Securing an Anzo Environment
This topic lists the recommended procedures to follow to strengthen the security of Anzo environments.
- Set Up Firewall Rules
- Replace the Default Self-Signed Certificate with a Trusted Certificate
- Use Query Contexts to Store Sensitive Information for GDI Queries
Set Up Firewall Rules
In order to protect the environment from malicious systems and prevent man-in-the-middle attacks or leaking of data source credentials, firewall rules should be configured for the Anzo network. Rules should allow outbound connections only to trusted data sources and services. For information about the ports that need to be opened for inbound and outbound connections to support normal operations, see Firewall Requirements in Anzo Requirements.
Replace the Default Self-Signed Certificate with a Trusted Certificate
Anzo installations include a self-signed certificate that can be replaced with your own trusted file. For instructions on replacing the default certificate, see Replacing the Anzo Certificate.
Use Query Contexts to Store Sensitive Information for GDI Queries
When you connect to data sources with Graph Data Interface (GDI) queries, you may be required to include sensitive connection and authorization information such as keys, tokens, and user credentials. When configuring data layers or steps, Cambridge Semantics strongly recommends that you store all sensitive connection and authorization values in a Query Context and then refer only to the context keys in GDI queries. Values in Query Contexts are abstracted from the requests that are sent to the data source and AnzoGraph. Any values that are specified directly in a query are transmitted as part of the request. For details about Query Contexts, see Using Query Contexts in Queries.