Jump to main content
DataStax LunaEnterprise Support for Apache Cassandra  —  Start a Free 30-Day Trial Now.
About DSE Advanced Security
An overview of DataStax Enterprise security features.
Security FAQs
DataStax Enterprise security features frequently asked questions.
Lists of security measures required for protecting a DataStax Enterprise database.
Database security checklist
Secure transactional nodes using DataStax Enterprise security features.
Search security checklist
Securing DSE Search.
Analytics security checklist
Securing DSE Analytics.
Graph security checklist
Secure DSE Graph data completely or partially using DataStax Enterprise security features.
To fully protect your data, ensure that your network is secure and temporary files are secure.
Securing ports
Lock down all unnecessary ports, and create IP security rules that allow internode and client communications.
Securing the TMP directory
Map JNA to a different executable directory before mounting the TMP directory with the noexe flag.
Configure role based access control and set up permissions on database resources.
Configuring authentication and authorization
Detailed steps to enabled authentication and authorization in a DataStax Enterprise environment.
Managing database access
How to set up Role Based Access Control (RBAC) .
Providing credentials from DSE tools
How to provide credentials when connecting to the database from a DataStax Enterprise tool.
Capture DataStax Enterprise database activity to a log file or table.
Enabling database auditing
Capture DataStax Enterprise database activity to a log file or table.
Capturing DSE Search HTTP requests
Enable auditing for the Apache Solr™ HTTP API to record HTTP requests.
Log formats
DataStax Enterprise writes events to the log file using pipe-delimited name/value pairs.
View events from DSE audit table
Use CQL queries to view events captured in the dse_audit.audit_log table.
Configure transparent data encryption (TDE) on sensitive data stored in tables and in configuration files.
About Transparent Data Encryption
Protects sensitive at-rest data stored in configuration files, database tables and SSTable indexes.
Configuring local encryption
Use locally stored symmetric encryption keys to protect sensitive system resources, configuration file properties, search indexes, and/or database tables.
Configuring KMIP encryption
Protect sensitive data using encryption keys from a remote KMIP (Key Management Interoperability Protocol).
Encrypting Search indexes
DSE Search index encryption shares the setup with SSTable encryption.
Migrating encrypted tables from earlier versions
Encrypted tables require specific actions to migrate to later versions of DataStax Enterprise.
Bulk loading data between TDE-enabled clusters
Bulk loading data between TDE-enabled clusters requires the correct deployment of encryption keys.
Securing data inflight for DataStax Enterprise components.
Steps for configuring SSL
Securing data in-flight on DataStax Enterprise.
Creating SSL certificates, keystores, and truststores
Guidelines for creating and configuring SSL dependencies.
Securing node-to-node connections
Node-to-node (internode) encryption protects data in-flight between database nodes in a cluster.
Securing client-to-node connections
Use SSL to secure connections from a client node to the coordinator node.
Enabling SSL encryption for DSEFS
DSEFS can use SSL encryption.
Reference: SSL instruction variables
Variables used throughout the SSL instructions.
Securing Spark connections
Communication between Spark applications and transactional nodes, masters and workers, and intercommunication between Spark drivers and executors can be encrypted.