Peter Czanik: Secure your Elasticsearch cluster and avoid ransomware

Source From: fedoraplanet.org | Original article title: Peter Czanik: Secure your Elasticsearch cluster and avoid ransomware | This full article can be read at: Peter Czanik: Secure your Elasticsearch cluster and avoid ransomware.


Last week,  news came out that unprotected MongoDB databases are being actively compromised: content copied and replaced by a message asking for a ransom to get it back. As The Register reports: Elasticsearch is next.

Protecting access to Elasticsearch by a firewall is not always possible. But even in environments where it is possible, many admins are not protecting their databases. Even if you cannot use a firewall, you can secure connection to Elasticsearch by using encryption. Elasticsearch by itself does not provide any authentication or encryption possibilities. Still, there are many third-party solutions available, each with its own drawbacks and advantages.

X-pack (formerly: Shield) is the solution developed by Elastic.co, the company behind Elasticsearch. It is a commercial product (on first installation a 30 day trial license is installed) and offers many more possibilities than just securing your Elasticsearch cluster, including monitoring, reporting and alerting. Support is available in syslog-ng for Elasticsearch versions 2.X since version 3.7.

SearchGuard is developed by floragunn. It is a plugin for Elasticsearch offering encryption and authentication. All basic security features are open source and are available for free, enterprise features are available for a fee. Support is available in syslog-ng since version 3.9.1 when using the native Elasticsearch transport protocol. The SearchGuard component utilized by syslog-ng does not require a commercial license.

Right now the HTTP client in syslog-ng does not support encrypted (HTTPS) connections. Proof-of-concept-level code is already available by Fabien Wernli (also known as Faxm0dem) on GitHub, hopefully it will be ready for general use soon.

As you can see, syslog-ng provides many different ways to connect securely to your Elasticsearch cluster. If you have not secured it yet and want to avoid paying a ransom, secure it now!

The post Secure your Elasticsearch cluster and avoid ransomware appeared first on Balabit Blog.


Source From: fedoraplanet.org.
Original article title: Peter Czanik: Secure your Elasticsearch cluster and avoid ransomware.
This full article can be read at: Peter Czanik: Secure your Elasticsearch cluster and avoid ransomware.

Advertisement


Random Article You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*