![]() The Splunk platform installation package comes with a set of default certificates. ![]() When you secure your Splunk Enterprise infrastructure with certificates, and particularly when you use certificates that a verified third party certificate authority provides, your data is the most secure that it can be, and malicious actors that want access to it have a very hard time getting it.Ībout the default Splunk platform certificates If a malicious actor gets inside your network through your firewall, they can easily access machines inside the network, especially if you use the default certificates in your Splunk Enterprise deployment. Firewalls, if you use them, only provide protection from outside actors.You can increase that level of protection by obtaining and installing your own certificates. Splunk includes certificates with every installation, and while they are not proprietary to your specific application, they provide a basic level of protection from outside parties. It's important to secure your Splunk Enterprise and forwarding tier infrastructure for the following reasons: Why it is important to secure your Splunk Enterprise deployment with TLS certificates Invalid certificates prevent entities from communicating with one another securely, and can let outside parties read sensitive data as the entities transmit it. When a certificate is valid, communications between the two entities that use the certificate is secure. Typically, certificates last anywhere from 90 days to 1 year, but can be shorter or longer. ![]() When the validity of the certificate expires, you must replace it with a new certificate. Typically, a CA signs a certificate for a specific domain name or group of domain names.įor increased security, all certificates have a finite time in which they are valid. Each instance in a Splunk platform deployment has at least one certificate, but can have many depending on the functions that the instance performs.Ī certificate authority (CA) issues and signs the certificates, which adds a layer of authenticity to the certificates by proving the identity of the certificate owner. They let these entities prove to each other that they are who they say they are. Digital certificates are files that let entities that communicate using TLS to safely establish connections and encrypt data between one another. TLS is also an important part of Splunk platform deployments that you manage.Ī large part of how TLS works is the digital certificate. Splunk uses TLS extensively with every Splunk Cloud Platform instance. Splunk uses TLS to ensure that communications between Splunk platform instances, including Splunk Web, are protected from potential malicious actors. It provides for confidentiality and authentication and data integrity protections for that communication. TLS is a communications protocol that lets two computers, applications, or computing processes communicate securely and privately over a network. Read this topic to learn what TLS is, how TLS certificates work, and how to set up and configure certificates in the Splunk platform instances that you manage directly.Ībout transport layer security and how the Splunk platform uses it Whether the external deployment is a Splunk Enterprise instance or cluster, or is a tier of forwarders that sends data to Splunk Cloud Platform, you are responsible for securing connectivity between those Splunk components. While Splunk manages certificates on Splunk Cloud Platform, and provides certificates for forwarders to connect to SCP to send data, it isn't possible for Splunk to protect an external deployment. Introduction to securing the Splunk platform with TLSįor the highest level of security in your Splunk platform deployment, you must secure communications between Splunk platform instances that you manage with Transport Layer Security (TLS) technology.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |