I’ve uploaded a copy of my LASCON2013 presentation, “Securing Redis with Sedona”.
I’ll be speaking at LASCON2013 about Redis. My talk, titled ‘Securing Redis with Sedona‘, will discuss how to keep Redis rugged by delving into the Redis security model and a tool I developed to help make secure remote Redis access feasible.
Here’s the brief:
Redis is an open-source network-based key-value store. Similar to memcached, Redis allows developers to store and retrieve strings, lists, sets, and hashes rapidly and at scale. Redis helps power a number of popular open-source applications and websites including Twitter, Craigslist, Instagram and Flickr.
The Redis security model states that Redis should only be run in a trusted environment and accessed by trusted clients. As a result Redis does not include many of the native security features that developers have come to expect from network-based storage solutions. Traditional security features found in similar storage solutions, like relational databases, include the ability to authenticate and authorize clients, or provide encryption for network communications. These features are non-existent or partially implemented in Redis, making it impossible to enforce security policy or isolate access for unique applications that utilize the same datastore.
To address these issues I developed Sedona, an application firewall for Redis. Sedona functions as a context-aware firewall for Redis that gives administrators granular control over commands and provides key-level access restrictions for Redis objects. Sedona also improves upon the existing authentication support in Redis by adding support for modular authentication and per-use access control lists.
In this talk we’ll examine the Redis security model as well as security features that are available natively in Redis. Next we will introduce Sedona, an open-source application firewall that I have developed for Redis. We’ll cover use cases for Sedona, administration, configuration, and the performance implications it has on access to Redis.