2015-07-13 06:31:34 -04:00
|
|
|
[[introduction]]
|
|
|
|
== Introduction
|
|
|
|
|
|
|
|
This document discusses securing your Elasticsearch deployment, from initial installation to configuration.
|
|
|
|
|
|
|
|
[float]
|
|
|
|
=== Why Security?
|
|
|
|
|
|
|
|
An Elasticsearch cluster benefits from properly implemented security in the following ways:
|
|
|
|
|
|
|
|
* <<roles,Role-based>> access control at the index level and <<ldap,LDAP>> authentication integration to _prevent
|
|
|
|
unauthorized access_
|
|
|
|
* <<ssl-tls,Encryption>> to _preserve the integrity of your data_, keeping confidential data confidential.
|
2015-07-15 13:02:11 -04:00
|
|
|
* An _<<configuring-auditing,Audit>> trail_ to analyze access patterns.
|
2015-07-13 06:31:34 -04:00
|
|
|
|
|
|
|
[float]
|
|
|
|
==== Prevent Unauthorized Access
|
|
|
|
|
|
|
|
The term 'unauthorized access' properly covers two distinct security concepts: _Authentication_ and _Authorization_.
|
|
|
|
Authentication validates that a user is who they claim to be. A proper authentication setup enforces that only the
|
|
|
|
person named, for example, Kelsey Andorra can authenticate to Elasticsearch as the user `kandorra`. Shield ships with
|
|
|
|
out-of-the-box internal authentication mechanism and also integrates with LDAP and the Active Directory to provide
|
|
|
|
user authentication. Authorization enforces a set of privileges that are available to a specific user. To continue the
|
|
|
|
example, an authorization framework enforces that the user `kandorra` has the ability to perform specific actions on the
|
|
|
|
Elasticsearch cluster. These specific actions are called _privileges_. See the <<reference,Reference>> section for a
|
|
|
|
complete list of privileges. Privileges are bundled into sets, and a set of privileges is called a _role_.
|
|
|
|
Shield also provides for authorization based on the client's IP address. You may whitelist and blacklist subnets to
|
|
|
|
control network-level access to a server.
|
|
|
|
|
|
|
|
[float]
|
|
|
|
==== Preserve Data Integrity
|
|
|
|
|
|
|
|
A standard Elasticsearch cluster provides functionality that provides redundancy to protect against _accidental_ data
|
|
|
|
loss and corruption. By providing <<ssl-tls,_encryption_>> for data that is being transmitted from node to node within
|
|
|
|
the cluster, Elasticsearch security protects data from _deliberate_ tampering or unauthorized access.
|
|
|
|
|
|
|
|
[float]
|
|
|
|
==== Provides an Audit Trail
|
|
|
|
|
|
|
|
Knowing who requested which actions on your data, and when, is an important part of security. Keeping an auditable log
|
|
|
|
of the activity in your cluster can not only help diagnose performance issues, but provide insight into attacks and
|
|
|
|
attempted breaches.
|
|
|
|
|
|
|
|
[float]
|
|
|
|
=== Security as a Plugin
|
|
|
|
|
|
|
|
Security features for Elasticsearch are implemented in a plugin that you <<getting-started,install>> on each node in
|
|
|
|
your cluster.
|
|
|
|
|
|
|
|
[float]
|
|
|
|
=== What's In This Document
|
|
|
|
|
|
|
|
The information in this document covers the following broad categories:
|
|
|
|
|
|
|
|
* To learn about the architecture of the Elasticsearch security plugin and how the various elements of security
|
2015-07-15 13:02:11 -04:00
|
|
|
interact, see <<how-shield-works, How Shield Works>>.
|
2015-07-13 06:31:34 -04:00
|
|
|
* To get started with Elasticsearch security, from installation to initial configuration, see the
|
|
|
|
<<getting-started,Getting Started>> section.
|
|
|
|
* To answer specific questions about configuration elements and privileges in Elasticsearch security, see the
|
|
|
|
<<reference,Reference>> section.
|