Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

LASCON2013 presentation, “Securing Redis with

advertisement 
Securing Redis with Sedona
Will Urbanski
#lascon2013
About Me
• Security Researcher
• Outdoor Enthusiast
• Tweet @willurbanski
• Blog/tools available @shakingrock.com
#lascon2013
Today’s Talk
• Security in
• What you can do about it
#lascon2013
• Open-source data-structure server
• Key-value store
– Lists
– Hashes
– Sorted sets
• Lightweight, fast & free
• http://redis.io
#lascon2013
Redis Security Model
“Redis is not designed for maximum security but
rather maximum performance and simplicity”
“Redis is designed to be accessed by trusted
clients inside trusted environments”
• http://redis.io/topics/security
#lascon2013
Commands
• Command-oriented, not query-oriented
• Not all commands are created equal
#lascon2013
Safe Commands
• Read-only
• Single key usage
• Not resource intensive
GET
EXISTS
LLEN
TTL
#lascon2013
Commands with Consequences
• Read or Write
• Single Key
SET
DEL
LPOP
EXPIRES
#lascon2013
Dangerous Commands
• Affect multiple keys or
entire service
• Impact availability if
misused
EVAL
CLIENT KILL
SAVE
CONFIG SET
#lascon2013
Commands That Will Ruin Your
Weekend™
• Impacts entire service
• Devastating if misused
FLUSH
FLUSHALL
SHUTDOWN
#lascon2013
#lascon2013
Problem #1
There is no data control language
All clients can access all commands
#lascon2013
Command Renaming
• Rename dangerous commands!
– SHUTDOWN can become cc23772aded8
• Reduces Usability
• Ideally only authorized users should be able to
run SHUTDOWN
#lascon2013
#lascon2013
Problem #2
Redis doesn’t really support authentication*
#lascon2013
Redis Authentication
• AUTH command
• No multiuser support
• No ACLs (see problem #1)
#lascon2013
#lascon2013
Problem #3
Even if you could authenticate, you wouldn’t want to.
Redis lacks encryption support
#lascon2013
This is Okay
• Redis’ design focuses on
performance and
simplicity
• The Redis security
model is transparent
#lascon2013
Compensating Controls
Authorization/Authentication
• Rename dangerous
commands?
Confidentiality
• SSL Proxy (In Transit)?
• Wrap Redis libs (At Rest)?
• AUTH command?
• Local-only w/ SSH?
#lascon2013
An ideal solution would…
• Encrypt
• Authorize
– Support SSL/TLS natively
– Support key-value encryption
– Not require command
renaming (security-throughobscurity)
– Implement SQL’s DCL in a keyvalue domain
• Authenticate
– Support user accounts
– Support modular
authentication
– Log access
– Support rate-limiting
• Flexible command access
• Flexible key access
• Be Practical
– Not impose unnecessary
burdens
• Performance
• Administration
– Be compatible with native
clients
#lascon2013
Sedona
• PoC application firewall for Redis
• Implements authentication, authorization and
encryption enhancements
• Requires no changes to Redis core
• Python 2.7 w/ Twisted
#lascon2013
Authentication
• Adds user parameter to AUTH command
– AUTH <user> <password>
• Supports modular authentication
• Preserves native AUTH functionality
– AUTH <password> still works
#lascon2013
Authorization
• Adds per-user access control lists
• Command- and key-based ACLs
• ACCEPT, and REJECT
• Returns native Redis err/success for
compatibility
#lascon2013
ACLs
"rules": [
{"command": "set", "key": "test\\-*", "action”:"accept"},
{"command": "get", "key": "test\\-*", "action”:"accept"},
{"command": "ping", "action": "accept"},
{"command": "echo", "action": "accept"},
{"action": "reject"}
]
#lascon2013
Encryption
• Adds SSL support
• CLI tool for using SSL
#lascon2013
Use Cases
• Dev/Ops command segregation
– Ops may require ‘SHUTDOWN’, ‘SAVE’, ‘CONFIG
SET’
– Dev may require ‘SET’,’GET’, ‘LPOP’, …
• Key Enforcement
• Command blacklisting w/o renaming
– SHUTDOWN, FLUSH, FLUSHALL
#lascon2013
Deployment Strategies
Inline
• Intercepts all traffic to
server
Edge of Trusted Environment
• Only intercept untrusted
traffic
• More secure
• Less secure (you decide
what’s trusted)
• More performance
impacting
• Less performance impacting
#lascon2013
Performance
+
+
+
=
Parsing
Authorizing
Tracking State
performance penalty
#lascon2013
Sedona Request Transit Times
100
90
80
70
SET
Time (ms)
60
GET
LPUSH
50
LPOP
Linear (SET)
40
Linear (GET)
Linear (LPUSH)
30
Linear (LPOP)
20
10
0
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
Percent of Requests (%)
#lascon2013
70.00%
80.00%
90.00%
100.00%
Demos
• Configuration Files
• Authentication
• Authorization
#lascon2013
Wrapping Up
• Sedona is a tool that adds additional security
to Redis installations
• If you find the tool useful, please contribute!
#lascon2013
Q&A
Fork Sedona @ Github
Follow me on Twitter
#lascon2013
Related documents
Redis (Remote dictionary server)
Redis (Remote dictionary server)
Homework1
Homework1
nosqlredis
nosqlredis
CSC-557 Cassandra Report
CSC-557 Cassandra Report
Automobile Computer Security
Automobile Computer Security
Abacus WorkLite Sales PresoJan2014Bangladesh
Abacus WorkLite Sales PresoJan2014Bangladesh
Basic vi Commands Presentation
Basic vi Commands Presentation
Chapter 11 HW
Chapter 11 HW
Documentation
Documentation
MANDATOS FORMALES
MANDATOS FORMALES
Design for Human Computer Interaction
Design for Human Computer Interaction
LECTURE 27 Python and Redis
LECTURE 27 Python and Redis
Evaluation and Analysis of In-Memory Key-Value Systems
Evaluation and Analysis of In-Memory Key-Value Systems
Understanding the Top 5 Redis Performance Metrics
Understanding the Top 5 Redis Performance Metrics
redis
redis
how-to-manage-a-redis-database
how-to-manage-a-redis-database
jwts-not-safe-e-book
jwts-not-safe-e-book
Redis For Dummies
Redis For Dummies
Download
advertisement