In Cassandra Lunch #90, CEO of Anant, Rahul Singh, will discuss the different ways to secure Apache Cassandra. This is going to be an overview of the built-in features as well as other options that can be used Accompanying Blog: Coming Soon! Accompanying SlideShare: https://youtu.be/VK3sqh7XxIU Sign Up For Our Newsletter: http://eepurl.com/grdMkn Join Cassandra Lunch Weekly at 12 PM EST Every Wednesday: https://www.meetup.com/Cassandra-DataStax-DC/events/ Cassandra.Link: https://cassandra.link/ Follow Us and Reach Us At: Anant: https://www.anant.us/ Awesome Cassandra: https://github.com/Anant/awesome-cassandra Cassandra.Lunch: https://github.com/Anant/Cassandra.Lunch Email: solutions@anant.us LinkedIn: https://www.linkedin.com/company/anant/ Twitter: https://twitter.com/anantcorp Eventbrite: https://www.eventbrite.com/o/anant-1072927283 Facebook: https://www.facebook.com/AnantCorp/ Join The Anant Team: https://www.careers.anant.us

1. Securing Apache
Cassandra
Strategies and tactics for cybersecurity for
building platforms around Apache Cassandra,
covering Network, Hardware, Data, and
Application level security.

2. Security : Dance between
Convenience & Protecting
Assets

3. It takes 20 years to build a
reputation and few
minutes of cyber-incident
to ruin it.
Stéphane Nappo, Global Chief Information
Security Officer at Société Générale
International Banking

4. What’s the big deal with Security?
Defending Valuable “Things”
● Prevent
● Detect
● React
… to Prevent Negative Consequences
● User truncates a table (Insider)
● System crashes, systems down (System)
● Data can be stolen, but you may not know it (??)
● The bad actor may be 12 time zones away (Outsider)
● Someone in your company could get disgruntled. (Insider)
● Someone working at the cloud company you trust could get
disgruntled. (Semi-Insider)
● Avoid litigation from governments and individuals (Legal)

5. Aspects of Security
Tenets of Information Security (CIA)
● Confidentiality - prevent
unauthorized access.
● Integrity - prevent
unsanctioned funging
● Availability - prevent
unauthorized withholding of
data.
● Non-repudiation - Integrity of the
origin and the data itself. Legit?
● Authentication - Who can access
this?
● Authorization - What should they
be able to access once in?
● Accountability - Can we find out
who did what?

6. What do I need to do now?
● Must
○ Legal requirements
○ Data Protection
○ HIPAA / PCI
○ Data Retention policies
○ Other company policies
● Should
○ Network
○ System
○ Data
○ Application

7. What else should I think about?
● Mission Critical Assets – This is the data you need to protect*
● Data Security – Data security controls protect the storage and transfer of
data.
● Application Security – Applications security controls protect access to an
application, an application’s access to your mission critical assets, and the
internal security of the application.
● Endpoint Security – Endpoint security controls protect the connection
between devices and the network.
● Network Security – Network security controls protect an organization’s
network and prevent unauthorized access of the network.
● Perimeter Security – Perimeter security controls include both the physical
and digital security methodologies that protect the business overall.
● The Human Layer – Humans are the weakest link in any cybersecurity
posture. Human security controls include phishing simulations and access
management controls that protect mission critical assets from a wide
variety of human threats, including cyber criminals, malicious insiders, and
negligent users.

8. Network
● Edge Security
● Cloud Security
● Virtual Private Cloud
Security
● Security Groups
● …
System Application
● System Firewall
● Operating System
● Disk Encryption
(Hard/Soft)
● OWASP
● End Points
● Variables
● Authorization
● Authentication
Platform Security
Data
● Encryption
● Backups
● Authorization
● Authenticatio
n

9. Network Security
● Physical network
● Application network
● Database network
● Access to application nodes
● Access between DB nodes
● Access to specific security
groups / subnets
● Regions/zones for redundancy
Easiest to secure.
Also forgotten by amateurs.

10. Data Disaster Security
● Backup / Restoration of
keyspace, tables, subsets of data.
● Protection of Backup data.
● Redundancies with zones /
datacenters?
If someone deletes your data, how
will you get it back?

11. Hardware / Disk Security
● Cloud Disks
○ AWS / Azure / etc Disks can be encrypted
○ Disks encrypted with CMK (Customer
managed keys)
○ Without the key you can steal the disk, data
but its no good.
● Data encryption at rest via software
○ E.g. Vormetric Transparent Encryption
works on any database
○ Datastax Transparent Data Encryption

12. Application Security
● Separating app auth from database
auth
● App security , segregation of
database access for app users
● General app security , users, roles,
etc.
● Do we need symmetric ,
asymmetric encryption on the app
itself.
Can someone hack your database
through your app without accessing the
system?

13. ● Using central authentication e.g.
ldap, kerberos, OKTA, etc.
● Only select users should be able to
elevate their privilege to root or
service accounts.
● Only a specific service user should
be able to run cassandra, etc.
● Use two factor auth for system
access.
Can someone get access to the computer
that the database or app is on?
Operating System Security

14. Roles
● Access to Cluster
● Access to Objects
● Roles & Permissions
Node JMX
● System Operations
● Nodetool
● Metrics
● Protect via SSL
● Protect via U/P
● SSL/TLS
○ Node to
Node
○ DC to DC
○ ALL
● via Network
○ Security
Group
Cassandra Security
Client
● Use App
Users to
Authenticate
● Limited
Permissions
● SSL for Client
to Node

15. ● Add your own roles / users
● Remove cassandra user
● Segment permissions by need
● Internal vs. external
(LDAP/Kerberos)
Cassandra Roles & Permissions

16. ● Nodes must have certificates to
connect to cluster.
● Prevents other nodes from joining
● Levels: All, DC, Rack
● Keys are on disk, must be
protected.
● Doesn’t impact developers, but can
affect users because of
encryption/decryption speed.
Cassandra Node to Node Encryption

17. ● Application and users must have
cert to connect to the cluster.
● Prevents ‘rando’ insiders from
getting data
● Prevents ‘noobs’ from running
‘select * from everything’ queries
on Production
● Doesn’t impact node to node access
but impacts app / developer /
admin access.
Cassandra Client to Node Encryption

18. Other Useful Cassandra Tips
● Auditing
○ Starting in C*4
○ Also was there before.
● Data Segmentation
○ Different Keyspaces in Different
Datacenters
○ Duplicate Data with Redacted
Information
● Application Encryption
○ Encrypt Columns
○ Using a salt / hash all data going
in, coming out
○ Unable to use filters / range
queries

19. Resources
● https://jumpcloud.com/blog/boss-it-security-quotes
● https://www.geeksforgeeks.org/granting-permissions-to-roles-in-cassandra/
● https://cassandra.apache.org/doc/latest/cassandra/operating/security.html
● https://docs.datastax.com/en/cassandra-
oss/3.0/cassandra/configuration/secureTOC.html
● https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-
tier-cassandra
● https://gomindsight.com/insights/blog/what-are-the-7-layers-of-security/
● https://blogs.vmware.com/cloud/2021/12/02/configuring-cassandra-internode-
encryption-without-data-loss/
● https://thelastpickle.com/blog/2015/09/30/hardening-cassandra-step-by-step-part-1-
server-to-server.html
● https://blog.pythian.com/cassandra-3-9-security-feature-walk/