Re: Security assessment of Cassandra

Greetings, Matt brought to my attention that I shared the document at "view only" mode. My apologies for that. I corrected permissions and shared the document personally with everybody, who indicated he/she would review it. Thanks, Oleg On Fri, Feb 12, 2016 at 10:33 PM, oleg yus

Re: Security labels

Jack, I updated my document with all the security gaps I was able to find and posted it there: https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing Thanks, Oleg On Thu, Feb 11, 2016 at 4:09 PM, oleg yusim <olegyu...@gmail.com> wrote: > Ja

Re: Security assessment of Cassandra

-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing Thanks, Oleg On Thu, Feb 11, 2016 at 2:29 PM, oleg yusim <olegyu...@gmail.com> wrote: > Greetings, > > Performing security assessment of Cassandra with the goal of generating > STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx)

Re: Session timeout

/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing Thanks, Oleg On Thu, Feb 11, 2016 at 3:52 PM, oleg yusim <olegyu...@gmail.com> wrote: > Jack, > > This document doesn't cover all the areas where user will need to get > engaged in explicit mitigation, it only cove

Re: Security labels

t; wrote: > ​Hi Oleg, > > Thanks that helped clear things up! This sounds like a daunting task. I > wish you all the best with it. > > Cheers, > Dani​ > > On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim <olegyu...@gmail.com> wrote: > >> Dani, >> >> I r

Re: Session timeout

Robert, Jack, Bryan, As you suggested, I put together document, titled Cassandra_Security_Topics_to_Discuss, put it on Google Drive and shared it with everybody on this list. The document contains list of questions I have on Cassandra, my take on it, and has a place for notes Community would like

Security assessment of Cassandra

Greetings, Performing security assessment of Cassandra with the goal of generating STIG for Cassandra (iase.disa.mil/stigs/Pages/a-z.aspx) I ran across some questions regarding the way certain security features are implemented (or not) in Cassandra. I composed the list of questions on these

Re: Security labels

Thanks Dani. Oleg On Thu, Feb 11, 2016 at 2:27 PM, Dani Traphagen <dani.trapha...@datastax.com > wrote: > Hi Oleg, > > I'm happy to take a look. Will update after review. > > Thanks, > Dani > > On Thu, Feb 11, 2016 at 12:23 PM, oleg yusim <olegyu.

Re: Session timeout

t will probably be good to have > doc to highlight areas where users will need to engage in explicit > mitigation efforts if their infrastructure does not implicitly effect > mitigation for various security exposures. > > -- Jack Krupansky > > On Thu, Feb 11, 2016 at 3:21 PM, ol

Re: Security labels

o controls what becomes public and when. > > -- Jack Krupansky > > On Thu, Feb 11, 2016 at 3:23 PM, oleg yusim <olegyu...@gmail.com> wrote: > >> Hi Dani, >> >> As promised, I sort of put all my questions under the "one roof". I would &

Re: Session timeout

. Both of > those companies will probably answer some of your questions for free if you > post on these mailing lists. They’ll likely answer even more if you pay > them. > > > > From: oleg yusim > Reply-To: "user@cassandra.apache.org" > Date: Friday, January 29,

Extensions

Greetings, Is it a way to find out (list or otherwise) if any extensions were installed with Cassandra base package? Thanks, Oleg

Re: Session timeout

<https://twitter.com/calonso> > > On 29 January 2016 at 13:15, oleg yusim <olegyu...@gmail.com> wrote: > >> Hi Carlos, >> >> Thanks for your anwer. Can you, please, get me a bit me information? What >> is the driver? JDBC? What is the name of configuration fi

Re: Session timeout

t session timeout due to > inactivity... > > Not sure there's such option. Sorry > > Carlos Alonso | Software Engineer | @calonso <https://twitter.com/calonso> > > On 29 January 2016 at 13:35, oleg yusim <olegyu...@gmail.com> wrote: > >> Carlos, >> >>

Re: Session timeout

tin the timeout configurable functionality. > > Hope it helps. > > Carlos Alonso | Software Engineer | @calonso <https://twitter.com/calonso> > > On 28 January 2016 at 22:18, oleg yusim <olegyu...@gmail.com> wrote: > >> Greetings, >> >> Does Cassandra supp

Re: Session timeout

so | Software Engineer | @calonso <https://twitter.com/calonso> > > On 29 January 2016 at 14:19, oleg yusim <olegyu...@gmail.com> wrote: > >> Not a problem, Carlos, at least you tried :) I have overall a big problem >> with my queries to Cassandra community. Most of th

Re: Security labels

assandra/3.x/cassandra/configuration/secureTOC.html > > Also note that on questions of security, DataStax Enterprise may have > different answers than pure open source Cassandra. > > -- Jack Krupansky > > On Thu, Jan 28, 2016 at 8:37 PM, oleg yusim <olegyu...@gmail.com> wro

Re: Session timeout

and obvious, but you're > asking about areas that *most* people on this list don't have knowledge > about and zero motivation to learn, because it's not necessary to solve the > problems we face. > > > On Fri, Jan 29, 2016 at 6:19 AM oleg yusim <olegyu...@gmail.com> wro

Re: Security labels

>> >> DSE has different security aspects rolling out in the next release >> as addressed earlier by Jack, like commit log and hint encryptions, as well >> as, unified authentication...but secuirty labels aren't on anyone's radar >> as a pressing "need." It's no

Re: Session timeout

irm that you > did not find something in the doc. > > -- Jack Krupansky > > On Fri, Jan 29, 2016 at 5:02 PM, oleg yusim <olegyu...@gmail.com> wrote: > >> Jack, >> >> Appreciate the links. As I mentioned, I looked over both DSE and >> Cassandra sets of d

Re: Security labels

Thanks Dani! Oleg On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen <dani.trapha...@datastax.com > wrote: > ​Hi Oleg, > > Thanks that helped clear things up! This sounds like a daunting task. I > wish you all the best with it. > > Cheers, > Dani​ > > On Fri, Jan

Re: Session timeout

it probably isn't in the software. > > In general, if you see a feature in DSE, just do a keyword search in the > Cassandra doc to see if it is supported outside of DSE. > > -- Jack Krupansky > > On Fri, Jan 29, 2016 at 4:23 PM, oleg yusim <olegyu...@gmail.com> wrote:

Re: Session timeout

? > > The cassandra-user and cassandra-dev mailing lists are the primary sources > of knowledge outside of support contracts. For paid support, companies like > Datastax and The Last Pickle tend to be well respected options. Both of > those companies will probably answer some of your q

Re: Session timeout

ntrols. Thanks, Oleg On Fri, Jan 29, 2016 at 1:10 PM, Alex Popescu <al...@datastax.com> wrote: > > On Fri, Jan 29, 2016 at 8:17 AM, oleg yusim <olegyu...@gmail.com> wrote: > >> Thanks for encouraging me, I kind of grew a bit desperate. I'm security >> person, not

Session timeout

Greetings, Does Cassandra support session timeout? If so, where can I find this configuration switch? If not, what kind of hook I can use to write my out code, terminating session in so many seconds of inactivity? Thanks, Oleg

Security labels

Greetings, Does Cassandra support security label concept? If so, where can I read on how it should be applied? Thanks, Oleg

Re: Security labels

cfa...@gmail.com> wrote: > Cassandra has support for authentication security, but I'm not familiar > with a security label. Can you describe what you want to do? > > Patrick > > On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegyu...@gmail.com> wrote: > >> Greetings, >

Logging connect/disconnect

Greetings, What is the right way to configure Cassandra logging, so it would log all the connects and disconnects? Thanks, Oleg

Re: Logging

Sam, Paulo, One more question on logging. Can I add IP and hostname to the log message? If it is possible, can you give me example of how I would need to change %-5level %date{HH:mm:ss,SSS} %msg%n to add this information? Thanks, Oleg On Tue, Jan 26, 2016 at 4:42 PM, oleg yusim <ole

Logging configuration (security)

Greetings, I decided to put together a separate thread with logging configuration questions I have (I'm trying to figure out what from security best practices on logging Cassandra can and can't do): 1) Can Cassandra log IP and hostname of the host, DB resides at? 2) Can Cassandra log IP and

Re: Logging

ds, cleanup), which can become quite messy as shown in CASSANDRA-7276. >> >> For CQL statements perhaps the query tracing infrastructure could be >> reused to provide that info, but that would require further investigation. >> See CASSANDRA-1123 for more details on that. >&g

Re: Logging

, Jan 21, 2016 at 2:57 PM, oleg yusim <olegyu...@gmail.com> wrote: > Joel, > > Thanks for reference. What I'm trying to achieve, is to add the name of > the user, who initiated logged action. I tried c{5}, but what I see is that; > > TRACE [GossipTasks:1] c{5} 2016-01-21 20

Re: Logging

o patch executors to > inherit identifiers from parent threads and cleanup afterwards. See > CASSANDRA-7276 for more background. > > 2016-01-25 12:09 GMT-03:00 oleg yusim <olegyu...@gmail.com>: > >> I want to try to re-phrase my question here... what I'm trying to ach

Re: Logging

anual/layouts.html#conversionWord > > > On Thu, Jan 21, 2016 at 1:21 PM, oleg yusim <olegyu...@gmail.com> wrote: > >> Greetings, >> >> Guys, can you, please, point me to documentation on how to configure >> format of logs? I want make it clear, I'm talking

Encryption in cassandra

Greetings, Guys, can you please help me to understand following: I'm reading through the way keystore and truststore are implemented, and it is all fine and great, but at the end Cassandra documentation instructing to extract all the keystore content and leave all certs and keys in a clear. Do

Re: Encryption in cassandra

- Jack Krupansky > > On Thu, Jan 14, 2016 at 5:16 PM, oleg yusim <olegyu...@gmail.com> wrote: > >> Greetings, >> >> Guys, can you please help me to understand following: >> >> I'm reading through the way keystore and truststore are implemented,

Re: Encryption in cassandra

from my mobile > Daemeon C.M. Reiydelle > USA 415.501.0198 > London +44.0.20.8144.9872 > On Jan 14, 2016 5:16 PM, "oleg yusim" <olegyu...@gmail.com> wrote: > >> Greetings, >> >> Guys, can you please help me to understand following: >>

Re: Encryption in cassandra

andra, not system) security is here: > > https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureIntro.html > > > > -- Jack Krupansky > > On Thu, Jan 14, 2016 at 5:49 PM, oleg yusim <olegyu...@gmail.com> wrote: > >> Jack, >> >> Tha

Re: max connection per user

, 2016 at 9:04 PM, oleg yusim <olegyu...@gmail.com> wrote: > Brian - absolutely. > > To give you are brief description of what I'm doing. I'm working for > VMware as security architect, and they tasked me with creating a STIG > (working with DISA ) for Cassandra DB. To creat

max connection per user

Greetings, Quick question, here: does Cassandra have a configuration switch to limit number of connections per user (protection of DoS attack, security)? Thanks, Oleg

Re: max connection per user

, but what be suggested value not to exceed? Thanks, Oleg On Wed, Jan 13, 2016 at 6:31 PM, Robert Coli <rc...@eventbrite.com> wrote: > On Wed, Jan 13, 2016 at 1:41 PM, oleg yusim <olegyu...@gmail.com> wrote: > >> Quick question, here: does Cassandra have a configuration s

Re: max connection per user

describe what avenues you're expecting either intrusion or DOS? > > On Wed, Jan 13, 2016 at 6:01 PM, oleg yusim <olegyu...@gmail.com> wrote: > >> OK Rob, I see what you saying. Well, let's dive into the long questions >> and answers at this case a bit: >> >> 1)