Historically (right or wrong), it has been the assumption that a Cassandra cluster is something best run from a private, trusted, even dedicated network. As a result, reasonable security entails enabling various, often cumbersome features, on a case-by-case basis. For example, with little more than network access an attacker could stand up a rogue node and acquire read/write access to a cluster. Closing this vulnerability requires configuring the individual nodes for encryption and setting up a certificate-based trust chain. Other potential vulnerabilities exist, each requiring different steps to secure. It has been suggested that perhaps it would be simplest to just limit network accessibility to Cassandra services on an as-needed basis, using locally applied (puppet-managed) iptables rules.
I'd be interested in hearing what Operations view on this is. Is there any precedence here? Does this seem like a reasonable approach (iptables)? If not, what? Or perhaps the network is considered Trusted Enough in such cases?