From vRealize - Cassandra Security Technical Implementation Guide
Part of SRG-APP-000383-DB-000364
Associated with: CCI-001762
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.
Review the Cassandra Server to ensure network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with the Ports, Protocols, and Services Management (PPSM) guidance are disabled.
Open the console to the server that Cassandra DB is hosted at and type: "find / | grep "cassandra.yaml"". Open "cassandra.yaml" file and review "start_rpc", "start_native_transport", and "native_transport_port" parameters values.
If "start_rpc" is not set to "false" and "start_native_transport" is not set to "true", this is a finding.
Run following command from the console of server, hosting Cassandra: "netstat -ntl | grep
Configure the Cassandra Server to disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with the Ports, Protocols, and Services Management (PPSM) guidance. Open the console to the server that Cassandra DB is hosted at and type: "find / | grep "cassandra.yaml"". Open "cassandra.yaml" file and modify "start_rpc parameter" value to "false", "start_native_transport parameter" value to "true" and "native_transport_port" parameter value to one in the range of approved ports, according to https://disa.deps.mil/ext/cop/iase/ppsm/Pages/cal.aspx document (default port is 9042).
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer