5.1 Inter-node Encryption

Information

Cassandra offers the option to encrypt data in transit between nodes on the cluster. By default, inter-node encryption is turned off.

Rationale:
Data being transferred on the wire should be encrypted to avoid network snooping, whether legitimate or not.

Solution

The inter-node encryption should be implemented before anyone accesses the Cassandra server.

To enable the inter-node encryption mechanism:

Stop the Cassandra database.
If not done so already, build out your keystore and truststore.
Modify cassandra.yaml file to modify/add entry for internode_encryption: set it to all
Start the Cassandra database.

Default Value:
internode_encryption: none

References:
http://cassandra.apache.org/doc/latest/operating/security.html

See Also

https://workbench.cisecurity.org/files/2309

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CSCv7|14.4

Plugin: Unix

Control ID: 6232be9a908ca5a3e142a1580616b6647ad50db8042a39f3c73dbbd490e46e51