Hurry! 20% Off Ends SoonRegister Now

Apache Cassandra Data Security Management

Certain security features are built into Apache Cassandra. We'll go over how to secure and manage an Apache Cassandra cluster, as well as tasks like authentication, encryption, and auditing.

Security Management

In all the NOSQL DATABASES, Security has been a weak point. No NoSQL database provides complete security.

After recognizing this weak point in Cassandra and due to very high demands from customers and the open source community, Apache Cassandra and Datastax enterprise decided to provides a security feature in Apache Cassandra and DATASTAX enterprise.

Enthusiastic about exploring the skill set of Cassandra? Then, have a look at the Cassandra Training Course together additional knowledge.

Authentication

Cassandra supports internal-based authentication that allows you to easily create users who can be authenticated to Cassandra database clusters. You’ll find the authentication framework extremely familiar – it uses the RDBMS-style CREATE/ALTER/DROP USER commands to create/manage with passwords that will then be internally handled by Cassandra. A default superuser, ‘cassandra’, is supplied by default to initially enable the security authentication definition process.

You can also use external, 3rd party security packages like Kerberos to manage security in DataStax Enterprise.

Permission Management

Object permission/authorization capabilities for Cassandra utilize the very familiar GRANT/REVOKE security paradigm – something you should have no problem using as a DBA. Control over DDL, DML, and SELECT operations are all handled via the granting and revoking of user privileges.

Note that a GRANT may be done with or without the GRANT OPTION, which allows the user receiving the grant to grant the same privileges on that object to other users just as it occurs in the RDBMS world.

MindMajix Youtube Channel

Encryption

There are multiple levels of encryption offered in both Cassandra and DataStax Enterprise that you can use to protect data. First, Cassandra includes an optional encrypted form of communication from a client machine to a database cluster. Client to server SSL ensures data in flight is not compromised and is securely transferred back/forth from client machines.

Frequently asked Cassandra Interview Questions & Answers

Next, node-to-node encryption can be used as well to ensure data is protected as it is transferred between nodes in a database cluster.

Lastly, transparent data encryption (TDE) in DataStax Enterprise protects data at rest from being stolen and used in an unauthorized manner. You can encrypt tables with AES 128 being the default, although other encryption algorithms can be used.

Encryption is transparent to all end user activities; data may be read, inserted, updated, etc., with nothing having to change on the application end.

Data Auditing

DataStax Enterprise 3.0 and above supports the ability to perform data auditing on a database cluster. Data auditing allows an administrator to understand “who looked at what/when” and “who changed what/when”. It basically enables the logging of some or all the user activity that occurs on a database.

Many businesses and organizations today have either external mandates or internal security policies that require the auditing of user actions on a database, so having a built-in way to accomplish this with DataStax Enterprise is helpful to administrators in such environments.

The granularity of activities that can be audited include:

  • All activity (DDL, DML, queries, errors)
  • DML only
  • DDL only
  • Security changes (assigning/revoking privileges, dropping users, etc.)
  • Queries only
  • Errors only (e.g. login failures, etc.)

You can also omit certain key spaces from being audited if you choose and only focus on keyspaces in production or those that are of particular interest. Audit data can be written to log files or Cassandra tables and queried via CQL.

 

Explore Cassandra Sample Resumes! Download & Edit, Get Noticed by Top Employers!Download Now!

 

Job Support Program

Online Work Support for your on-job roles.

jobservice

Our work-support plans provide precise options as per your project tasks. Whether you are a newbie or an experienced professional seeking assistance in completing project tasks, we are here with the following plans to meet your custom needs:

  • Pay Per Hour
  • Pay Per Week
  • Monthly
Learn MoreGet Job Support
Course Schedule
NameDates
Cassandra TrainingDec 24 to Jan 08View Details
Cassandra TrainingDec 28 to Jan 12View Details
Cassandra TrainingDec 31 to Jan 15View Details
Cassandra TrainingJan 04 to Jan 19View Details
Last updated: 04 Apr 2023
About Author

Ravindra Savaram is a Technical Lead at Mindmajix.com. His passion lies in writing articles on the most popular IT platforms including Machine learning, DevOps, Data Science, Artificial Intelligence, RPA, Deep Learning, and so on. You can stay up to date on all these technologies by following him on LinkedIn and Twitter.

read less