Apache Kafka Security

  1. Home
  2. Apache-kafka
  3. Apache Kafka Security

Tags: Apache Kafka

Hands-On Course - Kafka Security Setup in AWS with SSL Encryption & Authentication, SASL Kerberos, ACL in Zookeeper

Last updated 2022-01-10 | 4.6

- Setup and use SSL encryption in Kafka
- Setup and use SSL authentication in Kafka
- Setup and use SASL Kerberos authentication in Kafka

What you'll learn

Setup and use SSL encryption in Kafka
Setup and use SSL authentication in Kafka
Setup and use SASL Kerberos authentication in Kafka
Create and use ACLs in Kafka
Configure Kafka Clients to make them work with security
Configure Zookeeper Security

* Requirements

* Knowledge of Kafka + Setup is necessary
* Knowledge of Linux is necessary
* Mac / Linux computer or Windows 10 computer with Ubuntu Bash installed
* No prior knowledge of SSL
* SASL
* Kerberos is required
* Prior knowledge of AWS is preferred

Description

If you've struggled setting up Kafka Security, or can't make sense of the documentation, this course is for you

First of all, an insecure cluster is a big problem:

  • anyone can read / write to any topic, and this can lead to bad data or data leak

  • you don't know who is connected to your cluster

  • data isn't encrypted in flight and could be intercepted by hackers

In this course, you'll learn Kafka Security, with Encryption (SSL), Authentication (SSL & SASL), and Authorization (ACL).

Over 1800 students and 160 reviews later, we're convinced this course can save you a lot of time.

----------------------------

Kafka Security is important for the following reasons:

Encryption (SSL) for Apache Kafka

> Ensure data is securely transported from machine to machine
> Prevent MIDM (man-in-the-middle attacks) on your Kafka Cluster
> No more PLAINTEXT data going around in your network

Authentication (SSL & SASL) for Apache Kafka 

> Ensure only clients with credentials can access your clusters
> Give each of your clients a user-id, therefore enabling the possibility of controlling their access using ACL

Authorization (ACL) for Apache Kafka

> Ensure the clients can only read / write topics based on administrator rules
> Ensure clients cannot create / delete topics
> Provide the audit team the guarantee that the cluster is secure


Hands On & Theory Based Course

Note: This course only deals with SSL for encryption & Authentication and SASL Kerberos, not other mechanisms. It also does provide an overview to enable security in a multi-broker setup, but that last part is left for the student to investigate and practice. 

This course is the first and only available Kafka Security Course on the web. Get it now to become an Apache Kafka expert!

Section outline:

  1. Course Introduction: Let's learn why we need Security in Apache Kafka

  2. Kafka Setup: Quickly setup Kafka in AWS EC2 and test it, as a pre-requisite to setting up security on it

  3. SSL Encryption in Kafka: Setup a Certificate Authority and create certificates for your Kafka broker and Kafka client

  4. SSL Authentication in Kafka: Learn how to force clients to authenticate using SSL to connect to your Kafka Cluster

  5. SASL Authentication - Kerberos GSSAPI in Kafka: Setup Kerberos on an EC2 machine and create credentials for Kafka and Clients. 

  6. Authorization in Kafka: Learn how to enforce ACLs in Kafka and use the CLI to authorize clients. 

  7. Zookeeper Security: Learn how to secure Zookeeper using Kerberos


===============================

Instructor

My name is Stephane Maarek, and I'll be your instructor in this course. I teach about Apache Kafka, the Kafka ecosystem and Kafka Certifications with my focus always on helping my students improve their professional proficiencies. I am also the co-founder of Conduktor: an enterprise Apache Kafka platform & UI to help everyone use Kafka.

Throughout my career in designing and delivering these certifications and courses, I have already taught 1,000,000+ students and gotten 350,000+ reviews!

Gerd Koenig is one of the instructors of this course. He is an Apache Kafka Expert, and has done countless of production deployments and security setup at many of his clients. He will be taking the leads on all the Hands-On Lecture. 

With Apache Kafka becoming much more than a buzzword out there, I've decided it's time for students to properly learn how to be a Kafka professional. So, let’s kick start the course! You are in good hands!

===============================

This Course Also Comes With:

  • Lifetime Access to All Future Updates

  • A responsive instructor in the Q&A Section

  • Links to interesting articles, and lots of good code to base your next applications onto

  • Udemy Certificate of Completion Ready for Download

This is the course that could improve your career!

Apache Kafka is a skill in high demand and there are not enough people to fulfill all the open positions. You can boost your income, take on new roles and fun challenges. Many of my students are now the Kafka experts of their companies! You can be the next!

I hope to see you inside the course!

=======================

Note: Looking for more advanced Kafka concepts? There are many volumes in the Apache Kafka Series:

  • Learn Kafka for Beginners v2 (great to start)

  • Kafka Connect Hands-On Learning

  • Kafka Streams for Data Processing

  • KSQL on ksqlDB - Hands On!

  • Kafka Cluster Setup & Administration

  • Confluent Schema Registry & Kafka REST Proxy

  • Kafka Security (SSL SASL ACL)

  • Kafka Monitoring and Operations

Happy learning!


Who this course is for:

  • Administrators who want to start setting up Kafka Security
  • Developers who want to learn which security settings to use in their programs
  • Solution Architects who want to learn how Kafka Security works

Course content

9 sections • 43 lectures

Course Introduction 3 lectures

Kafka Security Overview Preview 05:21

Course Structure + Pre-requisites Preview 02:38

About your Instructors Preview 01:42

Code Download & Setup 1 lectures

Code Download + Setup Preview 00:14

Kafka Setup 7 lectures

Section Objective Preview 01:13

Hands-On: Creating your EC2 Instance + SSH Preview 08:53

How to SSH Preview 00:07

Kafka + Zookeeper Setup Preview 08:03

Hands-On: Setup Kafka & Zookeeper Service Preview 10:09

Producer / Consumer test Preview 10:59

Kafka Setup Section Summary Preview 00:34

SSL Encryption in Kafka 8 lectures

The need for SSL Encryption Preview 03:31

What is SSL? Preview 05:27

SSL in Kafka Preview 01:09

Hands-On: Creating a Certificate Authority (CA) Preview 03:39

Hands-On: SSL Setup in Kafka Preview 16:16

Hands-On: SSL Setup for Clients Preview 11:08

Performance impact of SSL in Kafka Preview 01:04

SSL Encryption Section Summary Preview 00:40

SSL Authentication in Kafka 2 lectures

What is SSL Authentication? Preview 02:55

Hands-On: SSL Authentication Preview 13:21

SASL Authentication - Kerberos / GSSAPI in Kafka 8 lectures

What is SASL in Kafka? Preview 02:05

What is Kerberos? Preview 04:28

Frequent Kerberos Errors Preview 00:10

Hands-On Kerberos - Part 1: Setup EC2 Preview 13:29

Hands-On Kerberos - Part 2: Principals & Keytabs Preview 14:05

Hands-On Kerberos - Part 3: Kafka Configuration Preview 08:03

Hands-On Kerberos - Part 4: Client Configuration Preview 08:24

JAAS file / config Preview 00:20

Authorization in Kafka 3 lectures

ACLs in Kafka Preview 02:36

Hands-On: ACL demo Preview 18:33

ACLs Documentation Links Preview 00:15

Zookeeper Security 7 lectures

Zookeeper Security Introduction Preview 04:03

Zookeeper Create Principal Preview 05:31

Zookeeper Configure Kerberos Preview 07:15

Hands-On: ZNode General Preview 10:19

Zookeeper Authorisation Config Preview 06:59

Hands-On: Zookeeper SuperUser Preview 07:38

Zookeeper Security Migration Tool and Summary Preview 05:41

Next Steps 4 lectures

Cluster Security Preview 03:42

Congratulations Preview 01:03

THANK YOU! Preview 01:32

Bonus Lecture: Special Discounts!! Preview 01:05