Security Best Practices

A summary of best practices for securing Doradus and Cassandra configuration files, protocols, and data is provided below:

•	Doradus REST API: The REST API can be configured to use TLS (SSL), and it can restrict connections to those that provide a specific client-side certificate.

•	Doradus JMX API: The JMX API can be secured with authentication and/or TLS.

•	Doradus configuration files: The primary Doradus configuration file is doradus.yaml. This file and the log4j.properties file are stored in the folder {doradus_home}/config. These files should be considered sensitive and secured from unauthorized access.

•	Cassandra API: There are two application protocols for Cassandra: Thrift and CQL. Doradus can use either protocol and supports TLS for both protocols.

•	Cassandra JMX API: The Cassandra JMX protocol can be configured to require authorization and/or to encrypt data using TLS.

•	Cassandra Gossip API: This is inter-node communication protocol can be configured to use TLS for encryption. However, because of the high-volume nature of this protocol, encryption is not recommended except for cross-data center communication.

•	Cassandra configuration files: The primary Cassandra configuration file is cassandra.yaml. This file and other secondary configuration files are stored in the folder {cassandra_home}/conf. These files should be considered sensitive and secured from unauthorized access.

•	Cassandra data files: All application data is stored in Cassandra data files, which reside in various folders as described in the section Setting Cassandra Data File LocationsError! Reference source not found.. The data in these files is unencrypted and should be secured from unauthorized access.