Splunk will use OpenSSL internally as its SSL library, not much can be done about that. Can I use tools other than OpenSSL to manage keys and certificates? In a purely private environment, you will probably have better tools to control who is allowed to submit data to your indexers. So he had to open his SSL data input to essentially anywhere, and used a client certificate as a simple way to keep entirely unassociated systems from forwarding data to his indexers. We gave an example of a colleague who had to accept data from AWS instances where they struggled to predict what IP addresses those systems were coming from. Because we recommend that all forwarders share a common certificate (the throwaway certificate), client identification of a forwarder really comes down to the rough question of “is this a box I generally trust or not?” A great example of where this might be valuable is a public cloud deployment. It really all depends on your environment. Why is SSL client authentication of forwarders worthwhile? There were several fantastic questions raised during the talk that I’d like to answer here before I forget them. If this talk was a success at all, it was entirely due to George. As a rookie presenter, I owe George a great deal of thanks for both convincing me to submit this talk and for helping me to prepare and present. Other that some audio problems (sorry!), I thought the session went very well.
SPLUNK .CONF INSTALL
George Starcher and I spoke on configuring Splunk’s various SSL options, with the goal of providing a cookbook with SSL configurations appropriate for moving from a POC/trial install into production.
This week I had the pleasure of speaking at Splunk.
0 kommentar(er)
