|
| 1 | +[role="xpack"] |
| 2 | +[[elasticsearch-security]] |
| 3 | +== Security overview |
| 4 | +++++ |
| 5 | +<titleabbrev>Overview</titleabbrev> |
| 6 | +++++ |
| 7 | + |
| 8 | +Security protects {es} clusters by: |
| 9 | + |
| 10 | +* <<preventing-unauthorized-access, Preventing unauthorized access>> |
| 11 | + with password protection, role-based access control, and IP filtering. |
| 12 | +* <<preserving-data-integrity, Preserving the integrity of your data>> |
| 13 | + with SSL/TLS encryption. |
| 14 | +* <<maintaining-audit-trail, Maintaining an audit trail>> |
| 15 | + so you know who's doing what to your cluster and the data it stores. |
| 16 | + |
| 17 | +[float] |
| 18 | +[[preventing-unauthorized-access]] |
| 19 | +=== Preventing unauthorized access |
| 20 | + |
| 21 | +To prevent unauthorized access to your {es} cluster, you must have a |
| 22 | +way to _authenticate_ users. This simply means that you need a way to validate |
| 23 | +that a user is who they claim to be. For example, you have to make sure only |
| 24 | +the person named _Kelsey Andorra_ can sign in as the user `kandorra`. The |
| 25 | +{es-security-features} provide a standalone authentication mechanism that enables |
| 26 | +you to quickly password-protect your cluster. If you're already using LDAP, |
| 27 | +Active Directory, or PKI to manage users in your organization, the |
| 28 | +{security-features} are able to integrate with those systems to perform user |
| 29 | +authentication. |
| 30 | + |
| 31 | +In many cases, simply authenticating users isn't enough. You also need a way to |
| 32 | +control what data users have access to and what tasks they can perform. The |
| 33 | +{es-security-features} enable you to _authorize_ users by assigning access |
| 34 | +_privileges_ to _roles_ and assigning those roles to users. For example, this |
| 35 | +role-based access control mechanism (a.k.a RBAC) enables you to specify that the |
| 36 | +user `kandorra` can only perform read operations on the `events` index and can't |
| 37 | +do anything at all with other indices. |
| 38 | + |
| 39 | +The {security-features} also support IP-based authorization. |
| 40 | +You can whitelist and blacklist specific IP addresses or subnets to control |
| 41 | +network-level access to a server. |
| 42 | + |
| 43 | +[float] |
| 44 | +[[preserving-data-integrity]] |
| 45 | +=== Preserving data integrity |
| 46 | + |
| 47 | +A critical part of security is keeping confidential data confidential. |
| 48 | +{es} has built-in protections against accidental data loss and |
| 49 | +corruption. However, there's nothing to stop deliberate tampering or data |
| 50 | +interception. The {stack-security-features} preserve the integrity of your |
| 51 | +data by encrypting communications to and from nodes. For even |
| 52 | +greater protection, you can increase the <<ciphers,encryption strength>>. |
| 53 | + |
| 54 | +[float] |
| 55 | +[[maintaining-audit-trail]] |
| 56 | +=== Maintaining an audit trail |
| 57 | + |
| 58 | +Keeping a system secure takes vigilance. By using {stack-security-features} to |
| 59 | +maintain an audit trail, you can easily see who is accessing your cluster and |
| 60 | +what they're doing. By analyzing access patterns and failed attempts to access |
| 61 | +your cluster, you can gain insights into attempted attacks and data breaches. |
| 62 | +Keeping an auditable log of the activity in your cluster can also help diagnose |
| 63 | +operational issues. |
0 commit comments