OpenSearch/shield/docs/public/introduction.asciidoc

60 lines
3.0 KiB
Plaintext
Raw Normal View History

[[introduction]]
== Introduction
This document discusses securing your Elasticsearch deployment, from initial installation to configuration.
[float]
=== Why Security?
An Elasticsearch cluster benefits from properly implemented security in the following ways:
* <<roles,Role-based>> access control at the index level and <<ldap,LDAP>> authentication integration to _prevent
unauthorized access_
* <<ssl-tls,Encryption>> to _preserve the integrity of your data_, keeping confidential data confidential.
* An _<<configuring-auditing,Audit>> trail_ to analyze access patterns.
[float]
==== Prevent Unauthorized Access
The term 'unauthorized access' properly covers two distinct security concepts: _Authentication_ and _Authorization_.
Authentication validates that a user is who they claim to be. A proper authentication setup enforces that only the
person named, for example, Kelsey Andorra can authenticate to Elasticsearch as the user `kandorra`. Shield ships with
out-of-the-box internal authentication mechanism and also integrates with LDAP and the Active Directory to provide
user authentication. Authorization enforces a set of privileges that are available to a specific user. To continue the
example, an authorization framework enforces that the user `kandorra` has the ability to perform specific actions on the
Elasticsearch cluster. These specific actions are called _privileges_. See the <<reference,Reference>> section for a
complete list of privileges. Privileges are bundled into sets, and a set of privileges is called a _role_.
Shield also provides for authorization based on the client's IP address. You may whitelist and blacklist subnets to
control network-level access to a server.
[float]
==== Preserve Data Integrity
A standard Elasticsearch cluster provides functionality that provides redundancy to protect against _accidental_ data
loss and corruption. By providing <<ssl-tls,_encryption_>> for data that is being transmitted from node to node within
the cluster, Elasticsearch security protects data from _deliberate_ tampering or unauthorized access.
[float]
==== Provides an Audit Trail
Knowing who requested which actions on your data, and when, is an important part of security. Keeping an auditable log
of the activity in your cluster can not only help diagnose performance issues, but provide insight into attacks and
attempted breaches.
[float]
=== Security as a Plugin
Security features for Elasticsearch are implemented in a plugin that you <<getting-started,install>> on each node in
your cluster.
[float]
=== What's In This Document
The information in this document covers the following broad categories:
* To learn about the architecture of the Elasticsearch security plugin and how the various elements of security
interact, see <<how-shield-works, How Shield Works>>.
* To get started with Elasticsearch security, from installation to initial configuration, see the
<<getting-started,Getting Started>> section.
* To answer specific questions about configuration elements and privileges in Elasticsearch security, see the
<<reference,Reference>> section.