Download presentation
Presentation is loading. Please wait.
Published byShon Fleming Modified over 9 years ago
1
Securing Redis with Sedona Will Urbanski #lascon2013
2
About Me Security Researcher Outdoor Enthusiast Tweet @willurbanski Blog/tools available @shakingrock.com #lascon2013
3
Today’s Talk Security in What you can do about it #lascon2013
4
Open-source data-structure server Key-value store – Lists – Hashes – Sorted sets Lightweight, fast & free http://redis.io #lascon2013
5
Redis Security Model “Redis is not designed for maximum security but rather maximum performance and simplicity” “Redis is designed to be accessed by trusted clients inside trusted environments” http://redis.io/topics/security #lascon2013
6
Commands Command-oriented, not query-oriented Not all commands are created equal #lascon2013
7
Safe Commands Read-only Single key usage Not resource intensive GET EXISTS LLEN TTL #lascon2013
8
Commands with Consequences Read or Write Single Key SET DEL LPOP EXPIRES #lascon2013
9
Dangerous Commands Affect multiple keys or entire service Impact availability if misused EVAL CLIENT KILL SAVE CONFIG SET #lascon2013
10
Commands That Will Ruin Your Weekend™ Impacts entire service Devastating if misused FLUSH FLUSHALL SHUTDOWN #lascon2013
11
#1 #lascon2013
12
Problem #1 There is no data control language All clients can access all commands #lascon2013
13
Command Renaming Rename dangerous commands! – SHUTDOWN can become cc23772aded8 Reduces Usability Ideally only authorized users should be able to run SHUTDOWN #lascon2013
14
#2 #lascon2013
15
Problem #2 Redis doesn’t really support authentication* #lascon2013
16
Redis Authentication AUTH command No multiuser support No ACLs (see problem #1) #lascon2013
17
#3 #lascon2013
18
Problem #3 Even if you could authenticate, you wouldn’t want to. Redis lacks encryption support #lascon2013
19
This is Okay Redis’ design focuses on performance and simplicity The Redis security model is transparent #lascon2013
20
Compensating Controls Authorization/Authentication Rename dangerous commands? AUTH command? Local-only w/ SSH? Confidentiality SSL Proxy (In Transit)? Wrap Redis libs (At Rest)? #lascon2013
21
An ideal solution would… Encrypt – Support SSL/TLS natively – Support key-value encryption Authenticate – Support user accounts – Support modular authentication – Log access – Support rate-limiting Authorize – Not require command renaming (security-through- obscurity) – Implement SQL’s DCL in a key- value domain Flexible command access Flexible key access Be Practical – Not impose unnecessary burdens Performance Administration – Be compatible with native clients #lascon2013
22
Sedona PoC application firewall for Redis Implements authentication, authorization and encryption enhancements Requires no changes to Redis core Python 2.7 w/ Twisted #lascon2013
23
Authentication Adds user parameter to AUTH command – AUTH Supports modular authentication Preserves native AUTH functionality – AUTH still works #lascon2013
24
Authorization Adds per-user access control lists Command- and key-based ACLs ACCEPT, and REJECT Returns native Redis err/success for compatibility #lascon2013
25
ACLs "rules": [ {"command": "set", "key": "test\\-*", "action”:"accept"}, {"command": "get", "key": "test\\-*", "action”:"accept"}, {"command": "ping", "action": "accept"}, {"command": "echo", "action": "accept"}, {"action": "reject"} ] #lascon2013
26
Encryption Adds SSL support CLI tool for using SSL #lascon2013
27
Use Cases Dev/Ops command segregation – Ops may require ‘SHUTDOWN’, ‘SAVE’, ‘CONFIG SET’ – Dev may require ‘SET’,’GET’, ‘LPOP’, … Key Enforcement Command blacklisting w/o renaming – SHUTDOWN, FLUSH, FLUSHALL #lascon2013
28
Deployment Strategies Inline Intercepts all traffic to server More secure More performance impacting Edge of Trusted Environment Only intercept untrusted traffic Less secure (you decide what’s trusted) Less performance impacting #lascon2013
29
Performance + Parsing + Authorizing + Tracking State = performance penalty #lascon2013
31
Demos Configuration Files Authentication Authorization #lascon2013
32
Wrapping Up Sedona is a tool that adds additional security to Redis installations If you find the tool useful, please contribute! #lascon2013
33
Q&A Fork Sedona @ GithubFollow me on Twitter #lascon2013
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.