Publicly opening the elastic search ports

Elastic Stack Beats
1

Hi,
I am having a reasonable number of servers in various geo locations. I am planning to install beats in those servers and to set a ELK setup as a core monitor server.
So publicly opening a port will definitely increase the risk.
What are the ways so that I can push the logs into my core server by minimizing the risks.
Setting a VPN connection is the later part if nothing else works out!

Thanks In advance
Regards
Vishnu

2

If the clients are in completely different network then Elasticsearch, opening a port is probably the only solution. Also for a VPN you have to open a port.

If you have to open Elasticsearch to a public endpoint, make sure to use the Security features: https://www.elastic.co/guide/en/x-pack/6.2/elasticsearch-security.html

1 Like
3

Hi,
Thankyou ruflin for the response!
The clients are completely in a different network. The plan for the VPN was the last option if there is not much risk while opening the ES port publicly.
Thanks

4

Is there a firewall between your internet connection and the elastic server?

If you have a firewall and only allow the IPs of your remote locations to connect on Elastic's port then that should be reasonably safe.

If you don't have a firewall or allow "all" IPs to connect, well that is just asking for problems. Besides the security risks, just think of the fun you could have if you find a open elasticsearch server...

But you should really set up a VPN and a firewall if you care about security at all.

5

Hi,
Thankyou Sjaak!
Yes we do have a proxy in front of of my ES server. But the beats clients may be having different IP s for different situations. Different IP in the sense that the IP will vary based on locations. So providing an IP based restriction will be a burden.
Yes, now if there us no way down, we will be looking out for the VPN connectivity!
Thanks
Vishnu

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.