Scylla Security Checklist¶
The Scylla Security checklist is a list of security recommendations that should be implemented to protect your Scylla cluster.
Authentication is a security step to verify the identity of a client. When enabled, Scylla requires all clients to authenticate themselves to determine their access to the cluster.
Role Base Access¶
Role Based Access Control (RBAC), a method of reducing lists of authorized users to a few roles assigned to multiple users. RBAC is sometimes referred to as role-based security. It is recommended to:
Encryption on Transit, Client to Node and Node to Node¶
Encryption on Transit protects your communication against a 3rd interception on the network connection. Configure Scylla to use TLS/SSL for all the connections. Use TLS/SSL to encrypt communication between Scylla nodes and client applications.
Reduce the Network Exposure¶
Ensure that Scylla runs in a trusted network environment. Make sure that only trusted clients access the network interfaces and ports on which Scylla uses. List of ports used by Scylla.
Audit System Activity¶
Using the auditing feature allows the administrator to know “who did / looked at / changed what and when.” It also allows logging some or all the activities a user performs on Scylla cluster.
- Update your cluster with latest Scylla version.
- Make sure to update your Operating System and libraries are up to date.