Protecting your SaltMiner cluster and the data it contains is of utmost importance. Implementing a defense in depth strategy provides multiple layers of security to help safeguard your system. The following principles provide a foundation for running Elasticsearch in a secure manner that helps to mitigate attacks on your system at multiple levels.
Enabling security protects SaltMiner by
- Preventing unauthorized access with password protection, role-based access control, and IP filtering.
- Preserving the integrity of your data with SSL/TLS encryption.
- Maintaining an audit trail so you know who’s doing what to your cluster and the data it stores.
Reference: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/secure-cluster.html
While every organization has its own unique policies regarding security, we recommend that these key areas are reviewed and appropriate levels of control are implemented.
At a minimum, external traffic should use TLS/HTTPS for all communications with SaltMiner. This can be implemented via NGINX on the SaltMiner Application Server, on a separate firewall outside of the cluster, or on both.
In addition to TLS/HTTPS at the cluster boundary, TLS/HTTPS can be used to secure traffic within the cluster. In addition to configuring TLS on the transport interface of your Elasticsearch cluster, you configure TLS on the HTTP interface for both Elasticsearch and Kibana.
Details on setting up TLS/HTTPS can be found at https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-basic-setup-https.html