Shulou(Shulou.com)06/01 Report--

How to conduct CDP DC security analysis, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

01

-

Overview of Cloudera Security

As a system designed to support large amounts and types of data, Cloudera clusters must meet the growing security requirements put forward by regulators, governments, industries, and the public. Cloudera clusters contain Hadoop core and ecosystem components, all of which must be protected from threats to ensure the confidentiality, integrity, and availability of all cluster services and data.

02

-

Safety requirements

The objectives of the data management system (such as confidentiality, integrity, and availability) require the protection of the system in multiple dimensions. These characteristics can be characterized according to overall operational objectives and technical concepts, as shown in the following figure:

Perimeter visiting clusters must be protected from threats from internal and external networks as well as from various roles. For example, network isolation can be provided through the correct configuration of firewalls, routers, subnets, and the correct use of public and private IP addresses. The authentication mechanism ensures that people, processes, and applications correctly obtain the identity of the cluster and prove their identity before gaining access to the cluster.

Data must always protect data in the cluster from unauthorized exposure. Similarly, communication between nodes in the cluster must be protected. The encryption mechanism ensures that even if the bad actor intercepts the network packet or physically removes the hard drive from the system, its contents are not available.

Access must be explicitly granted access to any specific service or data item in the cluster. The authorization mechanism ensures that after users authenticate to the cluster, they can only see the data and use processes that have been granted specific permissions.

Visibility means that the history of data changes is transparent and meets data governance policies. The audit mechanism ensures that all operations on the data and its inheritance (sources, changes over time, etc.) are recorded when they occur.

Ensuring cluster security to achieve specific organizational goals involves the use of the security features inherent in the Hadoop ecosystem and the use of external security infrastructure. Various security mechanisms can be applied in a certain range.

03

-

Safety level

The following figure shows the range of security levels that can be implemented for a Cloudera cluster, from non-secure (0) to the most secure (3). As the sensitivity and amount of data on the cluster increases, so should the level of security selected for the cluster.

With level 3 security, your Cloudera cluster can fully comply with various industry and regulatory requirements and can be audited if necessary. The following table describes these levels in more detail:

Level

Safety

Characteristics

0

Unsafe

No security is configured. Non-secure clusters should never be used in a production environment because they are vulnerable to any and all attacks and exploits.

1

Minimum

Configuration for authentication, authorization, and auditing. First configure authentication to ensure that users and services can access the cluster only after they have proved their identity. Next, the authorization mechanism is applied to assign privileges to users and user groups. The audit process tracks who visits the cluster (and how).

two

More

Sensitive data is encrypted. The key management system processes the encryption key. Auditing has been set up for the data in the meta store. Regularly check and update system metadata. Ideally, a cluster has been set up so that you can track the inheritance of any data object (data management).

three

The safest

Secure Enterprise data Center (EDH) is an enterprise in which all data, including static data and data in transit, is encrypted and the key management system is fault-tolerant. The audit mechanism complies with industry, government and regulatory standards (such as PCI,HIPAA and NIST) and extends from EDH to other systems integrated with it. The cluster administrator is trained, the security procedures are certified by experts, and the cluster can pass the technical review.

04

-

Hadoop security architecture

The following figure is an example of some of the many working components in a production Cloudera enterprise cluster. The figure highlights the need to protect the security of clusters that may consume data from internal and external data feeds and that may consume data across multiple data centers. To secure the cluster, you need to apply authentication and access controls in all many internal and internal connections, as well as in all users who want to query, run jobs, and even view data saved in the cluster.

External data streams are authenticated through mechanisms that apply to Flume and Kafka. Use Sqoop to extract data from the old database. Data scientists and BI analysts can use interfaces such as Hue to process data on Impala or Hive to create and submit jobs. You can use Kerberos authentication to protect all of these interactions.

Encryption can be applied to data at rest using transparent HDFS encryption and an enterprise-class key trustee server. Cloudera also recommends using Navigator Encrypt to protect data and any log files or overflows on the cluster associated with Cloudera Manager,Cloudera Navigator,Hive and HBase meta storage.

Authorization policies can be enforced using Sentry (for services such as Hive,Impala and Search) and HDFS access control lists.

You can use Cloudera Navigator to provide auditing capabilities.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.