This is the ultimate security key for professionals.
This gallery contains a list of the technologies that have been many times at the heart of a large number of data breaches incidents in the past few years.
Kibana is a software package that works as a visual interface (GUI) for viewing ElasticSearch data. It is almost always installed with ElasticSearch clusters.
Many of the security breaches reported as being caused by ElasticSearch are, in reality, caused by admins leaving the Kibana interface without a password, while the ElasticSearch server underneath is well-secured. The opposite scenario is also valid, where Kibana has a password, but the ElasticSearch server is left wide open on the internet.
It's hard to distinguish post factum which of the ElasticSearch breaches were caused by Kibana and which by the ElasticSearch. We created a separate slide to make sure ElasticSearch server owners understand that they also need to make sure they password-protect their Kibana apps as well as the ElasticSearch server that runs beneath it.
Caption by: Catalin Cimpanu
Join Discussion