Developing Secure Arcgis Enterprise Solutions

DevelopingDeveloping SecureSecure ArcGISArcGIS EnterpriseEnterprise SolutionsSolutions

John Alsup Randy Jones Sam Juarez David Kaiser Wittaker Mathot Rand Woolley OverviewOverview

•• WelcomeWelcome •• EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole •• DemoDemo IntroductionIntroduction •• ArcGISArcGIS ClientClient // ServerServer SecuritySecurity – Client / Server Demo •• ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity – Web Application Demo •• ArcGISArcGIS WebWeb ServicesServices SecuritySecurity – Web Services Demo •• QuestionsQuestions DevelopingDeveloping SecureSecure ArcGISArcGIS EnterpriseEnterprise SolutionsSolutions

SecuritySecurity isis notnot aa product,product, butbut aa process;process; notnot aa destination,destination, butbut aa journeyjourney

…. SQL Server Security Distilled, second edition, by Morris Lewis EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole Challenge

•• DynamicDynamic

– ID Vulnerabilities (Users, Software Developers, Hackers, etc) – US-CERT (http://www.us-cert.gov) Security Bulletins

– Exploit Vulnerabilities (Hackers) • Internet is a Endless Resource

– Security Patches (Software Providers) • Release Schedules – Monthly – Quarterly – As Needed EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole Challenge

AnAn unun--patchedpatched WindowsWindows PCPC connectedconnected toto thethe InternetInternet willwill ““survivesurvive”” forfor onlyonly 2929 minutesminutes beforebefore thethe machinemachine isis likelylikely compromisedcompromised byby malwaremalware..

(Source: Internet Storm Center, July, 2005 -- http://isc.sans.org ) EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole Challenge

• Many Methods of Attack – Malicious Code (Trojan Horses, Trap Doors, Logic Bombs) – Denial of Service (Render a system unusable) – Physical Attacks (Physical Access to system) – Buffer Overflows (Extra code placed in Buffer to perform actions) – Spamming (Unsolicited E-mail) – Brute Force (Attempting all possible password combinations) – The list goes on ……

• Historical View of Enterprise Security -- “The Soft Chewy Inside…” – Secure the Perimeter EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole Challenge

52%52% ofof SecuritySecurity ExecutivesExecutives saysay theythey havehave aa ““moatmoat andand castlecastle”” approachapproach toto networknetwork security,security, admittingadmitting thatthat onceonce thethe perimeterperimeter isis penetratedpenetrated thethe innerinner defensesdefenses areare soft.soft.

(Source: Preventsys, March 30, 2005) EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole Security Is Bigger Than Technology

•• EnterpriseEnterprise SecuritySecurity ProgramsPrograms – behavioral controls (policy) – procedural controls (process) – technological controls (technology)

•• SecuritySecurity IsIs PartPart ofof thethe OrganizationOrganization FabricFabric – CSO (Chief Security Officer) / CISO (Chief Information Security Officer)

60% of Security Breaches are Internal, but 70% of People are Worried about Hackers on the Outside (Source: San Diego Supercomputing Center) EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole Essential Enterprise Security Tasks

• Identify Risks (Risk Management)

• Identify Vulnerabilities (Vulnerability Management)

• Develop Controls

• Develop Business Continuity Plan (Document)

• Implement Controls

• Perform On-Going Risk Assessment (Verify)

• Document and Take Action

More than one-third (38 percent) of companies do not have comprehensive, integrated disaster recovery and business continuity plans in place. (Source: Veritas) EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole Risk Management

• Gartner Enterprise Risk Management (ERM) Framework

– Definition (formalize risk tolerance into policy) • Define Risk Categories (for example: technical, contractual, regulatory) • Determine Risk Levels (0-5 scale) • Determine Acceptable Risk Level (risk tolerance) • Acceptable risk levels for business units • Define Risk Levels and Categories as formal policy – Planning • Analysis – Risk Identification – Business Impact Analysis – Risk Classification • Mitigation – Avoid / Transfer / Mitigate / Accept – Management • Control (Measurable / Testable / Auditable / Enforceable) • Monitor (Event / Trend / Intelligence / Controls) – Report • Regulatory Compliance • Policy Compliance • Risk Dash boarding • Risk Benchmarking / Optimization EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole Hierarchy of Controls

•• StructureStructure YOURYOUR EnterpriseEnterprise ControlControl SetSet toto MitigateMitigate YOURYOUR RisksRisks – Security Controls (NIST 800-53 / ISO 17799) • National Institute of Standards and Technology (NIST 800- 53) • International Organization for Standardization (ISO 17799) – IT Controls (COBIT / Software Development Lifecycle) • COBIT – Compliance / Regulatory Controls (SOX / HIPPA) • Sarbanes-Oxley Act of 2002 (SOX) – Financial & Accounting Disclosure • Health Insurance Portability and Accountability Act of 1996 – Health Care Discrimination EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole Security Solutions Are Unique

•• IdentifyIdentify YOURYOUR EnterpriseEnterprise RisksRisks

•• DefineDefine YOURYOUR EnterpriseEnterprise ControlControl SetSet

•• ImplementImplement ReasonableReasonable andand AppropriateAppropriate ControlsControls

•• PerformPerform OnOn--GoingGoing RiskRisk AssessmentAssessment

•• Document,Document, Document,Document, DocumentDocument andand DocumentDocument EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole ESRI Role In Enterprise Security

•• EnsureEnsure ArcGISArcGIS softwaresoftware worksworks effectivelyeffectively withinwithin enterpriseenterprise architecturesarchitectures takingtaking fullfull advantageadvantage ofof theirtheir inherentinherent securitysecurity capabilities,capabilities, eithereither throughthrough ArcGISArcGIS featuresfeatures andand customcustom extensionsextensions oror throughthrough integrationintegration withwith thirdthird--partyparty components.components.

•• ArcGISArcGIS EnterpriseEnterprise Security:Security: DeliveringDelivering SecureSecure SolutionsSolutions –– JulyJuly 20052005 – http://www.esri.com/library/whitepapers/pdfs/arcgis-security.pdf – [email protected] EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole Defense-In-Depth

• ArcGIS Provides Enterprise Security: – Configuration – Integration with Security technologies – Secure Solution Development (Best Practices)

• Architectures – Client / Server – Web Application – Web Services

• Defense-In-Depth Approach OverviewOverview

•• JuneJune 2004,2004, 3030th G8G8 SummitSummit waswas heldheld onon SeaSea IslandIsland inin GlynnGlynn County,County, GAGA •• G8G8 ConsistsConsists ofof thethe LeadersLeaders ofof thethe worldworld’’ss majormajor IndustrialIndustrial DemocraciesDemocracies – Canada – France – Germany – Italy – Japan – Russia – United Kingdom – United States G8G8 SummitSummit Fictitious Scenario

•• MissionMission Objective:Objective: SupplySupply G8G8 SummitSummit SecuritySecurity PersonnelPersonnel andand OthersOthers withwith AccurateAccurate andand TimelyTimely EventEvent Data.Data.

•• LeverageLeverage EnterpriseEnterprise GISGIS toto provideprovide situationsituation awarenessawareness to:to: – Secret Service, FBI, Department of Defense, Federal/State/Local Law Enforcement, Medical, Foreign Dignitary Security Details G8G8 SummitSummit Fictitious Scenario

• Enterprise GIS Components

– Client / Server Application (Joint Operations Command) • RDBMS (Oracle 10g) – Data Repository • ArcSDE (9.1) – Spatial Database Engine • Geodatabase (9.1) – Management Repository for County GIS and Relevant Business Logic • ArcGIS Desktop (9.1) – Maintenance of Incident Data

– Web Application (G8 Support Operations) • Web Application (Java Integration Tool Kit) – User Interface • Web Application Server (Tomcat / IIS) – Brokers Transactions between users and applications • ArcIMS (9.1) – Delivery of dynamic incident maps

– Web Services (G8 Dignitary Operations) • Web Application Server (Tomcat / IIS) • Web Service (.Net) • ArcGIS Server (9.1) G8G8 SummitSummit Fictitious Scenario

•• ClientClient // ServerServer – Microsoft Active Directory Integration

– Fine Grained Access to ArcGIS Desktop Functionality based on Role Assignment G8G8 SummitSummit Fictitious Scenario

•• WebWeb ApplicationApplication – Secure Communications between Web Client / Server / ArcIMS

– Custom Web Application Content Based on Users Role in the Organization G8G8 SummitSummit Fictitious Scenario

•• WebWeb ServicesServices – Secure Web Service (WSE) Used To Assist in Network Analysis OverviewOverview

•• WelcomeWelcome •• EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole •• DemoDemo IntroductionIntroduction •• ArcGISArcGIS ClientClient // ServerServer SecuritySecurity – Client / Server Demo •• ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity – Web Application Demo •• ArcGISArcGIS WebWeb ServicesServices SecuritySecurity – Web Services Demo •• QuestionsQuestions ArcGISArcGIS ClientClient // SeverSever SecuritySecurity Security Controls

• ArcGIS Leverages Secure Functionality provided by underlying RDBMS (Configuration) • ArcObjects Provides Integration Capabilities (Flexible ArcGIS Framework – Interoperability) • Third-Party Security Mechanisms Act Independently of ArcGIS ArcGISArcGIS ClientClient // ServerServer SecuritySecurity Threats

•• SomeSome ClientClient // ServerServer ThreatsThreats – Spoofing: Accessing the system using a false identity – Tampering: Unauthorized modification of data – Information Disclosure: Unwanted exposure of private data – Elevation of Privilege: User with limited privileges assumes the identity of a privileged user to gain privileged access to an application. •• SomeSome AttackAttack MethodsMethods – “Sniffing” • Many free tools available: Ethereal, Linsniff, Snort – Brute Force – Social Engineering ArcGISArcGIS ClientClient // ServerServer SecuritySecurity Defense-In-Depth – Network

• Internal Network Based Attacks DO Occur – Essential to Identify the Risk and Mitigate Where Appropriate • Firewalls – Discuss In Greater Detail in Web Application/Web Services – ArcGIS Client / Server Considerations • Performance • Firewall Timeouts

DefaultDefault Deny: Deny: •Allow 5151 •Allow•Allow 5151 5151 •Allow RDBMS* •Allow•Allow RDBMS* RDBMS* ArcInfo ArcEditor ArcView

Firewall

ArcSDE / ArcEngine Database Server Secure Network ArcGISArcGIS ClientClient // ServerServer SecuritySecurity Defense-In-Depth -- Host

• SSL – Secure Session between Client (Desktop) and Database Server – Considerations • SSL Provided by Underlying RDBMS • ArcSDE Direct Connect Configuration • Firewall Configuration (If present) DefaultDefault Deny: Deny: •Allow RDBMS* – Reference your RDBMS specific documentation •Allow RDBMS* ArcGISArcGIS ClientClient // ServerServer SecuritySecurity Defense-In-Depth -- Host

• IPSec – Secure Exchange of Packets between Hosts At IP Layer • Application Agnostic – Considerations • Support both ArcSDE Direct Connect and Application Tier Configuration DefaultDefault Deny: Deny:Deny: •Allow 500 •Allow•Allow 500 500 ArcGISArcGIS ClientClient // ServerServer SecuritySecurity DefenseDefense--InIn--DepthDepth ---- HostHost

•• SSLSSL andand PacketPacket sniffingsniffing DemoDemo ArcGISArcGIS ClientClient // ServerServer SecuritySecurity Defense-In-Depth -- Application

•• ApplicationApplication DevelopmentDevelopment (ArcObjects)(ArcObjects) – Active Directory / LDAP Integration • Group Policies (Standardized Configurations) – File Permissions – Executable Permissions – Desktop Permissions – Password Complexity – Password Aging – Encrypted File System (EFS) • Manage ArcGIS Connections ArcGISArcGIS ClientClient // ServerServer SecuritySecurity DefenseDefense--InIn--DepthDepth ---- HostHost

•• AD/LDAPAD/LDAP ConnectionConnection DemoDemo ArcGISArcGIS ClientClient // ServerServer SecuritySecurity DefenseDefense--InIn--DepthDepth ---- ApplicationApplication

•• ApplicationApplication DevelopmentDevelopment (ArcObjects)(ArcObjects) – ArcGIS Desktop Lockdown • Role-Based Functionality for Commands • Removing Property Pages ArcGISArcGIS ClientClient // ServerServer SecuritySecurity DefenseDefense--InIn--DepthDepth ---- HostHost

•• DesktopDesktop LockdownLockdown DemoDemo ArcGISArcGIS ClientClient // ServerServer SecuritySecurity DefenseDefense--InIn--DepthDepth ---- InformationInformation

•• RDBMSRDBMS ControlsControls – RDBMS Roles – RDBMS Assignment of Privilege – Simple Feature Level Security • Views / Sensitivity Classifications OverviewOverview

•• WelcomeWelcome •• EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole •• DemoDemo IntroductionIntroduction •• ArcGISArcGIS ClientClient // ServerServer SecuritySecurity – Client / Server Demo •• ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity – Web Application Demo •• ArcGISArcGIS WebWeb ServicesServices SecuritySecurity – Web Services Demo •• QuestionsQuestions ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Security Controls

• Web Applications are Typically External Facing Greatly Increasing Threats and Vulnerabilities • Defense-In-Depth Approach (Based on Risk) – Network – Host (Operating System) – Application – Information ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Threats • Common Threats (Risks Associated with Providing Access) – Denial of Service Attacks (DOS) – Injection – Spoofing – Tampering – Information Disclosure – Elevation of Privilege – ……… • Basic Threat / Risk Mitigation – Control Access to the Network – Provide a Basis for Secure Communication – Validate Users of the system – Ensure that Users DO NOT Obtain Elevated Privileges ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Defense-In-Depth – Network

• Firewalls – Enforce security policy by controlling what is allowed to cross a designated point in the network.

– Basic Advantages • Can Restrict inbound and outbound traffic • Can Filter traffic based on content • Can Perform Network Address Translation (NAT) • Can Log successful and blocked traffic to Assist Intrusion detection and incident forensics

– Placement of your firewall is a key element of your overall Defense-In-Depth strategy ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Defense-In-Depth – Network Reverse Proxy • Reverse Proxy Considerations – Performance Impact minimized – Minimal Ports allowed through firewall – NAT supported – Controlled exposure to external network

Default Default Deny: DefaultDefault DefaultDefault Deny: Deny: Deny: Allow HTTP Deny:Deny: AllowAllow HTTP HTTP Allow 80 port AllowAllow 80 80 portport ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Defense-In-Depth – Network Web Server DMZ • Web Server Considerations – ArcGIS Components located on secure network – Map output drive through firewall – NAT Supported

Default Deny: DefaultDefault Default Deny: Deny: •Allow 5300 Deny:Deny: •Allow 5300 Allow 80 •Output Dir AllowAllow 80 80 •Output Dir ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Defense-In-Depth – Network DMZ • DMZ Considerations – Buffer between external and internal systems (Communication only one way between secure and external) – Operationally More Complex – Additional Costs (Hardware / Software)

Default Deny: Default Default Deny: Default •Allow Deny: •Allow Deny: Replication •Allow 80 ReplicationReplication •Allow•Allow 80 80 ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Defense-In-Depth – Network • ArcIMS Considerations For Firewall Placement – Performance – Image/Output Directory – Firewall Timeouts

PORT PROCESS COMMENT 80 Apache Web Server Incoming HTTP requests. 8007 Tomcat Servlet Engine Incoming web server requests. 8080 Tomcat Servlet Engine Tomcat’s built-in web server. 5300 ArcIMS Application Server Servlet connector for admin requests and client requests. 5353 ArcIMS Application Server Listens to Tasker, Monitor, Spatial Server, and Virtual Server. 5050 ArcIMS Monitor Listens to application and spatial servers. 5060 ArcIMS Tasker Listens to application server. 5151 ArcSDE Listens to spatial server. ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Defense-In-Depth -- Host

• HTTP over SSL (HTTPS) – Secure Session between Client (Browser) and Web Server – Considerations • Activated at Web Server Level – Determine Encryption Algorithm » DES » Triple DES » AES • Valid Server Certificate from CA • Firewall Configuration – Port 443 • Configuration of ArcIMS Administrator

DefaultDefault Deny: Deny:Deny: •Allow 443 •Allow•Allow 443 443 ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Defense-In-Depth -- Host

• IPSec – End to End Security Between Two Hosts (Transport) OR – VPN Tunnel to Connect Remote Hosts (Tunnel) – Considerations • Firewall Configuration (http://support.microsoft.com/?kbid=233256) • Encryption Algorithm – DES / TRIPLE DES / AES

Default Default Default DefaultDefault Deny: Deny: Deny: Deny:Deny: •Allow 443 •Allow 500 •Allow 443 •Allow•Allow 500 500 ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Defense-In-Depth -- Host

•• ThirdThird--PartyParty OptionsOptions – Integrate Web Applications With…. • Identity & Access Management Systems – Single Sign-On (Siteminder, Tivoli, Oblix, Major Application Servers) – Public Key Infrastructures (PKI) – Integrate Enterprise Security Measures (Security Best Practices -- http://www.sans.org)..... • Intrusion Prevention/Detection Systems • Vulnerability Scanning (Network / Application Development) ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity Defense-In-Depth -- Application

• Application Development (Application) – Standards (Take advantage of IT standards) • SAML • WSE(.NET) • WS-SECURITY(JAVA) – Role based web application Web Application development • Presentation of Role-Based Functionality – Best Practices (http://www.owasp.org)

• Data – (Concepts Presented in Client / Server) – RDBMS Roles – RDBMS Assignment of Privilege – Simple Feature Level Security • Views / Sensitivity Classifications ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity

•• DEMODEMO OverviewOverview

•• WelcomeWelcome •• EnterpriseEnterprise SecuritySecurity && ESRIESRI’’SS RoleRole •• DemoDemo IntroductionIntroduction •• ArcGISArcGIS ClientClient // ServerServer SecuritySecurity – Client / Server Demo •• ArcGISArcGIS WebWeb ApplicationApplication SecuritySecurity – Web Application Demo •• ArcGISArcGIS WebWeb ServicesServices SecuritySecurity – Web Services Demo •• QuestionsQuestions ArcGISArcGIS WebWeb ServicesServices SecuritySecurity Security Controls

• Web Services (SOA) Architecture – Exchange requests for activities to be performed against some resource via messaging. • Defense-In-Depth Approach (Based on Risk) – Network – Host (Operating System) – Application – Information ArcGISArcGIS WebWeb ServicesServices SecuritySecurity Threats •• ThreatsThreats AssociatedAssociated withwith WebWeb ServicesServices areare SimilarSimilar toto WebWeb ApplicationsApplications – Denial of Service Attacks (DOS), Injection, Spoofing,…. •• BasicBasic ThreatThreat // RiskRisk MitigationMitigation TechniquesTechniques – Control Access to the Network – Provide a Basis for Secure Communication – Validate Users (Message) of the system – Ensure that Users DO NOT Obtain Elevated Privileges ArcGISArcGIS WebWeb ServicesServices SecuritySecurity Defense-In-Depth – Network • ArcGIS Server Considerations For Firewall Placement – Ports • ArcGIS Server Components (SOM/SOC) Utilize the Distributed Component Object Protocol (DCOM) – NAT Translation NOT Supported in Some Configurations – Performance – Firewall Timeouts

PORT PROCESS COMMENT 80 Apache Web Server* Incoming HTTP requests. 8007 Tomcat Servlet Engine* Incoming web server requests. 8080 Tomcat Servlet Engine* Tomcat’s built-in web server. 135 ArcGIS Server Server Object Listens to Web Server. Manager (SOM) 135 ArcGIS Server Server Object Listens to Web Server. Container (SOC) 5000-5nnn Defined communication between Defined communication between SOC & SOM SOM & SOC (DCOM) – DCOM Communication 5151 ArcSDE Listens to SOC. ArcGISArcGIS WebWeb ServicesServices SecuritySecurity Defense-In-Depth – Network Reverse Proxy • Reverse Proxy Characteristics – Improved Performance – Components on secure network – NAT Supported – DCOM inside firewall – Minimal Ports Open to Secure Network

Default Deny: DefaultDefault Default Deny: Deny: Allow HTTP Deny:Deny: Allow HTTP Allow 80 port AllowAllow 80 80 port ArcGISArcGIS WebWeb ServicesServices SecuritySecurity Defense-In-Depth – Network Web Server DMZ • Web Server DMZ Characteristics – Improved ArcGIS Performance – Secure Network – Increased Ports Opened (135 & 5000 Range) – NAT NOT Supported (DCOM across Firewall)

ArcGIS Server - Default Deny: SOC(s) DefaultDefault DefaultDefault Deny: Deny: Deny: •Allow 135 Deny:Deny: •Allow 135 Allow 80 •Allow >5000 AllowAllow 80 80 •Allow >5000

XML Firewall Firewall Client ArcGIS Server - ArcSDE / Web Server SOM Database Server External Network DMZ Secure Network ArcGISArcGIS WebWeb ServicesServices SecuritySecurity Defense-In-Depth – Network DMZ • DMZ Characteristics – Improved Performance – Components on DMZ – NAT Supported – DCOM inside firewall – Minimal Ports Open to Secure Network – Data Replication Required

Default Deny: Default Default Deny: Default •Allow Deny: •Allow Deny: Replication •Allow 80 Replication •Allow•Allow 80 80 ArcGISArcGIS WebWeb ServicesServices SecuritySecurity Defense-In-Depth -- Host

• HTTP over SSL (HTTPS) – Considerations • COTS ArcGIS Clients Can NOT Consume (Custom ArcGIS / SOAP Clients) – Future COTS ArcGIS Releases • Activated at Web Server – Encryption Algorithm • Valid Server Certificate from CA • Firewall Configuration – Port 443

Default DefaultDefault Default Deny: Deny: Deny:Deny: Deny: •Allow 443 •Allow 443 •Allow•Allow 443 443 •Allow 443 ArcGISArcGIS WebWeb ServicesServices SecuritySecurity Defense-In-Depth -- Host

• IPSec – Considerations • Configuration – Microsoft (http://support.microsoft.com/?kbid=233256) – SUN (http://docs.sun.com/app/docs/doc/816-7264/6md9iem15#hic) – Linux (http://www.ipsec-howto.org/ ) – Cross Platform Support (See Operating System Documentation) • Encryption Algorithm – DES / TRIPLE DES / AES

•• ThirdThird--PartyParty OptionsOptions – Integrate With COTS Solutions • Swan Island Networks (SWARM) http://www.swanisland.net/ – Over-the-Internet communication system that enables a central authority to maintain persistent control while distributing sensitive information and alerts to trusted users. ArcGISArcGIS WebWeb ServicesServices SecuritySecurity Defense-In-Depth -- Application

• Securing the Data – Web Application Server Policy Management • Role Based CATALOG_FILEs • Securing the Message (XML) – Emerging IT Standards • Web Services Security – Message integrality and confidentiality – General Purpose mechanism for associating security tokens with message content – Current ArcGIS Considerations » Custom Extension for ArcGIS Clients – Platforms » WS-Security (JAVA) http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss » WSE (.NET) » http://msdn.microsoft.com/WebServices/building/wse/default.aspx ArcGISArcGIS WebWeb ServicesServices SecuritySecurity

• Intranet Scenario

• Active Directory used for authentication and authorization

• HTTPS used to secure transfer of information from application to service

• WSE used to securely pass identity to service

• ASP.NET web service uses impersonation to connect to ArcGIS Server DevelopingDeveloping SecureSecure ArcGISArcGIS EnterpriseEnterprise SolutionsSolutions

QQ && AA