Delivering Secure GIS Solutions

Delivering Secure GIS Solutions

February 20th, 2009 Michael Young

Version 2.1

Agenda

• • • • • • •

Intro ESRI’s GIS Security Strategy Enterprise GIS Security Patterns Enterprise--wide Security Mechanisms Enterprise Product Platform Security Mechanisms Scope of ESRI Security Efforts ESRI’s S Next S Steps S Supporting S Secure S Solutions

Intro

– Michael Young • ESRI Senior Enterprise Architect • FISMA C&A Application Security Officer • Certified Information Systems Security Professional (CISSP)

Intro Goals for this session

– Communicate ESRI’s plans to meet your security needs – Open discussions to incorporate your input

Intro Security Industry Challenges

• • • •

Service Oriented Architecture Virtualized Systems Cloud Computing Application Vulnerabilities

Intro General Security Principles

• CIA Security Triad – Confidentiality • Prevent Intentional or Unintentional Unauthorized Disclosure

– Integrity • Prevent Unauthorized Data Modifications

– Availability • Ensure Reliable and Timely Access to Data

Intro General Security Principles

• Defense in depth ’’Ž‹…ƒ–‹‘

– Enterprise Enterprise--Wide Initiative

‘•–Ȁ‡˜‹…‡

– Multiple Layers – Beyond Technology Solutions – Security zone b based d architecture hit t

LDAPIntegration SSOIntegration HTMLContentFilters ValidationChecks

ƒ–ƒ ƒ† ••‡–•

‡–™‘”

Š›•‹…ƒŽ ‘–”‘Ž• ‘Ž‹…›  Ž‹ ‘–”‘Ž• ‡…Š‹…ƒŽ ‘–”‘Ž•

ƒ–ƒ

NativeAuthentication LDAP/CentralUser Repository HardeningGuides

Firewalls NIDS SSL IPSec

Authentication RoleBasedAccess RowǦLevelAccess DataFileEncryption

ESRI’S ESRI S GIS SECURITY STRATEGY

ESRI’s Security Strategy Two Reinforcing Trends Discrete products and services

Enterprise platform and services

… exploiting 3rd party security functionality

… exploiting embedded and 3rd party security functionality

ESRI

Isolated Systems

Integrated systems with discretionary access

IT/Security Applications

… relying on solution C&A

Applications

… relying on product and solution C&A

ESRI’s Security Strategy Interdependent Capabilities

• Secure GIS Products – ESRI develops products incorporating security industry best practices and are trusted across the globe to provide geospatial services that meet the needs of individual users and entire organizations

High Low

Med

• Secure GIS Solution Guidance – ESRI provides customers security patterns to facilitate deployment of secure geospatial solutions

SECURE ENTERPRISE GIS PATTERNS

Secure GIS Patterns

• ESRI is providing security implementation patterns to help solve recurring security problems in a proven proven, successful way • ESRI’s patterns leverage The National Institute of Standards and Technology (NIST) guidelines for securing information systems • Patterns are based on risk for : – Low Security Risk Implementations – Medium Security Risk Implementations – High Security Risk Implementations

High Low

Med

To prioritize information security and privacy initiatives, initiatives organizations must assess their business needs and risks

Secure GIS Patterns Choosing the appropriate Risk Level Pattern

• How does a customer choose the right pattern? – Formal – NIST Security Categorization Process – Informal – Simple scenarios ESRI customers can relate to

• Formal F l Pattern P tt Selection S l ti – NIST SP 800 800--60 - Guide for Mapping Types of Information and Information Systems to Security Categories

Secure GIS Patterns Information Pattern Selection

• Informal Pattern Selection – Low Risk Pattern

Low

• No Sensitive data – Public information • All architecture tiers can be deployed to one physical box

– Medium Risk Pattern • Moderate consequences of data loss or integrity • Architecture A hit t tiers ti are separated t d to t separate t systems t • Potential need for Federated Services

Med

– High Risk Pattern • Sensitive data • All components redundant for availability • 3rd party enterprise security components utilized

High

ENTERPRISE--WIDE SECURITY ENTERPRISE MECHANISMS

Enterprise--Wide Security Mechanisms Enterprise Overview

• • • • •

Authentication Authorization Filters Encryption Logging/Auditing

Enterprise--Wide Security Mechanisms Enterprise Authentication

• ESRI COTS – Token Service • • • •

Introduced with ArcGIS Server 9.3 Cross--Platform - .NET & Java Cross Cross--API – SOAP & REST Cross Cross--Product – Desktop, Explorer, Cross Web Service and Applications

– Multiple Authentication Methods supported by setting up multiple ArcGIS Server Web instances

• 3rd Party – Public Key Infrastructure (PKI) – Single Sign Sign--On (SSO) – Windows Integrated – LDAP

Authentication Method

Protocol

Description

User Credential Encryption

Basic

HTTP

Digest

(SSL optional)

Uses the browser’s built--in popbuilt pop-up login dialog box.

Basic None, unless using SSL

Application provides its own custom login and error pages.

None, unless using SSL

Windows Integrated Form--based Form

HTTP (SSL optional)

Client Certificate

HTTPS

Server authenticates the client using a public key certificate.

SSL

(HTTP over SSL)

ESRI Token

HTTP (SSL optional)

Cross Platform, Cross API Authentication

AES--128bit AES

Enterprise--Wide Security Mechanisms Enterprise Authorization

• Role Based Access Control (RBAC) – ESRI COTS • ArcGIS Service Level

– 3rd Party • RDBMS – Row Level or Feature Class Level

– Custom • Limit GUI via ArcObjects and/or WebWeb-Tier

Enterprise--Wide Security Mechanisms Enterprise Filters

• 3rd Party – Firewalls – Reverse Proxy • Common implementation option • Looking into providing baseline filters

– Web Application Firewall • Looking into providing baseline guidance for ModSecurity -

– AntiVirus Software – Intrusion Detection / Prevention Systems

• Custom – Limit applications able to access GeoDatabase

Enterprise--Wide Security Mechanisms Enterprise Encryption

• 3rd Party – Network • IPSec (VPN, Internal Systems) • SSL (Internal and External System)

– File Based • Operating System • Hardware (Disk)

– RDBMS • Transparent Data Encryption • Low Cost Portable Solution - SQL Express 2008 w/TDE

Enterprise--Wide Security Mechanisms Enterprise Logging/Auditing

• ESRI COTS – JTX Workflow tracking of Feature based activities – GeoDatabase History – ArcGIS Server Logging gg g (Dramatically ( y improved p with 9.3))

• Custom – ArcObjects component output GML of Feature based activities

• 3rd Party – Web Server – RDBMS – OS

PRODUCT PLATFORM SECURITY MECHANISMS

Product Platform Security Mechanisms Overview

• • • •

Client/Server Web Applications Web Services Mobile

Product Platform Security Mechanisms Client/Server

• ArcObject Development Options – Record useruser-initiated GIS transactions – Fine Fine--grained access control • Edit, Copy, Cut, Paste and Print

– Interface with centrally managed security infrastructure (LDAP)

• Integration with server Token Authentication Service • Windows do s native at e aut authentication e t cat o • Client Server Communication – Direct Connect – RDBMS – Application Connect – SDE – HTTP Service – GeoData Service

• SSL and IPSec Utilization

Product Platform Security Mechanisms Web Applications

• ArcGIS Server Manager – Automates standard security configuration of web apps in ASP.NET and Java EE • E.g. Modifies web.config file of ASP.NET

• Application Interfaces – .NET and Java ADF’s – JavaScript – Flex – SilverLight

Product Platform Security Mechanisms Web Services

• ArcGIS Server Manager – Set permissions on folders as well as individual services – Secures access to all supported web interfaces

• • • •

REST SOAP OGC KML

Product Platform Security Mechanisms Mobile

• ArcPad – Password protect and encrypt the AXF data file – Encrypt mobile device memory cards – Secure y your ArcGIS Server environment with users and g groups p to limit who can publish ArcPad data – Secure your internet connection used for synchronizing ArcPad data

• ArcGIS Mobile – Encrypt communication via HTTPS (SSL) or VPN tunnel to GeoData Service – Utilization of Token Service – Windows Mobile Crypto API – Third party tools for entire storage system

SCOPE OF ESRI SECURITY EFFORTS

Scope of ESRI Security Efforts Compliance and Certifications

• ESRI fully supports and tests product compatibility with FDCC (Federal Desktop p Core Configuration) g ) security y settings g • ESRI hosts FISMA certified and accredited low risk category environments • ESRI’s Security Patterns are based on NIST/FISMA guidance – Not provided as full certification compliance representations

• ESRI software products are successfully deployed in high risk security environments • ESRI does not certify classified environment products and systems – Function is performed by the system owner

• ESRI continues to evaluate the need for compliance and/or additional certifications

Scope of ESRI Security Efforts Regulations and Standards

• ESRI provides patterns based on NIST guidance which contains the backbone of most security regulations and standards • NIST Standards can operate as a baseline of security and then layer in applicable laws, regulations for compliance of an industry on top – Referred R f d to as a U Unified ifi d approach h to information security compliance

Scope of ESRI Security Efforts Summary

• ESRI provides security due diligence with our products and solutions, but is not a security software company • ESRI recognizes every security solution is unique • Ultimately, certifications and accreditations are based on a customers mission area and circumstance

NEXT STEPS SUPPORTING SECURE SOLUTIONS

Next Steps Supporting Secure Solutions

• Your Feedback and Insight Today is Essential – Current Security Issues – Upcoming Security Requirements – Security y Resource Center – Areas of concern Not addressed Today

Contact Us At: [email protected] @

Session Evaluation Reminder

Session Attendees: Please turn in your session evaluations. . . . Thank you