ok please find bellow an example: Lets suppose that i have a cassandra cluster of 4 nodes / one DC / replication factor = 4, So in this architecture i have on full copy of the data on each node.
Imagine now that one node have been hacked and in some way with full access to cqlsh session, if data is changed on that node, data will be changed on the three other, am i right ? imagine now that i am able to know (using cryptographic bases) if one column was modified by my API ( => normal way) or not ( => suspicious way), and i want to execute this check function just before any replication of a keyspace to avoid that all the replica will be affected by that and so a rollback will be not easy and the integrity of all the system will be down, the check will for example kill the local cassandra service ... Hope that my question is more clear now. Many thanks for any help. 2017-11-16 22:01 GMT+01:00 Oliver Ruebenacker <cur...@gmail.com>: > > Hello, > > If I understand the OP right, he wants an automated response one node > displays suspicious activity. > > I suppose in that case, one would want the node to be removed from the > cluster or shut down or both. > > Best, Oliver > > On Thu, Nov 16, 2017 at 3:40 PM, kurt greaves <k...@instaclustr.com> > wrote: > >> What's the purpose here? If they have access to cqlsh, they have access >> to every nodes data, not just the one they are on. An attacker modifying RF >> would be the least of your worries. If you manage to detect that some node >> is compromise you should isolate it immediately. >> >> >> On 16 Nov. 2017 07:33, "Abdelkrim Fitouri" <abdou....@gmail.com> wrote: >> >> Hi, >> >> I know that cassandra handel properly data replication between cluster >> nodes, but for some security reasons I am wonderning how to avoid data >> replication after a server node have been compromised and someone is >> executing modification via cqlsh ? >> >> is there a posibility on Cassandra to execute a custom check / Hook >> before replication ? >> >> is there a posibilty to execute a manual replication between node ? >> >>> >> >> >> -- >> >> Best Regards. >> >> *Abdelkarim FITOURI* >> >> System And Security Engineer >> >> >> >> > > > -- > Oliver Ruebenacker > Senior Software Engineer, Diabetes Portal > <http://www.type2diabetesgenetics.org/>, Broad Institute > <http://www.broadinstitute.org/> > >
