2. PRESENTED
BY
1 New Security Features in Redis 6.0 Release Candidate.
Discussion of the paradigm shifts in the ways you can secure Redis OSS.
2 Use Cases for Access Control Lists (ACLs)
Describe possible use cases for ACLs & create an open-discussion to facilitate brainstorming of
additional use cases
3 ACL Demo
Demonstration of the new access control list features in ACLs along with use cases
Agenda:
3. PRESENTED
BY
New Security Features: Redis 6 Open Source Release Candidate
Out of the box Encryption in Transit
Key Space and Command Restrictions
Multiple Access Control List Users
4. PRESENTED
BY
Redis ACLs allow users to facilitate access strategies based on key design.
• ACLs allow users to enhance operational security by defining what a user is
allowed to access.
– Tags, Classifications, Labels (~<pattern>:*) assign labels for access.
Design Data Security Labels with Key Restrictions
Key = secret:users:u123:password
5. PRESENTED
BY
Labels for Key Restrictions (Demo)
Label Redis Key Value ACL Rule
Secret secret:users:1:password 5f4dcc3b5aa765d6
1d8327deb882cf99
~secret:*
Secret secret:users:2:ccn 489-36-8350 ~secret:*
Public public:users:1:username Itamar ~public:*
Redis ACLs can be used to facilitate discretionary and mandatory access controls
Fake Data Source:
https://dlptest.com/sample-data/
User Access
serviceaccount ~secret:* ~public:* ~@secret:* ~@public:* -@all +set +get
admin +@admin (No Key Permissions only admin)
useraccount ~public:* +@all -@dangerous -@admin
>ACL WHOAMI
"useraccount"
> get secret:users:1:password
(error) NOPERM this user has no permissions to access
one of the keys used as arguments
>ACL WHOAMI
“serviceaccount”
>get secret:users:1:password
“"5f4dcc3b5aa765d61d8327deb882cf99"
6. PRESENTED
BY
Redis ACLs allow users to facilitate access strategies based on key design.
• Compromise Path = New User Backdoor > Keys or Scan > Type > Goodies
>acl whoami
“default”
>acl setuser backdoor on >pwnd ~* +@all
>keys *
>type secret:users:1:password
“string”
>get secret:users:1:password
• To err is to be human - planning helps!
ACL Command Restrictions Enable Operational Security