We lockdown ssh to root from any network. We also provide individual logins including sysadmin and they go through LDAP authentication. Anyone who does sudo su as root gets logged and alerted via trapsend. We use firewalls and also have a separate vlan for datastore servers. We then open only specific ports from our application servers to datastore servers.
You should also look at Cassandra authentication as additional means of securing your data. On Wed, Nov 9, 2011 at 6:39 AM, Sasha Dolgy <sdo...@gmail.com> wrote: > Firewall with appropriate rules. > >> On Tue, Nov 8, 2011 at 6:30 PM, Guy Incognito <dnd1...@gmail.com> wrote: >>> >>> hi, >>> >>> is there a standard approach to securing cassandra eg within a corporate >>> network? at the moment in our dev environment, anybody with network >>> connectivity to the cluster can connect to it and mess with it. this would >>> not be acceptable in prod. do people generally write custom authenticators >>> etc, or just put the cluster behind a firewall with the appropriate rules to >>> limit access? >
