Details

Cassandra offers the option to encrypt data in transit between nodes on the cluster. By default, inter-node encryption is turned off.

Rationale:

Data being transferred on the wire should be encrypted to avoid network snooping, whether legitimate or not.

Solution

The inter-node encryption should be implemented before anyone accesses the Cassandra server.

To enable the inter-node encryption mechanism:

Stop the Cassandra database.
If not done so already, build out your keystore and truststore.
Modify cassandra.yaml file to modify/add entry for internode_encryption: set it to all
Start the Cassandra database.

Default Value:
internode_encryption: none

References:
http://cassandra.apache.org/doc/latest/operating/security.html

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2309

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-8
• CSCv7|14.4

Source

• Tenable.com/audits