Don't be ransacked: Securing your Elasticsearch cluster properly

There seems to be an on-going ransacking of Elasticsearch clusters, similar to what we have seen with MongoDB just recently. Clusters all over the world are being cleaned up and ending up with a single index definition with a ransom demand looking like this:

Ransacked Elasticsearch

Niall Merrigan, a dear friend and a security researcher, has brought this to my attention. This also seem to have popped in the official Elastic forums.

Whatever you do, never expose your cluster nodes to the web. This sounds obvious, but evidently this isn't done by all. Your cluster should never-ever be exposed to the public web. Here are all the anti-patterns, Do's and Don'ts to make sure you are on the safe side.

HTTP-enabled nodes need to listen to private IPs only

Elasticsearch can be told what IPs to listen to, and you can control whether that's localhost, private IPs, public IPs or any combi...

Elasticsearch training courses

I've got a few training courses - hand-on worshops rather - on Elasticsearch and the ELK stack coming up, so I thought it'd be a good idea to blog about them and spread the word out.

Interested in a training near you or in your company? feel free to reach out, or check my [Elasticsearch consultan...

Logging makes perfect - real-world monitoring and visualizations with Riemann, Elasticsearch and friends (video)

A talk I gave recently about our real-time system monitoring facilities at Forter is now available to watch online. The talk description and video are both below.

How to keep a real-time, low-latency and high-stakes system up and running and well-monitored? how to inves...

Showing 10 posts out of 119 total, page 1

Next page