Cloudera Data Science Workbench Gateway Host Security
The Cloudera Data Science Workbench master host stores all the critical, stateful, persistent data for a Cloudera Data Science Workbench deployment.
-
Disable untrusted SSH access to the Cloudera Data Science Workbench hosts. Cloudera Data Science Workbench assumes that users only access the gateway hosts through the web application. Users with SSH access to a Cloudera Data Science Workbench host can gain full access to the cluster, including access to other users' workloads. Therefore, untrusted (non-sudo) SSH access to Cloudera Data Science Workbench hosts must be disabled to ensure a secure deployment.
-
Tightly control root access via sudo.
-
Uninstall or disable any other unnecessary services running on the Cloudera Data Science Workbench gateway hosts.
-
Keep the hosts' operating system updated to avoid security vulnerabilities.
-
Monitor user login activity on the system.
Host Mounts
Cloudera Data Science Workbench allows site administrators to expose part of the host's file system into users' engine containers at runtime. This is done using the host mounts feature. It is worth noting that directories mounted using this feature are then available to all projects across the deployment. Use this feature with great care and ensure that no sensitive information is mounted.