Securing Elasticsearch And Kibana

Vikash Selvin shows how to secure instances of Elasticsearch and Kibana:

The most popular options for securing Elasticsearch and Kibana are compared in the table below.

Shield is a security plugin developed by the same company that developed Elasticsearch. It allows you to easily protect this data with a username and password while simplifying your architecture. Advanced security features like encryption, role-based access control, IP filtering, and auditing are also available when you need them.

NGINX is an open source web server. It can act as a proxy server and can do load balancing, among other things. In combination with LUA and external scripts, it can be used for securing Elasticsearch and Kibana. We will be using this approach in this tutorial.

Searchguard is an open source alternative for Shield. It provides almost all the same functionalities as Shield, except for some features like LDAP authentication. However, these features are available in the paid variant.

Click through for a detailed NGINX setup.

Related Posts

The Basics Of Kafka Security

Stephane Maarek has a nice post covering some of the basics of securing an Apache Kafka cluster: Once your Kafka clients are authenticated, Kafka needs to be able to decide what they can and cannot do. This is where Authorization comes in, controlled by Access Control Lists (ACL).¬†ACL are what you expect them to be: […]

Read More

Flushing The Authentication Cache

Arun Sirpal describes an Azure SQL DB-only DBCC command: This command only applies to Azure SQL Database, at a high level it empties the database authentication cache for logins and firewall rules for the current USER database. In Azure SQL Database the authentication cache makes a copy of logins and server firewall rules which are […]

Read More


September 2016
« Aug Oct »