Author Archives: Michael Yoder

Cloudera’s Process for Handling Security Vulnerabilities

Categories: General Platform Security & Cybersecurity

Cloudera considers the handling and reporting of security vulnerabilities a very serious matter. In this post, learn the processes involved.

In addition to expecting enterprise-class standards for stability and reliability, Cloudera’s customers also have expectations for industry-standard processes around the discovery, fix, and reporting of security issues. In this post, I will describe how Cloudera addresses such issues in our software.

An overview of the process looks like this flowchart:

secalert-f1

The first step in the life cycle of a security vulnerability is that it is discovered and reported to Cloudera.

Read more

Quality Assurance at Cloudera: Static Source-Code Analysis

Categories: Testing

In this first installment of a multi-part series about Cloudera’s multi-step QA process for CDH releases, learn about the role of static source-code analysis in this strategy.

There are many different ways to examine software for quality and security in software development. Design reviews; code reviews; unit tests; fault injection; system, scale, and endurance tests; and validation on real workloads all play a part in ensuring that code is of high quality,

Read more

New in CDH 5.4: Sensitive Data Redaction

Categories: CDH Cloudera Manager Platform Security & Cybersecurity

The best data protection strategy is to remove sensitive information from everyplace it’s not needed.

Have you ever wondered what sort of “sensitive” information might wind up in Apache Hadoop log files? For example, if you’re storing credit card numbers inside HDFS, might they ever “leak” into a log file outside of HDFS? What about SQL queries? If you have a query like select * from table where creditcard = ‘1234-5678-9012-3456’,

Read more

For Apache Hadoop, The POODLE Attack Has Lost Its Bite

Categories: CDH Cloudera Manager Hadoop Platform Security & Cybersecurity

A significant vulnerability affecting the entire Apache Hadoop ecosystem has now been patched. What was involved?

By now, you may have heard about the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack on TLS (Transport Layer Security). This attack combines a cryptographic flaw in the obsolete SSLv3 protocol with the ability of an attacker to downgrade TLS connections to use that protocol. The result is that an active attacker on the same network as the victim can potentially decrypt parts of an otherwise encrypted channel.

Read more

New in CDH 5.2: Impala Authentication with LDAP and Kerberos

Categories: CDH Impala Platform Security & Cybersecurity

Impala authentication can now be handled by a combination of LDAP and Kerberos. Here’s why, and how.

Impala, the open source analytic database for Apache Hadoop, supports authentication—the act of proving you are who you say you are—using both Kerberos and LDAP. Kerberos has been supported since release 1.0, LDAP support was added more recently, and with CDH 5.2, you can use both at the same time.

Using LDAP and Kerberos together provides significant value;

Read more