:35, oleg yusim <olegyu...@gmail.com> wrote: >>>> >>>>> Carlos, >>>>> >>>>> I went through Java and Python drivers... didn't find anything like >>>>> that. Can you bring me example from your Ruby driver? Let me also make >>>>> sure >>>>> we are on the same page - I'm talking about session timeout due to >>>>> inactivity, not read timeout or something like that. >>>>> >>>>> Thanks, >>>>> >>>>> Oleg >>>>> >>>>> On Fri, Jan 29, 2016 at 7:23 AM, Carlos Alonso <i...@mrcalonso.com> >>>>> wrote: >>>>> >>>>>> I personally don't use the Java but the Ruby driver, but I'm pretty >>>>>> sure you'll be able to find it in the docs: >>>>>> https://github.com/datastax/java-driver >>>>>> >>>>>> Carlos Alonso | Software Engineer | @calonso >>>>>> <https://twitter.com/calonso> >>>>>> >>>>>> On 29 January 2016 at 13:15, oleg yusim <olegyu...@gmail.com> wrote: >>>>>> >>>>>>> Hi Carlos, >>>>>>> >>>>>>> Thanks for your anwer. Can you, please, get me a bit me information? >>>>>>> What is the driver? JDBC? What is the name of configuration file? >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Oleg >>>>>>> >>>>>>> On Fri, Jan 29, 2016 at 5:12 AM, Carlos Alonso <i...@mrcalonso.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Oleg. >>>>>>>> >>>>>>>> The drivers have builtin the timeout configurable functionality. >>>>>>>> >>>>>>>> Hope it helps. >>>>>>>> >>>>>>>> Carlos Alonso | Software Engineer | @calonso >>>>>>>> <https://twitter.com/calonso> >>>>>>>> >>>>>>>> On 28 January 2016 at 22:18, oleg yusim <olegyu...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Greetings, >>>>>>>>> >>>>>>>>> Does Cassandra support session timeout? If so, where can I find >>>>>>>>> this configuration switch? If not, what kind of hook I can use to >>>>>>>>> write my >>>>>>>>> out code, terminating session in so many seconds of inactivity? >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> Oleg >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >
