Duration 01:00:37
16+
Play
Video

Apache Knox - Hadoop Security Swiss Army Knife

Krishna Pandey
Staff Software Engineer at Hortonworks
  • Video
  • Video
DataWorks Summit Barcelona 2019
March 21 2019, Barcelona, Spain
DataWorks Summit Barcelona 2019
Video
Apache Knox - Hadoop Security Swiss Army Knife
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
1.03 K
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Discussion

About speakers

  • Krishna Pandey
    Staff Software Engineer at Hortonworks
  • Larry McCay
    Senior Development Manager and Architect - Security at Cloudera
I have been fortunate enough to work with some of the best talent in the software industry for the majority of my career.

While consistently working on cutting edge and emerging technologies, I've maintained the ability and focus to deliver product.

A committer on Apache Knox, Hadoop, Ranger, Metron and contributor to others, I am focused on security aspects of the entire Hadoop ecosystem.

About the talk

While traditional on-prem systems have always been a target from internal and external attackers, recent times have seen increased attacks on Hadoop cloud deployments. Hadoop systems are going to be increasingly targeted due to the large volume of data that it stores. Many Hadoop installations on cloud are publicly accessible without any security measures which pose threat to exfiltration of large datasets and possibly crypto-mining on this infrastructure with its huge distributed compute capability.

Apache Knox provides multiple layers of security related to authentication, service-level authorization and web application security controls out of the box for multiple Hadoop components.

Apache Knox provides configuration to prevent common OWASP Top 10 security risks e.g. Cross-site Request Forgery (CSRF), Cross Site Scripting (XSS), MIME Content Type sniffing, Clickjacking, etc. We will also discuss controls like HTTP Strict Transport Security which prevents SSL Downgrade attacks and CORS filter for allowing applications to make cross domain requests only to specifically allowed hosts through XHR. Support to include/exclude Cipher suites and exclude SSL protocols enables compliance with hardening guidelines provided by CIS for application servers.

Knox has several supported authentication mechanisms with Kerberos underneath e.g. LDAP over SSL, AD, PAM based auth for Unix users, integration with Identity Providers like Okta, etc. Also, capabilities like Trusted Proxy, Single Sign-On auth, Hostmap Provider, Identity Assertion Provider, Client Authentication enhances the overall security posture.

We will also cover the typical kill-chain methodology tailored to Hadoop ecosystem which will help formulate the preventive measures against future compromises.

Share

Cackle comments for the website

Buy this talk

Access to the talk «Apache Knox - Hadoop Security Swiss Army Knife»
Available
In cart
Free
Free
Free
Free
Free
Free

Video

Get access to all videos “DataWorks Summit Barcelona 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Similar talks

Owen O'Malley
Founder and Technical Fellow at Cloudera
Srikanth Venkat
Senior Director, Product Management at Hortonworks Inc
Available
In cart
Free
Free
Free
Free
Free
Free
Srikanth Venkat
Senior Director, Product Management at Hortonworks Inc
Madhan Neethiraj
Sr. Director - Engineering at Hortonworks
Available
In cart
Free
Free
Free
Free
Free
Free
Michael Ger
General Manager, Manufacturing and Automotive at Hortonworks
Sanjay Kumar
Head Marketing - APAC & MEA at Cvent - Global Leader in Event Management Software ( Cloud Based )
Available
In cart
Free
Free
Free
Free
Free
Free

Buy this video

Video

Access to the talk 'Apache Knox - Hadoop Security Swiss Army Knife'
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
415 conferences
16683 speakers
6007 hours of content