en you
> have different DCs. One DC would stay with rogue data, and the other one
> would shutdown.
>
>
>
> *--*
>
> *Jacques-Henri Berthemet*
>
>
>
> *From:* Abdelkrim Fitouri [mailto:abdou@gmail.com]
> *Sent:* jeudi 16 novembre 2017 22:33
> *T
only work when you have
different DCs. One DC would stay with rogue data, and the other one would
shutdown.
--
Jacques-Henri Berthemet
From: Abdelkrim Fitouri [mailto:abdou@gmail.com]
Sent: jeudi 16 novembre 2017 22:33
To: user@cassandra.apache.org
Subject: Re: Executing a check before
That sounds like a great way to DoS yourself. While I'm sure it could be
achieved, probably in a pretty messy way, I don't think it's a good idea
and seems to me like way over the top security. Especially because sure,
you might be able to protect against CQL "attacks" via triggers (ugh) - but
if t
ok please find bellow an example:
Lets suppose that i have a cassandra cluster of 4 nodes / one DC /
replication factor = 4, So in this architecture i have on full copy of the
data on each node.
Imagine now that one node have been hacked and in some way with full access
to cqlsh session, if data
Hello,
If I understand the OP right, he wants an automated response one node
displays suspicious activity.
I suppose in that case, one would want the node to be removed from the
cluster or shut down or both.
Best, Oliver
On Thu, Nov 16, 2017 at 3:40 PM, kurt greaves wrote:
> Wha
Yea there’s a whole lot of stuff here that doesn’t make sense
I’m not sure what the threat model really is, but there’s a lot of moving
pieces here, and the place you’re thinking about adding validation isn’t the
first place I’d be concerned with (internode tends to be a bigger problem).
Why do
What's the purpose here? If they have access to cqlsh, they have access to
every nodes data, not just the one they are on. An attacker modifying RF
would be the least of your worries. If you manage to detect that some node
is compromise you should isolate it immediately.
On 16 Nov. 2017 07:33, "Ab
turn on audit on tables in question, scan the audit logs (using tools like
Splunk) and send alerts based on the activity...
On Wednesday, November 15, 2017, 12:33:30 PM PST, Abdelkrim Fitouri
wrote:
Hi,
I know that cassandra handel properly data replication between cluster nodes,
but
Hi,
I know that cassandra handel properly data replication between cluster
nodes, but for some security reasons I am wonderning how to avoid data
replication after a server node have been compromised and someone is
executing modification via cqlsh ?
is there a posibility on Cassandra to execute a
