Client Encryption
Details Cassandra offers the option to encrypt data in transit between the client and nodes on the cluster. By default...
- Home
- Security Hardening
- CIS Apache Cassandra 3.11 L2 Unix V1.0.0
CIS Apache Cassandra 3.11 L2 Unix V1.0.0
Ensure a separate user and group exist for Cassandra – group
Details Create separate userid and group for Cassandra. Rationale: All processes need to run as a user with least privilege....Ensure a separate user and group exist for Cassandra – passwd
Details Create separate userid and group for Cassandra. Rationale: All processes need to run as a user with least privilege....Ensure a separate user and group exist for Cassandra – user exists in group
Details Create separate userid and group for Cassandra. Rationale: All processes need to run as a user with least privilege....Ensure clocks are synchronized on all nodes
Details Enabling Network Time Protocol (NTP), or some equivalent way, to keep clocks on all nodes in sync is critical....Ensure latest version of Cassandra is installed
Details The Cassandra installation version, along with the patches, should be the most recent that is compatible with organization’s operational...Ensure that auditing is enabled
Details Audit logging in Cassandra logs every incoming CQL command request, Authentication (successful as well as unsuccessful login) to C*...Ensure that authentication is enabled for Cassandra databases
Details Authentication is pluggable in Cassandra and is configured using the authenticator setting in cassandra.yaml. Cassandra ships with two options...Ensure that authorization is enabled for Cassandra databases
Details Authorization is pluggable in Cassandra and is configured using the authorizer setting in cassandra.yaml. Cassandra ships with two options...Ensure that Cassandra is run using a non-privileged, dedicated service account
Details As with any service installed on a host, it can be provided with its own user context. Providing a...