2018-05-14 18:35:02 -04:00
|
|
|
[role="xpack"]
|
2017-04-06 21:29:29 -04:00
|
|
|
[[encrypting-communications]]
|
2018-05-14 18:35:02 -04:00
|
|
|
== Encrypting communications
|
2017-04-06 21:29:29 -04:00
|
|
|
|
|
|
|
Elasticsearch nodes store data that may be confidential. Attacks on the data may
|
|
|
|
come from the network. These attacks could include sniffing of the data,
|
|
|
|
manipulation of the data, and attempts to gain access to the server and thus the
|
2019-05-20 09:06:42 -04:00
|
|
|
files storing the data. Securing your nodes helps reduce the risk from
|
2018-12-19 17:53:37 -05:00
|
|
|
network-based attacks.
|
2017-04-06 21:29:29 -04:00
|
|
|
|
|
|
|
This section shows how to:
|
|
|
|
|
|
|
|
* Encrypt traffic to, from and within an Elasticsearch cluster using SSL/TLS,
|
|
|
|
* Require nodes to authenticate as they join the cluster using SSL certificates, and
|
|
|
|
* Make it more difficult for remote attackers to issue any commands to Elasticsearch.
|
|
|
|
|
|
|
|
The authentication of new nodes helps prevent a rogue node from joining the
|
|
|
|
cluster and receiving data through replication.
|
|
|
|
|
2018-09-13 13:42:26 -04:00
|
|
|
include::{es-repo-dir}/security/securing-communications/setting-up-ssl.asciidoc[]
|
2017-04-06 21:29:29 -04:00
|
|
|
|
2018-01-12 14:35:16 -05:00
|
|
|
[[ciphers]]
|
2018-05-14 18:35:02 -04:00
|
|
|
=== Enabling cipher suites for stronger encryption
|
2018-01-12 14:35:16 -05:00
|
|
|
|
|
|
|
See {ref}/ciphers.html[Enabling Cipher Suites for Stronger Encryption].
|
|
|
|
|
|
|
|
[[separating-node-client-traffic]]
|
|
|
|
=== Separating node-to-node and client traffic
|
|
|
|
|
|
|
|
See {ref}/separating-node-client-traffic.html[Separating node-to-node and client traffic].
|