Security & Vulnerabilities Updates
Join our re-occurring workshop online as well as offline (at Gurugram)
Manage Access to Bigdata Platform or Engines.
Access is the software (specially in SaaS based software or application) is controlled through the combination of "Profile", "Group", and "Role" the user belongs to. There are different profiles, such as System Admin or System User or Read User.
Configure Eancryption for Data at Rest and in Transit.
Encryption is required to make software or system secure. Security is required both at rest and in motion. There are different concepts and algorithms to encrypt. The encryption is applied at infrastructure layer as well as at application. Communications among different software's or applications are forced through encrypted channels. The same is applicable among various Big Data cluster nodes. SSL and TLS are applied wherever required as necessary and sufficient mandatory conditions.
Security Review on Data Requests.
A data packet can be compromised while transferring and this is the biggest threat to the system and this may lead a bigger security breach and hence issues. Data transfer is always there while working of any software system or application. A regular review of the system, application, and data (for the data centric system or application) should be performed to know the situations proactively.
Configure Bigdata Authorization (Apache Ranger or Similar Technologies).
Ranger or such technologies control security and authorization to access data in Hadoop based system by Row-level filtering and Data Masking Policies. Ranger is installed and accessed on URL with 6080. There are different ways to configure Ranger for Hadoop, Hive, Spark, Presto, and other Big Data technologies. Ranger is configured directly for some of Big Data technologies while there are plugin's for some of Big Data technologies.
Checking Qualys Scan, PenTest, and other Vulnerabilities (e.g. log4j).
There is the requirement to run various security scans for different purposes, for example regular in general scan or scan against penetration test or scan to check SQL Injection or scan to check middle man in between or running scan against vulnerabilities reported in vulnerabilities databases reported recently or some time back.
Checking CVE (nvd.nist.gov/vuln) for Big Data or related area.
There is an urgent need to check CVE on daily basis and to keep active attentions. This is the place run by Government to register new vulnerabilities and to know about mitigations plan or mitigations against prior vulnerabilities.
