ES security measures?

Elastic Stack Elasticsearch
1

I have set up my ELK stack on a single server and tested it on a very small
setup to get a hands-down on ELK.
I want to use ELK for my system logs analysis.

Now, I have been reading about ES that it has no security. Also read
something like this:
"DO NOT have ES publicly accessible. That's the equivalent of making your
Wordpress MySQL database accessible to the world. ES is a REST accessible
DB which means that anyone can delete all of your data with access to the
endpoint."

I am a noob in this. So this means if I put my logs in ES will they be
accessible to everyone (which is scary) ??

Please guide me with what all security measures must be taken ?? Please
suggest some links so that I can ensure security.
How to keep my ES cluster private ??

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/236c0359-46cb-4359-8484-c311fb102db2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

If you put any data on a system that is easily accessible to the internet
then there is a probability that people can get to it.

If you are using AWS or similar, then make sure you use something like
iptables and/or a reverse proxy with authentication.

On 27 November 2014 at 16:39, Siddharth Trikha siddharthtrikha9@gmail.com
wrote:

I have set up my ELK stack on a single server and tested it on a very
small setup to get a hands-down on ELK.
I want to use ELK for my system logs analysis.

Now, I have been reading about ES that it has no security. Also read
something like this:
"DO NOT have ES publicly accessible. That's the equivalent of making your
Wordpress MySQL database accessible to the world. ES is a REST accessible
DB which means that anyone can delete all of your data with access to the
endpoint."

I am a noob in this. So this means if I put my logs in ES will they be
accessible to everyone (which is scary) ??

Please guide me with what all security measures must be taken ?? Please
suggest some links so that I can ensure security.
How to keep my ES cluster private ??

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/236c0359-46cb-4359-8484-c311fb102db2%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/236c0359-46cb-4359-8484-c311fb102db2%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAF3ZnZm%2BOmPG88ruwTJAYauuU%2Bn337nvXA-kC5z42QxVocwZZg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

3

So if internet is off then there is not any security concern??

If it's on, then any measures to be taken?

On Thursday, 27 November 2014 11:37:32 UTC+5:30, Mark Walkom wrote:

If you put any data on a system that is easily accessible to the internet
then there is a probability that people can get to it.

If you are using AWS or similar, then make sure you use something like
iptables and/or a reverse proxy with authentication.

On 27 November 2014 at 16:39, Siddharth Trikha <siddhart...@gmail.com
<javascript:>> wrote:

I have set up my ELK stack on a single server and tested it on a very
small setup to get a hands-down on ELK.
I want to use ELK for my system logs analysis.

Now, I have been reading about ES that it has no security. Also read
something like this:
"DO NOT have ES publicly accessible. That's the equivalent of making your
Wordpress MySQL database accessible to the world. ES is a REST accessible
DB which means that anyone can delete all of your data with access to the
endpoint."

I am a noob in this. So this means if I put my logs in ES will they be
accessible to everyone (which is scary) ??

Please guide me with what all security measures must be taken ?? Please
suggest some links so that I can ensure security.
How to keep my ES cluster private ??

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/236c0359-46cb-4359-8484-c311fb102db2%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/236c0359-46cb-4359-8484-c311fb102db2%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/a4ce806f-96f2-4ca8-984c-f25a0a780b83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

4

It is no difference to other distributed software.

There are many facets of security.

If you want authorized access, add a system which authenticates users and
manages roles. Elasticsearch does not do this for you.

If you want others to not read the Elasticsearch data traffic, set up a
private network Private network - Wikipedia with your own
gateway/router plus a reverse proxy for internet access.

If you want to trust in your Elasticsearch cluster and keep others from
tampering your data, then set up all the hardware and the network
connection by yourself and lock others out from physical access to the
facility.

You can wait for the Elasticsearch security extension which has been
announced.

Jörg

On Thu, Nov 27, 2014 at 6:39 AM, Siddharth Trikha <
siddharthtrikha9@gmail.com> wrote:

I have set up my ELK stack on a single server and tested it on a very
small setup to get a hands-down on ELK.
I want to use ELK for my system logs analysis.

Now, I have been reading about ES that it has no security. Also read
something like this:
"DO NOT have ES publicly accessible. That's the equivalent of making your
Wordpress MySQL database accessible to the world. ES is a REST accessible
DB which means that anyone can delete all of your data with access to the
endpoint."

I am a noob in this. So this means if I put my logs in ES will they be
accessible to everyone (which is scary) ??

Please guide me with what all security measures must be taken ?? Please
suggest some links so that I can ensure security.
How to keep my ES cluster private ??

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/236c0359-46cb-4359-8484-c311fb102db2%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/236c0359-46cb-4359-8484-c311fb102db2%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoH2D6qpQubeceKoz0N67RFTD9HWW%2BK4Dk1Q7b1%3DUgJzdw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

5

I have all my clusters behind the amazon's VPC segurity groups, but this
week we're facing the need to let frontend clients (javascript) to access
the ES indexes.

There is an auth plugins (GitHub - codelibs/elasticsearch-auth: Authentication filter for Elasticsearch)
which seems insteresting.
It lets to limit the access to data limiting by user, pass, role, protocol
and index (does not mention anything about types).

I've not tested yet, but want to share because maybe is it useful for
someone more.

--

Iván González Valiente

Systems programmer

2014-11-27 13:23 GMT+01:00 joergprante@gmail.com joergprante@gmail.com:

It is no difference to other distributed software.

There are many facets of security.

If you want authorized access, add a system which authenticates users and
manages roles. Elasticsearch does not do this for you.

If you want others to not read the Elasticsearch data traffic, set up a
private network Private network - Wikipedia with your
own gateway/router plus a reverse proxy for internet access.

If you want to trust in your Elasticsearch cluster and keep others from
tampering your data, then set up all the hardware and the network
connection by yourself and lock others out from physical access to the
facility.

You can wait for the Elasticsearch security extension which has been
announced.

Jörg

On Thu, Nov 27, 2014 at 6:39 AM, Siddharth Trikha <
siddharthtrikha9@gmail.com> wrote:

I have set up my ELK stack on a single server and tested it on a very
small setup to get a hands-down on ELK.
I want to use ELK for my system logs analysis.

Now, I have been reading about ES that it has no security. Also read
something like this:
"DO NOT have ES publicly accessible. That's the equivalent of making your
Wordpress MySQL database accessible to the world. ES is a REST accessible
DB which means that anyone can delete all of your data with access to the
endpoint."

I am a noob in this. So this means if I put my logs in ES will they be
accessible to everyone (which is scary) ??

Please guide me with what all security measures must be taken ?? Please
suggest some links so that I can ensure security.
How to keep my ES cluster private ??

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/236c0359-46cb-4359-8484-c311fb102db2%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/236c0359-46cb-4359-8484-c311fb102db2%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAKdsXoH2D6qpQubeceKoz0N67RFTD9HWW%2BK4Dk1Q7b1%3DUgJzdw%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CAKdsXoH2D6qpQubeceKoz0N67RFTD9HWW%2BK4Dk1Q7b1%3DUgJzdw%40mail.gmail.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CA%2BjeyjNnJQ3AJPzn6%3Dc8c%2Bd127r%2BeF4NTJM_Zy_DN%2BMW%3D7qW7A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.