The NoSQL ecosystem thrived on combining scalability and simplicity. That often meant taking short cuts around security and this legacy is still haunting many products. This talk uses Elasticsearch as an example and covers both the technical background as well as anecdotal evidence of past incidents. Finally, we also discuss current and future steps to get ahead of the curve while impacting the ease of use as little as possible.
The following are some assumptions, which helped the ease of use initially, but turned out to be less than perfect for security in the long run:
- Binding to all interfaces and broadcasting join requests to the whole subnet makes clustering incredibly simple.
- Running as root is the straight forward option.
- Using a general purpose programming language inside a datastore easily adds lots of features.
- Nobody would run ransomware against a NoSQL system.
- Guessing the content-type of a request is fine.
- Default passwords and cleartext password files are a reasonable tradeoff.
- Docker plays well with your security efforts.
- Security will not break your upgrade.
May 15 @ 13:15
13:15 — 13:45 (30′)