diff --git a/docs/reference/index.asciidoc b/docs/reference/index.asciidoc index 525b0e78a73d8..ea6f167f6bce7 100644 --- a/docs/reference/index.asciidoc +++ b/docs/reference/index.asciidoc @@ -18,8 +18,6 @@ include::setup/installing-xes.asciidoc[] include::setup/setup-xes.asciidoc[] -include::{xes-repo-dir}/security/configuring-es.asciidoc[] - include::setup/setup-xclient.asciidoc[] include::settings/configuring-xes.asciidoc[] @@ -63,6 +61,8 @@ include::rollup/index.asciidoc[] include::{xes-repo-dir}/watcher/index.asciidoc[] +include::security/index.asciidoc[] + include::rest-api/index.asciidoc[] include::commands/index.asciidoc[] diff --git a/docs/reference/security/index.asciidoc b/docs/reference/security/index.asciidoc new file mode 100644 index 0000000000000..bbdad50c4e16e --- /dev/null +++ b/docs/reference/security/index.asciidoc @@ -0,0 +1,18 @@ +[[secure-cluster]] += Secure a cluster + +[partintro] +-- +The {stack-security-features} enable you to easily secure a cluster. You can +password-protect your data as well as implement more advanced security +measures such as encrypting communications, role-based access control, +IP filtering, and auditing. + +* <> +* <> + +-- + +include::{xes-repo-dir}/security/overview.asciidoc[] + +include::{xes-repo-dir}/security/configuring-es.asciidoc[] \ No newline at end of file diff --git a/x-pack/docs/en/security/overview.asciidoc b/x-pack/docs/en/security/overview.asciidoc new file mode 100644 index 0000000000000..c06f67b9e92f8 --- /dev/null +++ b/x-pack/docs/en/security/overview.asciidoc @@ -0,0 +1,63 @@ +[role="xpack"] +[[elasticsearch-security]] +== Security overview +++++ +Overview +++++ + +Security protects {es} clusters by: + +* <> + with password protection, role-based access control, and IP filtering. +* <> + with SSL/TLS encryption. +* <> + so you know who's doing what to your cluster and the data it stores. + +[float] +[[preventing-unauthorized-access]] +=== Preventing unauthorized access + +To prevent unauthorized access to your {es} cluster, you must have a +way to _authenticate_ users. This simply means that you need a way to validate +that a user is who they claim to be. For example, you have to make sure only +the person named _Kelsey Andorra_ can sign in as the user `kandorra`. The +{es-security-features} provide a standalone authentication mechanism that enables +you to quickly password-protect your cluster. If you're already using LDAP, +Active Directory, or PKI to manage users in your organization, the +{security-features} are able to integrate with those systems to perform user +authentication. + +In many cases, simply authenticating users isn't enough. You also need a way to +control what data users have access to and what tasks they can perform. The +{es-security-features} enable you to _authorize_ users by assigning access +_privileges_ to _roles_ and assigning those roles to users. For example, this +role-based access control mechanism (a.k.a RBAC) enables you to specify that the +user `kandorra` can only perform read operations on the `events` index and can't +do anything at all with other indices. + +The {security-features} also support IP-based authorization. +You can whitelist and blacklist specific IP addresses or subnets to control +network-level access to a server. + +[float] +[[preserving-data-integrity]] +=== Preserving data integrity + +A critical part of security is keeping confidential data confidential. +{es} has built-in protections against accidental data loss and +corruption. However, there's nothing to stop deliberate tampering or data +interception. The {stack-security-features} preserve the integrity of your +data by encrypting communications to and from nodes. For even +greater protection, you can increase the <>. + +[float] +[[maintaining-audit-trail]] +=== Maintaining an audit trail + +Keeping a system secure takes vigilance. By using {stack-security-features} to +maintain an audit trail, you can easily see who is accessing your cluster and +what they're doing. By analyzing access patterns and failed attempts to access +your cluster, you can gain insights into attempted attacks and data breaches. +Keeping an auditable log of the activity in your cluster can also help diagnose +operational issues.