Open in app

Sign in

Write

Sign in

Securing Kibana and ElasticSearch in multi-user and High availability environment

Gopi Narayanaswamy
2 min readDec 2, 2019

--

Kibana and ElasticSearch:

  • Open-sourced monitoring tools developed by Elastic
  • ElasticSearch is a lucene based scalable search engine.
  • Elasticsearch is a real-time distributed and open source document based, full-text search and analytics engine
  • Kibana is a visualization tool for ElasticSearch and provides a web interface with variety ways of visualization.

Current Challenge with Open source

  • Kibana and ElasticSearch lack access control feature
  • Multiple users/groups use single Kibana and ElasticSearch
  • Any user can access to all ElasticSearch data

There is no in-built Access and Authorization solution available

Implementing the Solution

Some security features are now free with the basic version, but there are few security related issues still open

The new version contains below security features

  • TLS for encrypted communications
  • File and native realm for creating and managing users
  • Role-based access control for controlling user access to cluster APIs and indexes; also allows multi-tenancy for Kibana with security for Kibana Spaces

Implementing security feature like Authorized access, restricting anonymous access

Shield –

  • Security plugin developed by the same company that developed Elasticsearch
  • Easily protect this data with a username and password while simplifying your architecture
  • Advanced security features like encryption, role-based access control, IP filtering, and auditing are also available

NGINX -

Open source web server, act as a proxy server and can do load balancing, among other things. In combination with LUA and external scripts, it can be used for securing Elasticsearch and Kibana.

Searchguard -

Open source alternative for Shield, provides almost all the same functionalities as Shield, except for some features like LDAP authentication. However, these features are available in the paid variant.

Restricting Kibana Dashboard

Issue –

All user’s dashboards are stored in the same index

Solution:

Create role based index,

for example, user01 — Create .kibana_user01 index & user02 .kibana_user02

Also group based Kibana index separation

Elasticsearch
Kibana

--

--

Gopi Narayanaswamy
Gopi Narayanaswamy

Written by Gopi Narayanaswamy

42 Followers
2 Following

Cloud and Security Consultant — More details — https://www.gopithecheeta.com & https://www.linkedin.com/in/gopi-narayanaswamy-179169ba/

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams