This project focused on securing an Elasticsearch deployment on DigitalOcean that was exposed due to an open port (9200) without authentication. The issue posed a serious security risk, allowing unauthorized access to sensitive data. The solution involved reconfiguring the Elasticsearch setup, implementing authentication, and restricting external access.
Elasticsearch – Open-source search and analytics engine
Docker & Docker Compose – Containerization and orchestration
DigitalOcean – Cloud hosting provider
Nmap – Network scanning and security auditing
Bash (Linux CLI) – Server management and configuration
Identified Security Vulnerability: Used Nmap to scan for exposed ports and verify risk reports.
Updated Docker Configuration: Modified the docker-compose.yaml file to:
Change the external port mapping (9222:9200) to prevent direct exposure.
Enable built-in Elasticsearch security features (xpack.security.enabled=true).
Set a secure password for authentication.
Add a restart policy to ensure persistence across reboots.
Restarted & Verified Configuration: Applied changes, restarted the container, and tested authentication.
Securely Shared Access Details: Informed the team about the updated security measures.
Unsecured Port Exposure: Solution: Restricted access and changed the default port.
No Authentication Mechanism: Solution: Enabled xpack.security and enforced user authentication.
Configuration Persistence Issues: Solution: Implemented a restart policy in docker-compose.yaml.
This project reinforced best practices in cloud security, containerized application security, and access control management. It also highlighted the importance of regular vulnerability scanning and proactive threat mitigation.
Cloud Security Best Practices
Docker Configuration & Orchestration
Elasticsearch Security Hardening
Linux Server Administration
Network Security Auditing