Hadoop Security. Protecting Your Big Data Platform

(ebook) (audiobook) (audiobook)

Autorzy:: Ben Spivey, Joey Echeverria

Promocja Przejdź

Hadoop Security. Protecting Your Big Data Platform Ben Spivey, Joey Echeverria - okładka książki

Hadoop Security. Protecting Your Big Data Platform Ben Spivey, Joey Echeverria - okładka audiobooka MP3

Hadoop Security. Protecting Your Big Data Platform Ben Spivey, Joey Echeverria - okładka audiobooks CD

Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 340
2w1 w pakiecie:: ePub

Mobi

Ebook

~~229,00 zł~~ (-15%)
194,65 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

As more corporations turn to Hadoop to store and process their most valuable data, the risk of a potential breach of those systems increases exponentially. This practical book not only shows Hadoop administrators and security architects how to protect Hadoop data from unauthorized access, it also shows how to limit the ability of an attacker to corrupt or modify data in the event of a security breach.

Authors Ben Spivey and Joey Echeverria provide in-depth information about the security features available in Hadoop, and organize them according to common computer security concepts. You’ll also get real-world examples that demonstrate how you can apply these concepts to your use cases.

Understand the challenges of securing distributed systems, particularly Hadoop
Use best practices for preparing Hadoop cluster hardware as securely as possible
Get an overview of the Kerberos network authentication protocol
Delve into authorization and accounting principles as they apply to Hadoop
Learn how to use mechanisms to protect data in a Hadoop cluster, both in transit and at rest
Integrate Hadoop data ingest into enterprise-wide security architecture
Ensure that security architecture reaches all the way to end-user access

Ebooka przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook
i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video zobaczysz:

Szczegóły książki

ISBN Ebooka:: 978-14-919-0134-2, 9781491901342
Data wydania ebooka:: 2015-06-29 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@helion.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 2.3MB
Rozmiar pliku Mobi:: 2.3MB

Kategorie:
Bazy danych
Hacking » Inne
Big Data

Spis treści książki

Foreword
Preface
- Audience
- Conventions Used in This Book
- Using Code Examples
- Safari Books Online
- How to Contact Us
- Acknowledgments
  - From Joey
  - From Ben
  - From Eddie
- Disclaimer
1. Introduction
- Security Overview
  - Confidentiality
  - Integrity
  - Availability
  - Authentication, Authorization, and Accounting
- Hadoop Security: A Brief History
- Hadoop Components and Ecosystem
  - Apache HDFS
  - Apache YARN
  - Apache MapReduce
  - Apache Hive
  - Cloudera Impala
  - Apache Sentry (Incubating)
  - Apache HBase
  - Apache Accumulo
  - Apache Solr
  - Apache Oozie
  - Apache ZooKeeper
  - Apache Flume
  - Apache Sqoop
  - Cloudera Hue
- Summary
I. Security Architecture
2. Securing Distributed Systems
- Threat Categories
  - Unauthorized Access/Masquerade
  - Insider Threat
  - Denial of Service
  - Threats to Data
- Threat and Risk Assessment
  - User Assessment
  - Environment Assessment
- Vulnerabilities
- Defense in Depth
- Summary
3. System Architecture
- Operating Environment
- Network Security
  - Network Segmentation
  - Network Firewalls
    - Data movement
    - Client access
    - Administration traffic
  - Intrusion Detection and Prevention
- Hadoop Roles and Separation Strategies
  - Master Nodes
  - Worker Nodes
  - Management Nodes
  - Edge Nodes
- Operating System Security
  - Remote Access Controls
  - Host Firewalls
  - SELinux
- Summary
4. Kerberos
- Why Kerberos?
- Kerberos Overview
- Kerberos Workflow: A Simple Example
- Kerberos Trusts
- MIT Kerberos
  - Server Configuration
  - Client Configuration
- Summary
II. Authentication, Authorization, and Accounting
5. Identity and Authentication
- Identity
  - Mapping Kerberos Principals to Usernames
    - The initial principal translation
    - The acceptance filter
    - The substitution command
  - Hadoop User to Group Mapping
    - Mapping users to groups using LDAP
  - Provisioning of Hadoop Users
- Authentication
  - Kerberos
  - Username and Password Authentication
  - Tokens
    - Delegation tokens
    - Block access tokens
    - Job tokens
  - Impersonation
  - Configuration
    - HDFS
    - YARN
    - MapReduce (MR1)
    - Oozie
    - HBase
- Summary
6. Authorization
- HDFS Authorization
  - HDFS Extended ACLs
- Service-Level Authorization
- MapReduce and YARN Authorization
  - MapReduce (MR1)
  - YARN (MR2)
    - FairScheduler
    - CapacityScheduler
- ZooKeeper ACLs
- Oozie Authorization
- HBase and Accumulo Authorization
  - System, Namespace, and Table-Level Authorization
  - Column- and Cell-Level Authorization
- Summary
7. Apache Sentry (Incubating)
- Sentry Concepts
- The Sentry Service
  - Sentry Service Configuration
- Hive Authorization
  - Hive Sentry Configuration
- Impala Authorization
  - Impala Sentry Configuration
- Solr Authorization
  - Solr Sentry Configuration
- Sentry Privilege Models
  - SQL Privilege Model
  - Solr Privilege Model
- Sentry Policy Administration
  - SQL Commands
  - SQL Policy File
  - Solr Policy File
  - Policy File Verification and Validation
  - Migrating From Policy Files
- Summary
8. Accounting
- HDFS Audit Logs
- MapReduce Audit Logs
- YARN Audit Logs
- Hive Audit Logs
- Cloudera Impala Audit Logs
- HBase Audit Logs
- Accumulo Audit Logs
- Sentry Audit Logs
- Log Aggregation
- Summary
III. Data Security
9. Data Protection
- Encryption Algorithms
- Encrypting Data at Rest
  - Encryption and Key Management
  - HDFS Data-at-Rest Encryption
    - Configuration
    - KMS authorization
    - Client operations
  - MapReduce2 Intermediate Data Encryption
  - Impala Disk Spill Encryption
  - Full Disk Encryption
  - Filesystem Encryption
  - Important Data Security Consideration for Hadoop
- Encrypting Data in Transit
  - Transport Layer Security
    - Generating a new certificate
    - SSL/TLS handshake
  - Hadoop Data-in-Transit Encryption
    - Hadoop RPC Encryption
    - HDFS data transfer protocol encryption
    - Hadoop HTTP encryption
    - Encrypted shuffle and encrypted web UI
- Data Destruction and Deletion
- Summary
10. Securing Data Ingest
- Integrity of Ingested Data
- Data Ingest Confidentiality
  - Flume Encryption
  - Sqoop Encryption
- Ingest Workflows
- Enterprise Architecture
- Summary
11. Data Extraction and Client Access Security
- Hadoop Command-Line Interface
- Securing Applications
- HBase
  - HBase Shell
  - HBase REST Gateway
  - HBase Thrift Gateway
- Accumulo
  - Accumulo Shell
  - Accumulo Proxy Server
- Oozie
- Sqoop
- SQL Access
  - Impala
    - Using Impala with Kerberos authentication
    - Using Impala with LDAP/Active Directory authentication
    - Using SSL wire encryption with Impala
  - Hive
    - Using HiveServer2 with Kerberos authentication
    - Using HiveServer2 with LDAP/Active Directory authentication
    - Using HiveServer2 with pluggable authentication
    - HiveServer2 over-the-wire encryption
- WebHDFS/HttpFS
- Summary
12. Cloudera Hue
- Hue HTTPS
- Hue Authentication
  - SPNEGO Backend
  - SAML Backend
  - LDAP Backend
- Hue Authorization
- Hue SSL Client Configurations
- Summary
IV. Putting It All Together
13. Case Studies
- Case Study: Hadoop Data Warehouse
  - Environment Setup
  - User Experience
  - Summary
- Case Study: Interactive HBase Web Application
  - Design and Architecture
  - Security Requirements
  - Cluster Configuration
  - Implementation Notes
  - Summary
Afterword
- Unified Authorization
- Data Governance
- Native Data Protection
- Final Thoughts
Index

pokaż cały spis treści