Database Reference
In-Depth Information
Security protects against vulnerabilities
We've covered authentication and authorization in depth and also mentioned a few other se-
curity measures available in Cassandra or DataStax Enterprise. However, not every deploy-
ment will need every security measure in place. What security measures you need depends
on the sensitivity of your data and the security characteristics of your deployment. As an
application engineer, you likely leave the details of deployment security to your sysadmins,
but this table can provide a quick reference to what sort of security measures you should
think about:
Security measure
Vulnerability protected against
Alternative protections
Internal authentication &
authorization
Direct access to Cassandra cluster via
CQL binary protocol
Restrict access to the Cassandra cluster to secure
the private network
Shell access to machines hosting the
Cassandra cluster
Restrict shell and physical access to Cassandra
hosts
On-disk data encryption
Client-to-node encryp-
tion
Network link between the application
and the Cassandra cluster
Restrict access to private network traffic using en-
cryption or physical isolation
Restrict access to private network traffic using en-
cryption or physical isolation
Node-to-node encryption Network link between Cassandra nodes
It's quite plausible that, with both your application and Cassandra deployment protected by
a well-secured VPN, you may not need to concern yourself with any database-level secur-
ity measures.
