• Apache Cassandra
  • Technical
Apache Cassandra Security

Apache Cassandra security has hit the news lately with a benevolent hacker attempting to warn owners of unsecured Cassandra databases about their exposure (see https://www.bleepingcomputer.com/news/security/a-benevolent-hacker-is-warning-owners-of-unsecured-cassandra-databases/).

Apache Cassandra Security

At Instaclustr, we take security very seriously. We were confident that our default configurations would not allow access to this type of scan. We have used our central management system to check all clusters that we currently have under management for the presence of the tell-tale keyspace and confirm that none of our managed clusters had been detected by the scan.

Of course, not being picked up by some random, external scan is no guarantee of security so it’s worth recapping some of the things we do at Instaclustr to make it easy to maximize the security of your cluster.

Understand How We Manage Cassandra Security?

  • The use of TLS (SSL) and password authentication to connect to Cassandra can be configured with the click of a checkbox at cluster creation. We even generate sample code for connecting to the cluster to make it as easy as possible.
  • Firewall rules block all access to the cluster by default with exception added at the control of the cluster owner through our console.
  • We support VPC peering and the use of private IPs to minimize public access points through the firewall.
  • We disable access by the default Cassandra user, preventing any attacks using this well-known user.
  • We regularly commission external penetration tests of our clusters and other components of our system.

Additional Measures We Use

In addition to these current measures, we have a continuing focus on enhanced security technology and processes which benefit all of our customers as they become available. For example, current engineering initiatives include enhanced intrusion detection across all components of our system and additional security certifications.

At Instaclustr, we’re proud of our capability, focus, and record when it comes to security. While it’s not an area that we often talk about publicly we’re more than happy to go into the details of our approach with any customers or potential customers—just contact us to set up a chat.

Visit our security page to understand more about the Security Standards we follow at Instaclustr for our Managed Platform