Slides Cassandra

Security Features
In Cassendra
‫ارائه‬
‫کالسی‬
‫درس‬
‫امنیت‬
‫پایگاه‬
‫داده‬
‫دانشگاه‬
‫صنعتی‬
‫شریف‬
‫ارائه‬
‫دهندگان‬
:
‫میالد‬
‫‌نیا‬
‫ل‬‫‌گ‬
‫ل‬‫گ‬
-
‫حمید‬
‫دشتبان‬
‫ی‬
‫استاد‬
‫درس‬
:
‫صادق‬
‫دری‬
‫نوگورانی‬
‫نیمسال‬
‫اول‬
۱۴۰۰
-
۱۴۰۱

Contents 3
Introduction
Architecture
Installation
Security Features
References

History 5
BigData
2006
Dynamo
2007
Facebook
2008
Apache
2009

6
Milad Golgolnia - Hamid Dashtbani - Cassandra

Applications 7
Netflix Github Ebay ...

Architecture 9
Node
Data Center ! Cluster

Storage 10
Write
SSTable
Mem-
Table
Commit
log

Data Model 11
Keyspace
Column-Family
Row
Column

Installation
12

Installation
• Download directly and install manually:
1. Download from:
https://cassandra.apache.org/_/downlo
ad.html
2. Install as guide.
• Using Linux repositories:
1. sudo apt install cassandra
2. yay cassandra
3. ...
13

Activation
14
 By default the service is inactive.
 Activate using systemctl
Milad
Golgolnia
-
Hamid
Dashtbani
-
Cassandra

Activation
15
Problem $ cassandra

Security Features Replication
Hint/Repair
Logs
Backup
SSL
Authorization
Authentication
17

Repair
• Doesn't repair all of cluster!
• Incremental: 1-3 day
• Full: 1-3 week
• $ nodetool tpstats
19

Read Repair 20
• Read Consistency Level dependent
• Blocks read request!
• Table Creation Specific
• Use hash for speed-up
• May need Merge

Logs
System.log
• Default
• GCInspector(Capacity)
• Uncaught exceptions
• Join/Leave
• Keyspace modifications
• ...
Debug.log
• More detail
• Compaction
• Mem-Table flush
• ...
Gc.log
• Java garbage collector
logs
• Detect latency
• GCViewer:
https://github.com
/chewiebug/GCViewe
r
• Pause < 200ms
• Throughput > 99%
21

Authentication
• No authentication by default!
• rolename/password for authentication
• Attributes & Privileges:
• SUPERUSER
• LOGIN
• PASSWORD
22

Configuring Authentication
• authenticator in cassandra.yaml:
• AllowAllAuthenticator
• PasswordAuthenticator
• Authentication stored in:
• system_auth.roles
• system_auth.role_member
• Salted password
23

Authorization
• No authorization by default!
• RBAC for authorization
• Objects: keyspace, table, function, role
• Permissions:
• AUTHORIZE: GRANT, REVOKE
• DESCRIBE
• EXECUTE: SELECT, INSERT, UPDATE
• …
24

Permissions
• Every role has read permission on:
• system_schema.keyspaces/columns/tables
• system.peers/local
• GRANT permissions and/or roles
• Roles inherit permissions:
• GRANT role1 TO role2;
• SUPERUSER is inherited, but the LOGIN is not
25

Configuring Authorization
• authorizer in cassandra.yaml
• AllowAllAuthorizer
• CassandraAuthorizer
• system_auth.role_permissions
26

Secure Authentication/Authorization
• Cassandra has a default superuser:
• cassandra/cassandra
• Should be disabled
• Cannot be deleted from Cassandra!
• Change the password to something long
• Alter the user's status to NOSUPERUSER:
27

Secure Authentication/Authorization
• Authorization/Authentication is critical
• system_auth keyspace must be available
• Replication factor for system_auth is 1 by default
• replicate system_auth
• Increase to 3-5 replica per datacenter
28

Thanks For Your Attention 29
Contact:
• Golgolniamilad@gmail.com
• hamiddb77@gmail.com

30
References
• HTTPS://CASSANDRA.APACHE.ORG/DOC/LA
TEST/CASSANDRA
• HTTPS://FA.WIKIPEDIA.ORG
• HTTPS://DTSCLIENTIST.IR
• HTTPS://SHARIF.EDU
• HTTPS://DOCS.DATASTAX.COM/EN/CASSAN
DRA-OSS/3.0/CASSANDRA

Slides Cassandra

More Related Content

What's hot

Similar to Slides Cassandra

Recently uploaded

Slides Cassandra