Today, many organizations are implementing Hadoop in production environments. As organizations embark on the Big Data implementation journey, security of Big Data is one of the major concerns. Securing sensitive data is one of the top priorities for organizations. Enterprise security teams are worried about integrating Hadoop security with enterprise systems. Securing Hadoop provides a detailed implementation and best practices for securing a Hadoop-based Big Data platform. It covers the fundamentals behind Kerberos security and Hadoop security design, and then details the approach for securing Hadoop and its ecosystem components within an enterprise context. The goal of this book is to take an end-to-end enterprise view on Big Data security by looking at the Big Data security reference architecture, and detailing how the various building blocks required by an organization can be put together to establish a secure Big Data platform.
Chapter 1, Hadoop Security Overview, highlights the key challenges and requirements that should be considered for securing any Hadoop-based Big Data platform. We then provide an enterprise view of Big Data security and detail the Big Data security reference architecture.
Chapter 2, Hadoop Security Design, details the internals of the Hadoop security design and explains the key concepts required for understanding and implementing Kerberos security. The focus of this chapter is to arrive at a common understanding of various terminologies and concepts required for remainder of this book.
Chapter 3, Setting Up a Secured Hadoop Cluster, provides a step-by-step guide on configuring Kerberos and establishing a secured Hadoop cluster.
Chapter 4, Securing the Hadoop Ecosystem, looks at the detailed internal interaction and communication protocols for each of the Hadoop ecosystem components along with the security gaps. We then provide a step-by-step guide to establish a secured Big Data ecosystem.
Chapter 5, Integrating Hadoop with Enterprise Security Systems, focuses on the implementation approach to integrate Hadoop security models with enterprise security systems and how to centrally manage access controls for users in a secured Hadoop platform.
Chapter 6, Securing Sensitive Data in Hadoop, provides a detailed implementation approach for securing sensitive data within a Hadoop ecosystem and what are the various data encryption techniques used in securing Big Data platforms.
Chapter 7, Security Event and Audit Logging in Hadoop, provides a deep dive into the security incident and event monitoring system that needs to be implemented in a secured Big Data platform. We then provide the best practices and approach for implementing these security procedures and policies.
Appendix, Solutions Available for Securing Hadoop, provides an overview of the various commercial and open source technologies that are available to build a secured Hadoop Big Data ecosystem. We look into details of each of these technologies and where they fit into the overall Big Data security reference architecture.
To practice the examples provided in this book, you will need a working Hadoop cluster. You will also need a multinode Linux cluster (a minimum of 2 nodes of CentOS 6.2 or similar). Cloudera CDH4.1 or above is recommended. Any latest version of Apache Hadoop distribution can also be used instead of CDH4.1.You will have to download and install Kerberos 5 Release 1.11.3 from the MIT site (http://web.mit.edu/kerberos/krb5-1.11/).
Securing Hadoop is ideal for Hadoop practitioners (Big Data architects, developers, and administrators) who have some working knowledge of Hadoop and wants to implement security for Hadoop. This book is also for Big Data architects who want to design and implement an end-to-end secured Big Data solution for an enterprise context. This book will also act as reference guide for the administrators who are on the implementation and configuration of Hadoop security.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "To support renewable tickets, we add the max_renewable_life setting to your realm in kdc.conf."
A block of code is set as follows:
kdcdefaults]
kdc_ports = 88
[realms]
MYDOMAIN.COM = {
profile = /etc/krb5.conf
supported_enctypes = aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
allow-null-ticket-addresses = true
database_name = /usr/local/var/krb5kdc/principal
acl_file = /usr/local/var/krb5kdc/kadm5.acl
admin_database_lockfile = /usr/local/var/krb5kd/kadm5_adb.lock
admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
key_stash_file = /usr/local/var/krb5kdc/.k5stash
kdc_ports = 88
kadmind_port = 749
max_life = 2d 0h 0m 0s
max_renewable_life = 7d 0h 0m 0s
}Any command-line input or output is written as follows:
sudo service hadoop-hdfs-namenode start sudo service hadoop-hdfs-datanode start sudo service hadoop-hdfs-secondarynamenode start For MRV1 sudo service hadoop-0.20-mapreduce-jobtracker start
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "clicking the Next button moves you to the next screen".
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.