Back-to-School: Aus dem Klassenzimmer des CAS Information Security & Risk Management. Basis für diesen Lehrgang ist das BSI-Grundschutzhandbuch, und die Teilnehmenden bereiten sich begleitend auf die CISSP-Prüfung vor. Somit ist es ein Teil des 15-tägigen Lehrgangs, ein CISSP- oder BSI-Fachthema als Blogpost aufzubereiten:
Information Security: Security in non-relational Databases (NoSQL)
This article will go through the security mechanisms which are implemented in a typical NoSQL database. For this case the Apache HBase NoSQL database server will be used. HBase is an opensource non-relational and distributed database which stores big data on a Hadoop cluster. HBase is based on the Bigtable distributed storage system for structured data which was developed by Google and is used for example to store the content crawled from websites.
The problem with many NoSQL database servers is that they do not implement by default any form of user authentication in order to login into the database. Furthermore there are often no authorization systems in place or if there is one the default is set so that all possible rights are given as soon as one is connected to the database server. This is the case with HBase, meaning that anyone can enter the database server without having to go through user authorization and is given all possible rights to all databases immediately. So, anyone can simply enter the database server and browse through the whole content and even worse could delete or modify it.
In fact, when the HBase server is started up it listens on three different TCP ports which are 60010, 60030 and 2181 on all network interfaces (known as 0.0.0.0 for IPv4). HBase listens on all network interfaces because, being a distributed database server, it needs to communicate with other members (servers) of its cluster through these ports. Port 60010 is known as the HBase master port and this is where the clients and other servers connect to. Port 60030 is used for the regional servers of the cluster and port 2181 is used by ZooKeeper which is responsible for managing the nodes of the cluster.
Newer releases of HBase support access control lists (ACLs) and as such it is possible to add user role and grant permissions to tables, columns or even rows of databases to specific users or groups. This is unfortunately not enabled by default and needs to be enabled on a server basis and HBase needs to be restarted afterwards. Once this is done, one still needs to configure the appropriate permissions manually as the default is still set to allow anyone with all possible permissions.
An extra security measure would be to use a software firewall such as iptables on Linux in order to limit the other hosts which are allowed to connect to the three TCP ports of HBase and deny all other hosts access. The iptables rules should then only permit access from other node members of the cluster and/or other clients which need to be able to connect to the HBase master server. HBase does not necessarily need to be used as a cluster and can therefore be used in standalone mode for example for small installations. In the case where HBase is used in standalone mode it would be possible to have all three TCP ports listen on the loopback interface (127.0.0.1 for IPv4) instead of all network interfaces. This means that no external host can access HBase remotely.
To sum up, in order to secure a NoSQL DBMS one should check whether ACLs is supported and if it is, enable them and configure them accordingly with the minimum privileges principle. Additionally, one can use a software firewall to limit at the IP level which hosts are allowed to communicate with the DB server.
Blogpost wurde erstellt
im Rahmen vom CAS Information Security & Risk Management.
Beim nächsten CAS live dabei sein?
Hier der Link zur Ausschreibung CAS Information Security & Risk Management
Persönliche Beratung für den Lehrgang gewünscht?
Einfach Prof. Martina Dalla Vecchia ein E-Mail schreiben und einen Termin vorschlagen.