Hadoop Security. Protecting Your Big Data Platform (ebook)(audiobook)(audiobook)

Spis treści

• Foreword
• Preface
  • Audience
  • Conventions Used in This Book
  • Using Code Examples
  • Safari Books Online
  • How to Contact Us
  • Acknowledgments
    • From Joey
    • From Ben
    • From Eddie
  • Disclaimer
• 1. Introduction
  • Security Overview
    • Confidentiality
    • Integrity
    • Availability
    • Authentication, Authorization, and Accounting
  • Hadoop Security: A Brief History
  • Hadoop Components and Ecosystem
    • Apache HDFS
    • Apache YARN
    • Apache MapReduce
    • Apache Hive
    • Cloudera Impala
    • Apache Sentry (Incubating)
    • Apache HBase
    • Apache Accumulo
    • Apache Solr
    • Apache Oozie
    • Apache ZooKeeper
    • Apache Flume
    • Apache Sqoop
    • Cloudera Hue
  • Summary
• I. Security Architecture
• 2. Securing Distributed Systems
  • Threat Categories
    • Unauthorized Access/Masquerade
    • Insider Threat
    • Denial of Service
    • Threats to Data
  • Threat and Risk Assessment
    • User Assessment
    • Environment Assessment
  • Vulnerabilities
  • Defense in Depth
  • Summary
• 3. System Architecture
  • Operating Environment
  • Network Security
    • Network Segmentation
    • Network Firewalls
      • Data movement
      • Client access
      • Administration traffic
    • Intrusion Detection and Prevention
  • Hadoop Roles and Separation Strategies
    • Master Nodes
    • Worker Nodes
    • Management Nodes
    • Edge Nodes
  • Operating System Security
    • Remote Access Controls
    • Host Firewalls
    • SELinux
  • Summary
• 4. Kerberos
  • Why Kerberos?
  • Kerberos Overview
  • Kerberos Workflow: A Simple Example
  • Kerberos Trusts
  • MIT Kerberos
    • Server Configuration
    • Client Configuration
  • Summary
• II. Authentication, Authorization, and Accounting
• 5. Identity and Authentication
  • Identity
    • Mapping Kerberos Principals to Usernames
      • The initial principal translation
      • The acceptance filter
      • The substitution command
    • Hadoop User to Group Mapping
      • Mapping users to groups using LDAP
    • Provisioning of Hadoop Users
  • Authentication
    • Kerberos
    • Username and Password Authentication
    • Tokens
      • Delegation tokens
      • Block access tokens
      • Job tokens
    • Impersonation
    • Configuration
      • HDFS
      • YARN
      • MapReduce (MR1)
      • Oozie
      • HBase
  • Summary
• 6. Authorization
  • HDFS Authorization
    • HDFS Extended ACLs
  • Service-Level Authorization
  • MapReduce and YARN Authorization
    • MapReduce (MR1)
    • YARN (MR2)
      • FairScheduler
      • CapacityScheduler
  • ZooKeeper ACLs
  • Oozie Authorization
  • HBase and Accumulo Authorization
    • System, Namespace, and Table-Level Authorization
    • Column- and Cell-Level Authorization
  • Summary
• 7. Apache Sentry (Incubating)
  • Sentry Concepts
  • The Sentry Service
    • Sentry Service Configuration
  • Hive Authorization
    • Hive Sentry Configuration
  • Impala Authorization
    • Impala Sentry Configuration
  • Solr Authorization
    • Solr Sentry Configuration
  • Sentry Privilege Models
    • SQL Privilege Model
    • Solr Privilege Model
  • Sentry Policy Administration
    • SQL Commands
    • SQL Policy File
    • Solr Policy File
    • Policy File Verification and Validation
    • Migrating From Policy Files
  • Summary
• 8. Accounting
  • HDFS Audit Logs
  • MapReduce Audit Logs
  • YARN Audit Logs
  • Hive Audit Logs
  • Cloudera Impala Audit Logs
  • HBase Audit Logs
  • Accumulo Audit Logs
  • Sentry Audit Logs
  • Log Aggregation
  • Summary
• III. Data Security
• 9. Data Protection
  • Encryption Algorithms
  • Encrypting Data at Rest
    • Encryption and Key Management
    • HDFS Data-at-Rest Encryption
      • Configuration
      • KMS authorization
      • Client operations
    • MapReduce2 Intermediate Data Encryption
    • Impala Disk Spill Encryption
    • Full Disk Encryption
    • Filesystem Encryption
    • Important Data Security Consideration for Hadoop
  • Encrypting Data in Transit
    • Transport Layer Security
      • Generating a new certificate
      • SSL/TLS handshake
    • Hadoop Data-in-Transit Encryption
      • Hadoop RPC Encryption
      • HDFS data transfer protocol encryption
      • Hadoop HTTP encryption
      • Encrypted shuffle and encrypted web UI
  • Data Destruction and Deletion
  • Summary
• 10. Securing Data Ingest
  • Integrity of Ingested Data
  • Data Ingest Confidentiality
    • Flume Encryption
    • Sqoop Encryption
  • Ingest Workflows
  • Enterprise Architecture
  • Summary
• 11. Data Extraction and Client Access Security
  • Hadoop Command-Line Interface
  • Securing Applications
  • HBase
    • HBase Shell
    • HBase REST Gateway
    • HBase Thrift Gateway
  • Accumulo
    • Accumulo Shell
    • Accumulo Proxy Server
  • Oozie
  • Sqoop
  • SQL Access
    • Impala
      • Using Impala with Kerberos authentication
      • Using Impala with LDAP/Active Directory authentication
      • Using SSL wire encryption with Impala
    • Hive
      • Using HiveServer2 with Kerberos authentication
      • Using HiveServer2 with LDAP/Active Directory authentication
      • Using HiveServer2 with pluggable authentication
      • HiveServer2 over-the-wire encryption
  • WebHDFS/HttpFS
  • Summary
• 12. Cloudera Hue
  • Hue HTTPS
  • Hue Authentication
    • SPNEGO Backend
    • SAML Backend
    • LDAP Backend
  • Hue Authorization
  • Hue SSL Client Configurations
  • Summary
• IV. Putting It All Together
• 13. Case Studies
  • Case Study: Hadoop Data Warehouse
    • Environment Setup
    • User Experience
    • Summary
  • Case Study: Interactive HBase Web Application
    • Design and Architecture
    • Security Requirements
    • Cluster Configuration
    • Implementation Notes
    • Summary
• Afterword
  • Unified Authorization
  • Data Governance
  • Native Data Protection
  • Final Thoughts
• Index

pokaż cały spis treści

ukryj recenzje