Book Image

Securing Hadoop

By : Sudheesh Narayan
Book Image

Securing Hadoop

By: Sudheesh Narayan

Overview of this book

Security of Big Data is one of the biggest concerns for enterprises today. How do we protect the sensitive information in a Hadoop ecosystem? How can we integrate Hadoop security with existing enterprise security systems? What are the challenges in securing Hadoop and its ecosystem? These are the questions which need to be answered in order to ensure effective management of Big Data. Hadoop, along with Kerberos, provides security features which enable Big Data management and which keep data secure. This book is a practitioner's guide for securing a Hadoop-based Big Data platform. This book provides you with a step-by-step approach to implementing end-to-end security along with a solid foundation of knowledge of the Hadoop and Kerberos security models. This practical, hands-on guide looks at the security challenges involved in securing sensitive data in a Hadoop-based Big Data platform and also covers the Security Reference Architecture for securing Big Data. It will take you through the internals of the Hadoop and Kerberos security models and will provide detailed implementation steps for securing Hadoop. You will also learn how the internals of the Hadoop security model are implemented, how to integrate Enterprise Security Systems with Hadoop security, and how you can manage and control user access to a Hadoop ecosystem seamlessly. You will also get acquainted with implementing audit logging and security incident monitoring within a Big Data platform.
Table of Contents (15 chapters)
Securing Hadoop
About the Author
About the Reviewers

Best practices for securing the Hadoop ecosystem components

We looked at different types of Hadoop ecosystem components and understood how to set up a secured Hadoop ecosystem with all these components. In this section, let us summarize these best practices as follows:

  • All services that are running within the Hadoop ecosystem need to be authenticated with KDC. This will ensure that there is no rogue process creating malicious activity.

  • It is a best practice to store the KDC credentials in an LDAP store, so that the credentials and authorizations can be centrally managed.

  • The keytab file needs to be secured, and only the user for whom the file is created should be provided with read access to the file.

  • Whenever a Java client is accessing the service, client authentication should be done by the service using RPC authentication mechanism.

  • Whenever user impersonation is used to impersonate an end user by the service user, the service process has to be fully secured by Kerberos and also the host running...