Security

Secure splunk enterprise cluster deployment with SSL / mutual TLS

vtalanki
Path Finder

Hi,

We are deploying splunk enterprise in aws and we want to know how and which all components to be ssl secured.

Few points about our cluster and we have to bind with these constraints

  1. There are no forwarders. ( I see splunk recommend to use forwarders but we choose other route) and so no deployment server
  2. HEC is enabled in indexers and our java based application sends data to hec indexers.
  3. Out company provides all required certs for ssl and we have to use these certs

Our sample cluster would be something like 3 search heads in SHC, 1 cluster/license master, 7 indexers in indexer cluster and a deployer

Here are my few questions about securing different components of our cluster

  1. Following https://docs.splunk.com/Documentation/Splunk/7.3.3/Security/SecureSplunkWebusingasignedcertificate to secure splunk web(search heads) with own certs. Do we need to still perform this step if we have our search head cluster fronted by a https load balancer.If yes, any detailed explanation would be helpful
  2. Do we need to have mutual TLS between Search heads in SHC and indexers in Indexer cluster? Since both are clusters, search heads communicates first with master and then with indexers. so how can we secure communication between shs and indexers with own certs?
  3. How to secure communication between our HEC indexers and the java based application? We are planning to have our HEC indexers fronted by a https load balancer. How to achieve secure communication in this regard with own certs?
  4. Is there any other channels that we need to secure with own certs apart from above?

I know these are big list of questions, but any help here will really help us build a secure cluster.
Any help is highly appreciated.
Thanks in Advance.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...