[[security-getting-started]]
== Getting Started with Security

To secure a cluster, you must enable {security} on every node in the
cluster. Basic authentication is enabled by default--to communicate
with the cluster, you must specify a username and password.
Unless you {xpack-ref}/anonymous-access.html[enable anonymous access], all
requests that don't include a user name and password are rejected.

To get started with {security}:

. {ref}/configuring-security.html[Configure security in {es}]. Encrypt 
inter-node communications, set passwords for the 
<<built-in-users,built-in users>>, and manage your users and roles.  

. {kibana-ref}/using-kibana-with-security.html[Configure security in {kib}]. 
Set the authentication credentials in {kib} and encrypt communications between 
the browser and the {kib} server.

. {logstash-ref}/ls-security.html[Configure security in Logstash]. Set the 
authentication credentials for Logstash and encrypt communications between 
Logstash and {es}. 

. <<beats,Configure security in the Beats>>. Configure authentication 
credentials and encrypt connections to {es}. 

. Configure the Java transport client to use encrypted communications.
See <<java-clients>>.

. Configure {es} for Apache Hadoop to use secured transport. See
{hadoop-ref}/security.html[{es} for Apache Hadoop Security]. 

Depending on your security requirements, you might also want to:

* Integrate with {xpack-ref}/ldap-realm.html[LDAP] or {xpack-ref}/active-directory-realm.html[Active Directory],
or {xpack-ref}/pki-realm.html[require certificates] for authentication.
* Use {xpack-ref}/ip-filtering.html[IP Filtering] to allow or deny requests from particular
IP addresses or address ranges.