Security Management Overview
Couchbase Server can be rendered highly secure.
Couchbase Server Security
Couchbase Server can be rendered highly secure. System-areas available to be managed include:
-
Networked access, by administrators, users, and applications: Can be secured with TLS, using dedicated Couchbase Server-ports. Cipher-suites, TLS levels, and console-access can be individually managed. Networked communications between nodes within the cluster can also be secured: see Manage Node-to-Node Encryption, for details.
-
Authentication: Can be handled by passing credentials explicitly, or by means of client certificates. External (as well as Local) authentication-domains are supported: therefore, authentication-mechanisms based on Native LDAP, saslauthd, and PAM can be used. For the recommended process, see Configure LDAP.
-
Authorization: Couchbase Role-Based Access Control ensures that each authenticated user is checked for the system-defined roles (and, by due association, privileges) they have been assigned. This allows access to be granted or denied them, based on the type of system-resource they are trying to access, and the operation they wish to perform. Roles can be assigned by user and by group. For details, see Manage Users, Groups, and Roles.
-
Auditing: Can be enabled on actions performed on Couchbase Server, so that reviews can occur. See Manage Auditing,
-
Certificates: These can be defined and established for the cluster. Additionally, certificates presented by clients attempting server-access can be permitted. See Manage Certificates.
-
Logs: These can be redacted, ensuring that no private information is shared. Information is provided in Manage Logging.
-
Sessions: Can be configured for termination following periods of user-inactivity. This is described in Manage Sessions.
See the navigation panel at the left, for details of additional management procedures documented in this section.
Security Checklist
The security checklist below should be reviewed and used in the set-up and maintenance of a Couchbase-Server cluster.
Optionally, the checklist can be accessed as a PDF file.
Access control |
|
Secure Network Communication |
|
Secure Data Storage |
|
Limit Data Exposure |
|
Auditing |
|
Regular Review |
|