描述
开 本: 16开纸 张: 胶版纸包 装: 平装-胶订是否套装: 否国际标准书号ISBN: 9787564168711
内容简介
随着越来越多的公司转向用Hadoop来存储和处理 他们*有价值的数据,系统被破坏的潜在风险也正以 指数级趋势增长。本·斯皮维、乔伊·爱彻利维亚* 的《Hadoop安全(影印版)(英文版)》这本实践图 书不仅向Hadoop管理员和安全架构师们展示了如何保 护Hadoop数据,防止未授权访问,也介绍了如何限制 攻击者在安全入侵过程中损坏和篡改数据的能力。
作者本·斯皮维与乔伊·爱彻利维亚提供了关于 Hadoop安全特性的深入信息,并将它们根据通常的计 算机安全概念重新组织整理。你还能获得演示如何将 这些概念应用到你自己的用例中的真实案例。
作者本·斯皮维与乔伊·爱彻利维亚提供了关于 Hadoop安全特性的深入信息,并将它们根据通常的计 算机安全概念重新组织整理。你还能获得演示如何将 这些概念应用到你自己的用例中的真实案例。
目 录
Foreword
Preface
1. Introduction
Security Overview
Confidentiality
Integrity
Availability
Authentication, Authorization, and Accounting
Hadoop Security: A Brief History
Hadoop Components and Ecosystem
Apache HDFS
Apache YARN
Apache MapReduce
Apache Hive
Cloudera Impala
Apache Sentry (Incubating)
Apache HBase
Apache Accumulo
Apache Solr
Apache Oozie
Apache ZooKeeper
Apache Flume
Apache Sqoop
Cloudera Hue
Summary
Part I. Security Architecture
2. Securing Distributed Systems
Threat Categories
Unauthorized Access/Masquerade
Insider Threat
Denial of Service
Threats to Data
Threat and Risk Assessment
User Assessment
Environment Assessment
Vulnerabilities
Defense in Depth
Summary
3. System Architecture
Operating Environment
Network Security
Network Segmentation
Network Firewalls
Intrusion Detection and Prevention
Hadoop Roles and Separation Strategies
Master Nodes
Worker Nodes
Management Nodes
Edge Nodes
Operating System Security
Remote Access Controls
Host Firewalls
SELinux
Summary
4. Kerberos
Why Kerberos?
Kerberos Overview
Kerberos Workflow: A Simple Example
Kerberos Trusts
MIT Kerberos
Server Configuration
Client Configuration
Summary
Part II. Authentication, Authorization, and Accounting
5. Identity and Authentication
Identity
Mapping Kerberos Principals to Usernames
Hadoop User to Group Mapping
Provisioning of Hadoop Users
Authentication
Kerberos
Username and Password Authentication
Tokens
Impersonation
Configuration
Summary
6. Authorization
HDFS Authorization
HDFS Extended ACLs
Service-Level Authorization
MapReduce and YARN Authorization
MapReduce (MR1)
YARN (MR2)
ZooKeeper ACLs
Oozie Authorization
HBase and Accumulo Authorization
System, Namespace, and Table-Level Authorization
Column- and Cell-Level Authorization
Summary
7. Apache Sentry (Incubating)
Sentry Concepts
The Sentry Service
Sentry Service Configuration
Hive Authorization
Hive Sentry Configuration
Impala Authorization
Impala Sentry Configuration
Solr Authorization
Solr Sentry Configuration
Sentry Privilege Models
SQL Privilege Model
Solr Privilege Model
Sentry Policy Administration
SQL Commands
SQL Policy File
Solr Policy File
Policy File Verification and Validation
Migrating From Policy Files
Summary
8. Accounting
HDFS Audit Logs
MapReduce Audit Logs
YARN Audit Logs
Hive Audit Logs
Cloudera Impala Audit Logs
HBase Audit Logs
Accumulo Audit Logs
Sentry Audit Logs
Log Aggregation
Summary
Part III. Data Security
9. Data Protection
Encryption Algorithms
Encrypting Data at Rest
Encryption and Key Management
HDFS Data-at-Rest Encryption
MapReduce2 Intermediate Data Encryption
Impala Disk Spill Encryption
Full Disk Encryption
Filesystem Encryption
Important Data Security Consideration for Hadoop
Encrypting Data in Transit
Transport Layer Security
Hadoop Data-in-Transit Encryption
Data Destruction and Deletion
Summary
10. Securing Data Ingest
Integrity of Ingested Data
Data Ingest Confidentiality
Flume Encryption
Sqoop Encryption
Ingest Workflows
Enterprise Architecture
Summary
11. Data Extraction and Client Access Security.
Hadoop Command-Line Interface
Securing Applications
HBase
HBase Shell
HBase REST Gateway
HBase Thrift Gateway
Accumulo
Accumulo Shell
Accumulo Proxy Server
Oozie
Sqoop
SQL Access
Impala
Hive
WebHDFS/HttpFS
Summary
12. Cloudera Hue
Hue HTTPS
Hue Authentication
SPNEGO Backend
SAML Backend
LDAP Backend
Hue Authorization
Hue SSL Client Configurations
Summary
Part IV. Putting It All Together
13. Case Studies
Case Study: Hadoop Data Warehouse
Environment Setup
User Experience
Summary
Case Study: Interactive HBase Web Application
Design and Architecture
Security Requirements
Cluster Configuration
Implementation Notes
Summary
Afterword
Index
评论
还没有评论。