20 lines
1.1 KiB
Plaintext
20 lines
1.1 KiB
Plaintext
[[securing-communications]]
|
|
== Securing Communications with Encryption and IP Filtering
|
|
|
|
Elasticsearch nodes store data that may be confidential. Attacks on the data may come from the network. These attacks
|
|
could include sniffing of the data, manipulation of the data, and attempts to gain access to the server and thus the
|
|
files storing the data. Securing your nodes with the procedures below helps to reduce risk from network-based attacks.
|
|
|
|
This section shows how to:
|
|
|
|
* Encrypt traffic to and from Elasticsearch nodes using SSL/TLS,
|
|
* Require that nodes authenticate new nodes that join the cluster using SSL certificates, and
|
|
* Make it more difficult for remote attackers to issue any commands to Elasticsearch.
|
|
|
|
The authentication of new nodes helps prevent a rogue node from joining the cluster and receiving data through replication.
|
|
|
|
include::securing-communications/setting-up-ssl.asciidoc[]
|
|
include::securing-communications/enabling-cipher-suites.asciidoc[]
|
|
include::securing-communications/separating-node-client-traffic.asciidoc[]
|
|
include::securing-communications/using-ip-filtering.asciidoc[]
|