Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Delivering Secure GIS SolutionsDelivering Secure GIS Solutions
February 20February 20thth, 2009, 2009Michael YoungMichael Young
Version 2.1Version 2.1
AgendaAgenda
•• IntroIntro•• ESRI’s GIS Security StrategyESRI’s GIS Security Strategy•• Enterprise GIS Security PatternsEnterprise GIS Security Patterns•• EnterpriseEnterprise--wide Security Mechanismswide Security Mechanisms•• EnterpriseEnterprise--wide Security Mechanismswide Security Mechanisms•• Product Platform Security MechanismsProduct Platform Security Mechanisms•• Scope of ESRI Security EffortsScope of ESRI Security Efforts
S S S S SS S S S S•• ESRI’s Next Steps Supporting Secure SolutionsESRI’s Next Steps Supporting Secure Solutions
IntroIntro
–– Michael YoungMichael Young•• ESRI Senior Enterprise ArchitectESRI Senior Enterprise Architect•• FISMA C&A Application Security OfficerFISMA C&A Application Security Officer•• Certified Information Systems Security Professional (CISSP)Certified Information Systems Security Professional (CISSP)
IntroIntroGoals for this sessionGoals for this session
–– Communicate ESRI’s plans to meet your security needsCommunicate ESRI’s plans to meet your security needs
–– Open discussions to incorporate your inputOpen discussions to incorporate your input
IntroIntroSecurity Industry ChallengesSecurity Industry Challenges
•• Service Oriented ArchitectureService Oriented Architecture•• Virtualized SystemsVirtualized Systems•• Cloud ComputingCloud Computing•• Application VulnerabilitiesApplication Vulnerabilities•• Application VulnerabilitiesApplication Vulnerabilities
IntroIntroGeneral Security PrinciplesGeneral Security Principles
•• CIA Security TriadCIA Security Triad
–– ConfidentialityConfidentiality•• Prevent Intentional or Unintentional Unauthorized DisclosurePrevent Intentional or Unintentional Unauthorized Disclosure
–– IntegrityIntegrity•• Prevent Unauthorized Data ModificationsPrevent Unauthorized Data Modifications
–– AvailabilityAvailability•• Ensure Reliable and Timely Access to DataEnsure Reliable and Timely Access to Data
IntroIntroGeneral Security PrinciplesGeneral Security Principles
•• Defense in depthDefense in depth
–– EnterpriseEnterprise--WideWideInitiativeInitiative
LDAP IntegrationSSO Integration
HTML Content FiltersValidation Checks
–– Multiple LayersMultiple Layers
–– Beyond TechnologyBeyond Technology
Native AuthenticationLDAP/Central User
RepositoryHardening Guides
Beyond TechnologyBeyond TechnologySolutionsSolutions
–– Security zone Security zone b d hit tb d hit t
FirewallsNIDSSSL
IPSec
based architecturebased architecture AuthenticationRole Based AccessRow LevelAccess
Data File Encryption
ESRI’S GIS SECURITYESRI’S GIS SECURITYESRI S GIS SECURITYESRI S GIS SECURITYSTRATEGYSTRATEGY
ESRI’s Security StrategyESRI’s Security StrategyTwo Reinforcing TrendsTwo Reinforcing Trends
Discrete products and services Discrete products and services Enterprise platform and servicesEnterprise platform and services
ESRIESRI
… exploiting 3… exploiting 3rdrd party security functionality party security functionality … exploiting … exploiting embedded andembedded and33rdrd party security functionality party security functionality
Isolated Systems Isolated Systems Integrated systemsIntegrated systems
with discretionary access with discretionary access
Applications ApplicationsIT/SecurityIT/Security
… relying on product and solution C&A … relying on product and solution C&A … relying on solution C&A … relying on solution C&A
ESRI’s Security StrategyESRI’s Security StrategyInterdependent CapabilitiesInterdependent Capabilities
•• Secure GIS ProductsSecure GIS Products–– ESRI develops products incorporating security industry best practices ESRI develops products incorporating security industry best practices
and are trusted across the globe to provide geospatial services that and are trusted across the globe to provide geospatial services that meet the needs of individual users and entire organizationsmeet the needs of individual users and entire organizations
HighHigh
•• Secure GIS Solution GuidanceSecure GIS Solution Guidance–– ESRI provides customers security patterns to facilitate deployment of ESRI provides customers security patterns to facilitate deployment of
MedMedLowLow
secure geospatial solutionssecure geospatial solutions
SECURE ENTERPRISE GISSECURE ENTERPRISE GISSECURE ENTERPRISE GISSECURE ENTERPRISE GISPATTERNSPATTERNS
Secure GIS PatternsSecure GIS Patterns
•• ESRI is providing security implementation patterns to help solve ESRI is providing security implementation patterns to help solve recurring security problems in a proven successful wayrecurring security problems in a proven successful wayrecurring security problems in a proven, successful wayrecurring security problems in a proven, successful way
•• ESRI’s patterns leverage The National Institute of Standards and ESRI’s patterns leverage The National Institute of Standards and Technology (NIST) guidelines for securing information systemsTechnology (NIST) guidelines for securing information systemsTechnology (NIST) guidelines for securing information systemsTechnology (NIST) guidelines for securing information systems
•• Patterns are based on risk for :Patterns are based on risk for : HighHigh–– Low Security Risk ImplementationsLow Security Risk Implementations–– Medium Security Risk ImplementationsMedium Security Risk Implementations–– High Security Risk ImplementationsHigh Security Risk Implementations
HighHigh
MedMedLowLow MedMedLowLow
To prioritize information security and privacy initiativesTo prioritize information security and privacy initiativesTo prioritize information security and privacy initiatives,To prioritize information security and privacy initiatives,organizations must assess their business needs and risksorganizations must assess their business needs and risks
Secure GIS PatternsSecure GIS PatternsChoosing the appropriate Risk Level PatternChoosing the appropriate Risk Level Pattern
•• How does a customer choose the right pattern?How does a customer choose the right pattern?FormalFormal NIST Security Categorization ProcessNIST Security Categorization Process–– FormalFormal –– NIST Security Categorization ProcessNIST Security Categorization Process
–– InformalInformal –– Simple scenarios ESRI customers can relate toSimple scenarios ESRI customers can relate to
F l P tt S l tiF l P tt S l ti•• Formal Pattern SelectionFormal Pattern Selection–– NIST SP 800NIST SP 800--6060 -- Guide for Mapping Types of Information and Guide for Mapping Types of Information and
Information Systems to Security CategoriesInformation Systems to Security Categories
Secure GIS PatternsSecure GIS PatternsInformation Pattern SelectionInformation Pattern Selection
•• Informal Pattern SelectionInformal Pattern Selection–– Low Risk PatternLow Risk Pattern
•• No Sensitive data No Sensitive data –– Public informationPublic information•• All architecture tiers can be deployed to one physical boxAll architecture tiers can be deployed to one physical box
Low
–– Medium Risk PatternMedium Risk Pattern•• Moderate consequences of data loss or integrityModerate consequences of data loss or integrity
A hit t ti t d t t tA hit t ti t d t t t Med•• Architecture tiers are separated to separate systemsArchitecture tiers are separated to separate systems•• Potential need for Federated ServicesPotential need for Federated Services
–– High Risk PatternHigh Risk Pattern
Med
High Risk PatternHigh Risk Pattern•• Sensitive dataSensitive data•• All components redundant for availabilityAll components redundant for availability•• 33rdrd party enterprise security components utilizedparty enterprise security components utilized
High
ENTERPRISEENTERPRISE--WIDE SECURITYWIDE SECURITYENTERPRISEENTERPRISE WIDE SECURITYWIDE SECURITYMECHANISMSMECHANISMS
EnterpriseEnterprise--Wide Security MechanismsWide Security MechanismsOverviewOverview
•• AuthenticationAuthentication•• AuthorizationAuthorization•• FiltersFilters•• EncryptionEncryption•• EncryptionEncryption•• Logging/AuditingLogging/Auditing
EnterpriseEnterprise--Wide Security MechanismsWide Security MechanismsAuthenticationAuthentication
•• ESRI COTSESRI COTS AuthenticationMethod Protocol Description
UserCredential
–– Token ServiceToken Service•• Introduced with Introduced with ArcGISArcGIS Server 9.3Server 9.3•• CrossCross--PlatformPlatform -- .NET & Java.NET & Java
Method Encryption
BasicBasic
DigestDigest
WindowsWindows
HTTPHTTP(SSL(SSLoptional)optional)
Uses the browser’s Uses the browser’s builtbuilt--in popin pop--up login up login dialog box. dialog box.
Basic None, Basic None, unless using unless using SSLSSL
•• CrossCross--APIAPI –– SOAP & RESTSOAP & REST•• CrossCross--Product Product –– Desktop, Explorer, Desktop, Explorer,
Web Service and ApplicationsWeb Service and Applications–– Multiple Authentication MethodsMultiple Authentication Methods
IntegratedIntegrated
FormForm--basedbased HTTPHTTP(SSL(SSLoptional) optional)
Application provides Application provides its own custom login its own custom login and error pages. and error pages.
None,None,unless using unless using SSLSSL–– Multiple Authentication MethodsMultiple Authentication Methods
supported by setting up multiple supported by setting up multiple ArcGISArcGIS Server Web instancesServer Web instances
ClientClientCertificateCertificate
HTTPSHTTPS(HTTP(HTTPover SSL) over SSL)
ServerServerauthenticates the authenticates the client using a public client using a public key certificate. key certificate.
SSLSSL
•• 33rdrd PartyParty–– Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)–– Single SignSingle Sign--On (SSO)On (SSO)
ESRI TokenESRI Token HTTPHTTP(SSL(SSLoptional) optional)
Cross Platform, Cross Platform, Cross API Cross API AuthenticationAuthentication
AESAES--128bit128bit
Single SignSingle Sign On (SSO)On (SSO)–– Windows IntegratedWindows Integrated–– LDAPLDAP
EnterpriseEnterprise--Wide Security MechanismsWide Security MechanismsAuthorizationAuthorization
•• Role Based Access Control (RBAC)Role Based Access Control (RBAC)
–– ESRI COTSESRI COTS•• ArcGISArcGIS Service LevelService Level
–– 33rdrd PartyParty•• RDBMSRDBMS –– Row Level or Feature Class LevelRow Level or Feature Class Level
–– CustomCustom•• Limit GUI via Limit GUI via ArcObjectsArcObjects and/or Weband/or Web--TierTier
EnterpriseEnterprise--Wide Security MechanismsWide Security MechanismsFiltersFilters
•• 33rdrd PartyParty–– FirewallsFirewalls–– Reverse ProxyReverse Proxy
•• Common implementation optionCommon implementation option•• Looking into providing baseline filtersLooking into providing baseline filters
–– Web Application FirewallWeb Application Firewall•• Looking into providing baseline guidance for Looking into providing baseline guidance for ModSecurityModSecurity --
–– AntiVirusAntiVirus SoftwareSoftware–– Intrusion Detection / Prevention SystemsIntrusion Detection / Prevention Systems
•• CustomCustom–– Limit applications able to access Limit applications able to access GeoDatabaseGeoDatabase
EnterpriseEnterprise--Wide Security MechanismsWide Security MechanismsEncryptionEncryption
•• 33rdrd PartyParty–– NetworkNetwork
•• IPSec (VPN, Internal Systems)IPSec (VPN, Internal Systems)•• SSL (Internal and External System)SSL (Internal and External System)
–– File BasedFile Based•• Operating SystemOperating System•• Hardware (Disk)Hardware (Disk)
RDBMSRDBMS–– RDBMSRDBMS•• Transparent Data EncryptionTransparent Data Encryption•• Low Cost Portable Solution Low Cost Portable Solution -- SQL Express 2008 w/TDESQL Express 2008 w/TDE
EnterpriseEnterprise--Wide Security MechanismsWide Security MechanismsLogging/AuditingLogging/Auditing
•• ESRI COTSESRI COTS–– JTX Workflow tracking of Feature based activitiesJTX Workflow tracking of Feature based activities–– GeoDatabaseGeoDatabase HistoryHistory–– ArcGISArcGIS Server Logging (Dramatically improved with 9.3)Server Logging (Dramatically improved with 9.3)gg g ( y p )gg g ( y p )
•• CustomCustom–– ArcObjectsArcObjects component output GML of Feature based activitiescomponent output GML of Feature based activitiesArcObjectsArcObjects component output GML of Feature based activitiescomponent output GML of Feature based activities
•• 33rdrd PartyParty–– Web ServerWeb ServerWeb ServerWeb Server–– RDBMSRDBMS–– OSOS
PRODUCT PLATFORMPRODUCT PLATFORMPRODUCT PLATFORMPRODUCT PLATFORMSECURITY MECHANISMSSECURITY MECHANISMS
Product Platform Security MechanismsProduct Platform Security MechanismsOverviewOverview
•• Client/ServerClient/Server•• Web ApplicationsWeb Applications•• Web ServicesWeb Services•• MobileMobile•• MobileMobile
Product Platform Security MechanismsProduct Platform Security MechanismsClient/ServerClient/Server
•• ArcObjectArcObject Development OptionsDevelopment Options–– Record userRecord user--initiated GIS transactionsinitiated GIS transactions–– FineFine--grained access controlgrained access control
•• Edit, Copy, Cut, Paste and PrintEdit, Copy, Cut, Paste and Print–– Interface with centrally managed security infrastructure (LDAP)Interface with centrally managed security infrastructure (LDAP)
•• Integration with server Token Authentication ServiceIntegration with server Token Authentication Service•• Windows native authenticationWindows native authenticationdo s at e aut e t cat odo s at e aut e t cat o•• Client Server CommunicationClient Server Communication
–– Direct Connect Direct Connect –– RDBMSRDBMS–– Application ConnectApplication Connect –– SDESDEApplication ConnectApplication Connect –– SDESDE–– HTTP Service HTTP Service –– GeoDataGeoData ServiceService
•• SSL and IPSec UtilizationSSL and IPSec Utilization
Product Platform Security MechanismsProduct Platform Security MechanismsWeb ApplicationsWeb Applications
•• ArcGISArcGIS Server ManagerServer Manager–– Automates standard security configuration of web apps in ASP.NET Automates standard security configuration of web apps in ASP.NET
and Java EEand Java EE•• E.g. Modifies E.g. Modifies web.configweb.config file of ASP.NETfile of ASP.NET
•• Application InterfacesApplication Interfaces–– .NET and Java ADF’s.NET and Java ADF’s–– JavaScriptJavaScript–– FlexFlex–– SilverLightSilverLight
Product Platform Security MechanismsProduct Platform Security MechanismsWeb ServicesWeb Services
•• ArcGISArcGIS Server ManagerServer Manager–– Set permissions on folders as well as individual servicesSet permissions on folders as well as individual services–– Secures access to all supported web interfacesSecures access to all supported web interfaces
•• RESTREST•• SOAPSOAP•• OGCOGC•• OGCOGC•• KMLKML
Product Platform Security MechanismsProduct Platform Security MechanismsMobileMobile
•• ArcPadArcPad–– Password protect and encrypt the AXF data filePassword protect and encrypt the AXF data file–– Encrypt mobile device memory cardsEncrypt mobile device memory cards–– Secure yourSecure your ArcGISArcGIS Server environment with users and groups to limit Server environment with users and groups to limit yy g pg p
who can publish who can publish ArcPadArcPad datadata–– Secure your internet connection used for synchronizing Secure your internet connection used for synchronizing ArcPadArcPad datadata
•• ArcGISArcGIS MobileMobile–– Encrypt communication via HTTPS (SSL) or VPN tunnel to Encrypt communication via HTTPS (SSL) or VPN tunnel to GeoDataGeoData
ServiceService–– Utilization of Token ServiceUtilization of Token Service–– Windows Mobile Crypto APIWindows Mobile Crypto API–– Third party tools for entire storage systemThird party tools for entire storage system
SCOPE OF ESRI SECURITYSCOPE OF ESRI SECURITYSCOPE OF ESRI SECURITYSCOPE OF ESRI SECURITYEFFORTSEFFORTS
Scope of ESRI Security EffortsScope of ESRI Security EffortsCompliance and CertificationsCompliance and Certifications
•• ESRI fully supports and tests product compatibility with FDCC (Federal ESRI fully supports and tests product compatibility with FDCC (Federal Desktop Core Configuration) security settingsDesktop Core Configuration) security settingsp g ) y gp g ) y g
•• ESRI hosts FISMA certified and accredited low risk category environmentsESRI hosts FISMA certified and accredited low risk category environments
•• ESRI’s Security Patterns are based on NIST/FISMA guidanceESRI’s Security Patterns are based on NIST/FISMA guidance–– Not provided as full certification compliance representationsNot provided as full certification compliance representations
•• ESRI software products are successfully deployed in high risk security ESRI software products are successfully deployed in high risk security environmentsenvironments
•• ESRI does not certify classified environment products and systemsESRI does not certify classified environment products and systems–– Function is performed by the system ownerFunction is performed by the system owner
•• ESRI continues to evaluate the need for compliance and/or additional ESRI continues to evaluate the need for compliance and/or additional certificationscertifications
Scope of ESRI Security EffortsScope of ESRI Security EffortsRegulations and StandardsRegulations and Standards
•• ESRI provides patterns based on ESRI provides patterns based on NIST guidance which contains the NIST guidance which contains the backbone of most securitybackbone of most securitybackbone of most securitybackbone of most securityregulations and standardsregulations and standards
•• NIST Standards can operate as aNIST Standards can operate as aNIST Standards can operate as aNIST Standards can operate as abaseline of security and then layer in baseline of security and then layer in applicable laws, regulations for applicable laws, regulations for compliance of an industry on topcompliance of an industry on top
R f d U ifi d hR f d U ifi d h–– Referred to as a Unified approach to Referred to as a Unified approach to information security complianceinformation security compliance
Scope of ESRI Security EffortsScope of ESRI Security EffortsSummarySummary
•• ESRI provides security due diligence with our products and ESRI provides security due diligence with our products and solutions, but is not a security software companysolutions, but is not a security software company
•• ESRI recognizes every security solution is uniqueESRI recognizes every security solution is uniqueESRI recognizes every security solution is uniqueESRI recognizes every security solution is unique
•• Ultimately, certifications and accreditations are based on a Ultimately, certifications and accreditations are based on a customers mission area and circumstancecustomers mission area and circumstancecustomers mission area and circumstancecustomers mission area and circumstance
NEXT STEPS SUPPORTINGNEXT STEPS SUPPORTINGNEXT STEPS SUPPORTINGNEXT STEPS SUPPORTINGSECURE SOLUTIONSSECURE SOLUTIONS
Next Steps Supporting Secure SolutionsNext Steps Supporting Secure Solutions
•• Your Feedback and Insight Today is EssentialYour Feedback and Insight Today is Essential
–– Current Security IssuesCurrent Security Issues
–– Upcoming Security RequirementsUpcoming Security Requirements
–– Security Resource CenterSecurity Resource Centeryy
–– Areas of concern Not addressed TodayAreas of concern Not addressed Today
Contact Us At:Contact Us At:[email protected]@esri.com@@
Session Evaluation ReminderSession Evaluation Reminder
Session Attendees:Session Attendees:Please turn in your session evaluations.Please turn in your session evaluations.
. . . Thank you. . . Thank you