Jack, I updated my document with all the security gaps I was able to find and posted it there: https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing
Thanks, Oleg On Thu, Feb 11, 2016 at 4:09 PM, oleg yusim <olegyu...@gmail.com> wrote: > Jack, > > I asked my management, if I can share with community my assessment > spreadsheet (whole thing, with gaps and desired configurations). Let's wait > for their answer. I would definitely update the document I shared with the > rest of gaps, so you, guys, would have it for sure. > > Now, in case if my management would say no: > > 1) Here: http://iase.disa.mil/stigs/Pages/a-z.aspx the document titled > vRealize Operations STIG would be published. As part of it, there would be > Cassandra STIG (Cassadra is part of vRealize Operations VMware product). > This STIG would contain only suggestions on right (from the security point > of view) configuration, where it can be configured. > 2) Community would have a full list of gaps (things which are needed, but > can't be configured) after I would update my document > 3) The rest of the assessment are Not Applicable and Applicable - > Inherently Meet items, which nobody is interested at. > 4) Also, when STIG for vRealize Operations would be published, look at the > VMware site for Security Guidelines for vRealize Operations. They would be > posted open to public and you would be able to download them free of > charge. Those would include mitigation, which VMware implemented for some > of the Cassandra gaps. > > Thanks, > > Oleg > > On Thu, Feb 11, 2016 at 2:55 PM, Jack Krupansky <jack.krupan...@gmail.com> > wrote: > >> Thanks for putting the items together in a list. This allows people to >> see things with more context. Give people in the user community a little >> time to respond. A week, maybe. Hopefully some of the senior Cassandra >> committers will take a look as well. >> >> Will the final assessment become a public document or is it strictly >> internal for your employer? I know there is a database of these >> assessments, but I don't know who controls what becomes public and when. >> >> -- Jack Krupansky >> >> On Thu, Feb 11, 2016 at 3:23 PM, oleg yusim <olegyu...@gmail.com> wrote: >> >>> Hi Dani, >>> >>> As promised, I sort of put all my questions under the "one roof". I >>> would really appreciate you opinion on them. >>> >>> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM >>> >>> Thanks, >>> >>> Oleg >>> >>> On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen < >>> dani.trapha...@datastax.com> wrote: >>> >>>> Hi Oleg, >>>> >>>> Thanks that helped clear things up! This sounds like a daunting task. I >>>> wish you all the best with it. >>>> >>>> Cheers, >>>> Dani >>>> >>>> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim <olegyu...@gmail.com> >>>> wrote: >>>> >>>>> Dani, >>>>> >>>>> I really appreciate you response. Actually, session timeouts and >>>>> security labels are two different topics (first is about attack when >>>>> somebody opened, say, ssh window to DB, left his machine unattended and >>>>> somebody else stole his session, second - to enable DB to support what >>>>> called MAC access model - stays for mandatory access control. It is widely >>>>> used in the government and military, but not outside of it, we all are >>>>> used >>>>> to DAC access control model). However, I think you are right and I should >>>>> move all my queries under the one big roof and call this thread >>>>> "Security". >>>>> I will do this today. >>>>> >>>>> Now, about what you have said, I just answered the same to Jon, in >>>>> Session Timeout thread, but would quickly re-cap here. I understand that >>>>> Cassandra's architecture was aimed and tailored for completely different >>>>> type of scenario. However, unfortunately, that doesn't mean that Cassandra >>>>> is not vulnerable to the same very set of attacks relational database >>>>> would >>>>> be vulnerable to. It just means Cassandra is not protected against those >>>>> attacks, because protection against them was not thought of, when database >>>>> was created. I already gave the AAA and session's timeout example in Jon's >>>>> thread, and those are just one of many. >>>>> >>>>> Now what I'm trying to do, I'm trying to create a STIG - security >>>>> federal compliance document, which will assess Cassandra against SRG >>>>> concepts (security federal compliance recommendations for databases >>>>> overall) and will highlight what is not met, and can't be in current >>>>> design >>>>> (i.e. what system architects should keep in mind and what they need to >>>>> compensate for with other controls on different layers of system model) >>>>> and >>>>> what can be met either with configuration or with little enhancement (and >>>>> how). >>>>> >>>>> That document would be of great help for Cassandra as a product >>>>> because it would allow it to be marketed as a product with existing >>>>> security assessment and guidelines, performed according to DoD standards. >>>>> It would also allow to move product in the general direction of improving >>>>> its security posture. Finally, the document would be posted on DISA site ( >>>>> http://iase.disa.mil/stigs/Pages/a-z.aspx) available for every >>>>> security architect to utilize, which would greatly reduce the risk for >>>>> Cassandra product to be hacked in a field. >>>>> >>>>> To clear things out - what I ask about are not my expectations. I >>>>> really do not expect developers of Cassandra to run and start implementing >>>>> security labels, just because I asked about it. :) My questions are to >>>>> build my internal knowledge of DB current design, so that I can build my >>>>> security assessment based of it, not more, not less. >>>>> >>>>> I guess, summarizing what I said on top, from what I'm doing Cassandra >>>>> as a product would end up benefiting quite a bit. That is why I think it >>>>> would make sense for Cassandra community to help me with my questions even >>>>> if they sound completely of the traditional "grid". >>>>> >>>>> Thanks again, I really appreciate your response and conversation >>>>> overall. >>>>> >>>>> Oleg >>>>> >>>>> On Fri, Jan 29, 2016 at 11:20 AM, Dani Traphagen < >>>>> dani.trapha...@datastax.com> wrote: >>>>> >>>>>> Also -- it looks like you're really asking questions about session >>>>>> timeouts and security labels as they associate, would be more helpful to >>>>>> keep in one thread. :) >>>>>> >>>>>> >>>>>> On Friday, January 29, 2016, Dani Traphagen < >>>>>> dani.trapha...@datastax.com> wrote: >>>>>> >>>>>>> Hi Oleg, >>>>>>> >>>>>>> I understand your frustration but unfortunately, in the terms of >>>>>>> your security assessment, you have fallen into a mismatch for >>>>>>> Cassandra's >>>>>>> utility. >>>>>>> >>>>>>> The eventuality of having multiple sockets open without the query >>>>>>> input for long durations of time isn't something that was >>>>>>> architected...because...Cassnadra was built to take massive quantities >>>>>>> of queries both in volume and velocity. >>>>>>> >>>>>>> Your expectation of the database isn't in line with how our why it >>>>>>> was designed. Generally, security solutions are architected >>>>>>> around Cassandra, baked into the data model, many solutions >>>>>>> are home-brewed, written into the application or provided by using >>>>>>> another >>>>>>> security client. >>>>>>> >>>>>>> DSE has different security aspects rolling out in the next release >>>>>>> as addressed earlier by Jack, like commit log and hint encryptions, as >>>>>>> well >>>>>>> as, unified authentication...but secuirty labels aren't on anyone's >>>>>>> radar >>>>>>> as a pressing "need." It's not something I've heard about as a >>>>>>> priority before anyway. >>>>>>> >>>>>>> Hope this helps! >>>>>>> >>>>>>> Cheers, >>>>>>> Dani >>>>>>> >>>>>>> On Friday, January 29, 2016, oleg yusim <olegyu...@gmail.com> wrote: >>>>>>> >>>>>>>> Jack, >>>>>>>> >>>>>>>> Thanks for your suggestion. I'm familiar with Cassandra >>>>>>>> documentation, and I'm aware of differences between DSE and Cassandra. >>>>>>>> >>>>>>>> Questions I ask here are those, I found no mention about in >>>>>>>> documentation. Let's take security labels for instance. Cassandra >>>>>>>> documentation is completely silent on this regard and so is Google. I >>>>>>>> assume, based on it, Cassandra doesn't support it. But I can't create >>>>>>>> federal compliance security document for Cassandra basing it of my >>>>>>>> assumptions and lack of information solely. That is where my questions >>>>>>>> stem >>>>>>>> from. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Oleg >>>>>>>> >>>>>>>> On Fri, Jan 29, 2016 at 10:17 AM, Jack Krupansky < >>>>>>>> jack.krupan...@gmail.com> wrote: >>>>>>>> >>>>>>>>> To answer any future questions along these same lines, I suggest >>>>>>>>> that you start by simply searching the doc and search the github repo >>>>>>>>> for >>>>>>>>> the source code for the relevant keywords. That will give you the >>>>>>>>> definitive answers quickly. If something is missing, feel free to >>>>>>>>> propose >>>>>>>>> that it be added (if you really need it). And feel free to confirm >>>>>>>>> here if >>>>>>>>> a quick search doesn't give you a solid answer. >>>>>>>>> >>>>>>>>> Here's the root page for security in the Cassandra doc: >>>>>>>>> >>>>>>>>> https://docs.datastax.com/en/cassandra/3.x/cassandra/configuration/secureTOC.html >>>>>>>>> >>>>>>>>> Also note that on questions of security, DataStax Enterprise may >>>>>>>>> have different answers than pure open source Cassandra. >>>>>>>>> >>>>>>>>> -- Jack Krupansky >>>>>>>>> >>>>>>>>> On Thu, Jan 28, 2016 at 8:37 PM, oleg yusim <olegyu...@gmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Patrick, >>>>>>>>>> >>>>>>>>>> Absolutely. Security label is mechanism of access control, >>>>>>>>>> utilized by MAC (mandatory access control) model, and not utilized >>>>>>>>>> by DAC >>>>>>>>>> (discretionary access control) model, we all are used to. In database >>>>>>>>>> content it is illustrated for instance here: >>>>>>>>>> http://www.postgresql.org/docs/current/static/sql-security-label.html >>>>>>>>>> >>>>>>>>>> Now, as per my goals, I'm making a security assessment for >>>>>>>>>> Cassandra DB with a goal to produce STIG on this product. That is >>>>>>>>>> one of >>>>>>>>>> the parameters in database SRG I have to assess against. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> >>>>>>>>>> Oleg >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, Jan 28, 2016 at 6:32 PM, Patrick McFadin < >>>>>>>>>> pmcfa...@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> Cassandra has support for authentication security, but I'm not >>>>>>>>>>> familiar with a security label. Can you describe what you want to >>>>>>>>>>> do? >>>>>>>>>>> >>>>>>>>>>> Patrick >>>>>>>>>>> >>>>>>>>>>> On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegyu...@gmail.com >>>>>>>>>>> > wrote: >>>>>>>>>>> >>>>>>>>>>>> Greetings, >>>>>>>>>>>> >>>>>>>>>>>> Does Cassandra support security label concept? If so, where can >>>>>>>>>>>> I read on how it should be applied? >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> >>>>>>>>>>>> Oleg >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Sent from mobile -- apologizes for brevity or errors. >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Sent from mobile -- apologizes for brevity or errors. >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> [image: datastax_logo.png] <http://www.datastax.com/> >>>> >>>> DANI TRAPHAGEN >>>> >>>> Technical Enablement Lead | dani.trapha...@datastax.com >>>> >>>> [image: twitter.png] <https://twitter.com/dtrapezoid> [image: >>>> linkedin.png] <https://www.linkedin.com/pub/dani-traphagen/31/93b/b85> >>>> <https://github.com/dtrapezoid> >>>> >>> >>> >> >
