Overview of Security
Using Hadoop as an enterprise-level tool requires data protection and disaster recovery capabilities in the cluster. As the amount of enterprise-critical data that resides in the cluster increases, the need for securing access becomes just as critical.
Since data must be shared between nodes on the cluster, data transmissions between nodes and from the cluster to the client are vulnerable to interception. Networked computers are also vulnerable to attacks where an intruder successfully pretends to be another authorized user and then acts improperly as that user. Additionally, networked machines share the security vulnerabilities of a single node.
The MapR Converged Data Platform provides authentication, authorization, and encryption services to protect the data in your cluster. MapR leverages Linux pluggable authentication modules (PAM) to support the main authentication protocols out of the box. A MapR cluster can authenticate users through Kerberos, LDAP/AD, NIS, or any other service that has a PAM module.
For authorization, MapR provides Access Control Lists (ACLs) for job queues, volumes, and the cluster as a whole. Because MapR supports POSIX permissions on files and directories, MapR-FS performs permission checks on each file access. Other Hadoop distributions only check permissions on file open. MapR clusters also incorporate wire-level security (WLS) to encrypt data transmission for traffic within the cluster, as well as traffic between the cluster and client machines. MapR leverages the Hadoop Fair Scheduler to ensure fair allocation of resources to different users.
See Security Vulnerabilities for a list of known vulnerabilities.