100 lines
4.5 KiB
Plaintext
100 lines
4.5 KiB
Plaintext
[[xpack-security]]
|
|
= Securing Elasticsearch and Kibana
|
|
|
|
[partintro]
|
|
--
|
|
{security} enables you to easily secure a cluster. With Security,
|
|
you can password-protect your data as well as implement more advanced security
|
|
measures such as encrypting communications, role-based access control,
|
|
IP filtering, and auditing. This guide describes how to configure the security
|
|
features you need, and interact with your secured cluster.
|
|
|
|
Security protects Elasticsearch clusters by:
|
|
|
|
* <<preventing-unauthorized-access, Preventing unauthorized access>>
|
|
with password protection, role-based access control, and IP filtering.
|
|
* <<preserving-data-integrity, Preserving the integrity of your data>>
|
|
with message authentication and SSL/TLS encryption.
|
|
* <<maintaining-audit-trail, Maintaining an audit trail>>
|
|
so you know who's doing what to your cluster and the data it stores.
|
|
|
|
[float]
|
|
[[preventing-unauthorized-access]]
|
|
=== Preventing Unauthorized Access
|
|
|
|
To prevent unauthorized access to your Elasticsearch cluster, you must have a
|
|
way to _authenticate_ users. This simply means that you need a way to validate
|
|
that a user is who they claim to be. For example, you have to make sure only
|
|
the person named _Kelsey Andorra_ can sign in as the user `kandorra`. {security}
|
|
provides a standalone authentication mechanism that enables you to
|
|
quickly password-protect your cluster. If you're already using {xpack-ref}/ldap-realm.html[LDAP],
|
|
{xpack-ref}/active-directory-realm.html[ Active Directory], or {xpack-ref}/pki-realm.html[ PKI] to manage
|
|
users in your organization, {security} is able to integrate with those
|
|
systems to perform user authentication.
|
|
|
|
In many cases, simply authenticating users isn't enough. You also need a way to
|
|
control what data users have access to and what tasks they can perform. {security}
|
|
enables you to _authorize_ users by assigning access _privileges_ to _roles_,
|
|
and assigning those roles to users. For example, this
|
|
{xpack-ref}/authorization.html[role-based access control] mechanism (a.k.a RBAC) enables
|
|
you to specify that the user `kandorra` can only perform read operations on the
|
|
`events` index and can't do anything at all with other indices.
|
|
|
|
{security} also supports {xpack-ref}/ip-filtering.html[ IP-based authorization]. You can
|
|
whitelist and blacklist specific IP addresses or subnets to control network-level
|
|
access to a server.
|
|
|
|
[float]
|
|
[[preserving-data-integrity]]
|
|
=== Preserving Data Integrity
|
|
|
|
A critical part of security is keeping confidential data confidential.
|
|
Elasticsearch has built-in protections against accidental data loss and
|
|
corruption. However, there's nothing to stop deliberate tampering or data
|
|
interception. {security} preserves the integrity of your data by
|
|
{xpack-ref}/ssl-tls.html[encrypting communications] to and from nodes and
|
|
{xpack-ref}/enable-message-authentication.html[authenticating message] to verify that they
|
|
have not been tampered with or corrupted in transit during node-to-node
|
|
communication. For even greater protection, you can increase the
|
|
{xpack-ref}/ciphers.html[encryption strength] and
|
|
{xpack-ref}/separating-node-client-traffic.html[separate client traffic from node-to-node communications].
|
|
|
|
|
|
[float]
|
|
[[maintaining-audit-trail]]
|
|
=== Maintaining an Audit Trail
|
|
|
|
Keeping a system secure takes vigilance. By using {security} to maintain
|
|
an audit trail, you can easily see who is accessing your cluster and what they're
|
|
doing. By analyzing access patterns and failed attempts to access your cluster,
|
|
you can gain insights into attempted attacks and data breaches. Keeping an
|
|
auditable log of the activity in your cluster can also help diagnose operational
|
|
issues.
|
|
|
|
[float]
|
|
=== Where to Go Next
|
|
|
|
* <<security-getting-started, Getting Started>>
|
|
steps through how to install and start using Security for basic authentication.
|
|
|
|
* {xpack-ref}/how-security-works.html[How Security Works]
|
|
provides more information about how Security supports user authentication,
|
|
authorization, and encryption.
|
|
|
|
* {xpack-ref}/ccs-clients-integrations.html[Integrations]
|
|
shows you how to interact with an Elasticsearch cluster protected by
|
|
{security}.
|
|
|
|
* {xpack-ref}/security-reference.html[Reference]
|
|
provides detailed information about the access privileges you can grant to
|
|
users, the settings you can configure for Security in `elasticsearch.yml`,
|
|
and the files where Security configuration information is stored.
|
|
|
|
[float]
|
|
=== Have Comments, Questions, or Feedback?
|
|
|
|
Head over to our {security-forum}[Security Discussion Forum]
|
|
to share your experience, questions, and suggestions.
|
|
--
|
|
|
|
include::getting-started.asciidoc[] |