Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Design: Delivering Secure Solutions

advertisement 
Design: Delivering Secure Solutions
Michael Young
ESRI Senior Enterprise Architect
Certified Information Systems Security Professional (CISSP)
Version 1.2
Agenda
•
•
•
•
•
•
•
•
Intro
ESRI’s GIS Security Strategy
Enterprise-wide Security Mechanisms
Application Security
Enterprise GIS Security Patterns
Current Security Trends
Scope of ESRI Security Efforts
ESRI’s Next Steps Supporting Secure Solutions
Intro
Goals for this session
• Communicate ESRI’s plans to meet your security needs
• Open discussions to incorporate your input
Intro
Security Industry Challenges
•
•
•
•
Service Oriented Architecture (SOA)
Virtualized systems
Cloud computing
Application vulnerabilities
Intro
General Security Principles
• CIA Security Triad
– Confidentiality
• Prevent intentional or unintentional unauthorized disclosure
– Integrity
• Prevent unauthorized data modifications
– Availability
• Ensure reliable and timely access to data
Intro
General Security Principles
• Defense in depth
Application
– Enterprise-Wide
Initiative
– Multiple Layers
– Beyond Technology
Solutions
– Security zone
based architecture
LDAP Integration
SSO Integration
HTML Content Filters
Validation Checks
Host/Device
Data
and
Assets
Network
Physical
Controls
Policy
Controls
Technical
Controls
Data
Native Authentication
LDAP/Central User
Repository
Hardening Guides
Firewalls
NIDS
SSL
IPSec
Authentication
Role Based Access
Row-Level Access
Data File Encryption
Intro
General Security Principles
• Maintain Defenses Against Different Stages of Attack
– Initial Compromise
– Causing Damage
– Long-Term Recognizance
ESRI’s GIS Security Strategy
ESRI’s Security Strategy
Two Reinforcing Trends
Discrete products and services
Enterprise platform and services
… exploiting 3rd party security functionality
… exploiting embedded and
3rd party security functionality
ESRI
Isolated Systems
Integrated systems
with discretionary access
IT/Security
Applications
… relying on solution security validation
Applications
… relying on product and solution security
validation
ESRI’s Security Strategy
Interdependent Capabilities
• Secure GIS products
– ESRI develops products incorporating security
industry best practices and are trusted across
the globe to provide geospatial services that
meet the needs of individual users and entire
organizations
• Secure GIS solution guidance
– July release of Enterprise GIS Resource
Center containing security best practice
guidance and documentation
Enterprise-wide Security Mechanisms
Enterprise-Wide Security Mechanisms
Overview
•
•
•
•
•
Authentication
Authorization
Filters
Encryption
Logging/Auditing
Enterprise-Wide Security Mechanisms
Authentication
• ArcGIS Authentication Options
–
–
–
–
–
–
–
Default of none
Local connection
IIS Web Server Authentication
JavaEE Container Managed
Server Token Service
Forms based
Multiple concurrent methods
Authentication
Method
Protocol
Description
User
Credential
Encryption
Basic
HTTP
Digest
(SSL
optional)
Uses the browser’s
built-in pop-up login
dialog box.
Basic None,
unless using
SSL
Application provides
its own custom login
and error pages.
None,
unless using
SSL
Windows
Integrated
Form-based
(SSL
optional)
• ArcGIS 9.3 Token Service
– Cross-Platform - .NET & Java
– Cross-API – SOAP & REST
– Cross-Product – Desktop, Explorer, Web
Service and Applications
• 3rd Party
–
–
–
–
Public Key Infrastructure (PKI)
Single Sign-On (SSO)
Windows Integrated
LDAP
HTTP
Client
Certificate
HTTPS
Server
authenticates the
client using a public
key certificate.
SSL
(HTTP
over SSL)
ESRI Token
HTTP
(SSL
optional)
Cross Platform,
Cross API
Authentication
AES-128bit
Enterprise-Wide Security Mechanisms
Authorization
• Role Based Access Control (RBAC)
– ESRI COTS
• ArcGIS authorization across product lines to Service Level
• Use ArcGIS Manager to assign access to services
• Services can be grouped into folders which utilize inheritance to ease
management
– 3rd Party
• RDBMS – Row Level or Feature Class Level
– Multi-Versioned instances may significantly degrade RDBM performance
– Alternative is SDE Views
– Custom - Limit GUI
• Rich Clients via ArcObjects
• Web Applications
– Check out sample code - Google: EDN Common Security
– Try out Microsoft’s AzMan tool
Enterprise-Wide Security Mechanisms
Filters
• 3rd Party
– Firewalls
– Reverse Proxy
• Common implementation option
• MS now has free reverse proxy code for IIS 7 (Windows 2008)
• Looking into providing baseline filters
– Web Application Firewall
• Looking into providing baseline guidance for ModSecurity
– Anti-Virus Software
– Intrusion Detection / Prevention Systems
• Custom
– Limit applications able to access geodatabase
Enterprise-Wide Security Mechanisms
Encryption
• 3rd Party
– Network
• IPSec (VPN, Internal Systems)
• SSL (Internal and External System)
– File Based
• Operating System – BitLocker
• GeoSpatially enabled PDF’s
• Hardware (Disk)
– RDBMS
• Transparent Data Encryption
• Low Cost Portable Solution - SQL Express 2008 w/TDE
Enterprise-Wide Security Mechanisms
Logging/Auditing
• ESRI COTS
– Geodatabase history may be utilized for tracking changes
– JTX Workflow tracking of Feature based activities
– ArcGIS Server Logging
• Custom
– ArcObjects component output GML of Feature based activities
• 3rd Party
– Web Server
– RDBMS
– OS
Application Security
Application Security
Overview
•
•
•
•
•
Rich Client Applications
Web Applications
Web Services
Online Services
Mobile
Application Security
Rich Client Applications
• ArcObject Development Options
– Record user-initiated GIS transactions
– Fine-grained access control
• Edit, Copy, Cut, Paste and Print
– Interface with centrally managed security infrastructure (LDAP)
• Integration with server Token Authentication Service
• Windows native authentication
• Client Server Communication
– Direct Connect – RDBMS
– Application Connect – SDE
– HTTP Service – GeoData Service
• SSL and IPSec Utilization
Application Security
Web Applications
• ArcGIS Server Manager
– Automates standard security configuration of web apps in
ASP.NET and Java EE
• E.g. Modifies web.config file of ASP.NET
• Application Interfaces
– .NET and Java ADF’s
• Out of the box integration with Token Security service
– REST API’s (JavaScript, Flex, Silverlight)
• Can embed in URL – Simple
• Better solution is dynamically generate token
• Don’t forget to protect access to your client code
Application Security
Web Services
• ArcGIS Server Manager
– Set permissions on folders as well as individual services
– Restricting access to some services but not others is only available
through Internet connections
– Can remove Local service requests to ArcGIS Server by emptying
AGSUsers group
– Secures access to all ArcGIS Server web interfaces
• REST
– Service directory is on by default, disable if you don’t want it browsable
• SOAP
– WS-Security can be addressed by 3rd party XML/SOAP gateways
• OGC
• KML
Application Security
Online Services
• New ArcGIS Online Search and Share
– Central resource for easily accessing, storing and sharing maps
– A membership system
•
•
•
•
You control access to items you share
You are granted access to items shared by others
You join and share information using groups
Organizations self-administer their own users and groups
– Site security similar in approach with other social networking sites
• Not meant for highly confidential or proprietary data
Application Security
Mobile
• ArcPad
– Password protect and encrypt the AXF data file
– Encrypt mobile device memory cards
– Secure your ArcGIS Server environment with users and groups to limit
who can publish ArcPad data
– Secure your internet connection used for synchronizing ArcPad data
• ArcGIS Mobile
– Encrypt communication via HTTPS (SSL) or VPN tunnel to GeoData
Service
– Utilization of Token Service
– Web Service Credentials
– Consider utilization of Windows Mobile Crypto API
– Third party tools for entire storage system
Secure Enterprise GIS Patterns
Secure GIS Patterns
• ESRI is providing security implementation patterns to help solve
recurring security problems in a proven, successful way
• ESRI’s patterns leverage The National Institute of Standards and
Technology (NIST) guidelines for securing information systems
• Patterns are based on risk for :
– Basic Security Risk Implementations
– Standard Security Risk Implementations
– Advanced Security Risk Implementations
To prioritize information security and privacy initiatives,
organizations must assess their business needs and risks
Secure GIS Patterns
Choosing the appropriate Risk Level Pattern
• How does a customer choose the right pattern?
– Formal – NIST Security Categorization Process
– Informal – Simple scenarios ESRI customers can relate to
• Formal Pattern Selection
– NIST SP 800-60 - Guide for Mapping Types of Information and
Information Systems to Security Categories
Secure GIS Patterns
Information Pattern Selection
• Informal Pattern Selection
Basic
– Basic Risk Pattern
• No Sensitive data – Public information
• All architecture tiers can be deployed to one physical box
– Standard Risk Pattern
• Moderate consequences for data loss or integrity
• Architecture tiers are separated to separate systems
• Potential need for Federated Services
Standard
– Advanced Risk Pattern
• Sensitive data
• All components redundant for availability
• 3rd party enterprise security components utilized
Advanced
Secure GIS Patterns
Basic
Basic Security
Internal Trusted Network
Web Application
Rich Client
DMZ
Anonymous
Internet User
1.
5
M
ArcMap
Active Directory Server
Windows 2003
s
bp
Perimeter Network
SSL for
Login
Perimeter Network
Internal LAN
1 Gbps
Internet
Reverse Proxy
Server
Windows 2008
Proxy Service
IIS 7
Web Application
Application Server
ArcGIS Server 9.3
Authenticated
Internet User
ArcGIS Online
Basemap Layers
AGS Silverlight API
• Common Basic Security Environment Attributes
–
–
–
–
Utilize data and API downloads from cloud computing environments
Secure services and web applications with ArcGIS Token Service
Separate internal systems from Internet access with DMZ
Utilize a Reverse Proxy to avoid DCOM across firewalls
Database Server
MS SQL 2005
Secure GIS Patterns
Standard Security
• Common Standard Security Environment Attributes
– Authentication/Authorization
• No static storage of ArcGIS Token in application code
• Multi-Factor authentication utilized for remote system access
– Network
• Partitioning system functions such as Web, Database and Management by VLANs
– Servers have separate network connections for management traffic
• Add Application Security Firewall (ex. ModSec) to Reverse Proxy Server
– Utilize host-based firewalls on systems
– Systems Management
• Can utilize data from cloud computing environments, but have local copies
– Avoid usage of internal clients consuming external services for API downloads
• Redundant components for High Availability
– Can utilize low cost load balancers such as MS NLB
• Utilize Intrusion Prevention/Detection Systems
• Implement least privilege
– Ensure separation of duties
– Lock down system ports, protocols, and services (Whitepaper available)
• Standardize system images for clients and server (SMS)
– Whitepaper available
• Be aware of browser plug-in restrictions
Standard
Secure GIS Patterns
Advanced
Advanced Security
• Common Advanced Security Environment Attributes
– Minimal reliance on external data/systems
– Data Management
•
•
•
•
Separate datasets (e.g. Public, Employees, Subset of Employees)
Consider utilizing explicit labels on information, source and destination objects
Clustered Database for High Availability
Utilization of Transparent Data Encryption for storage of sensitive data
– Authentication/Authorization
• Utilize 3rd party security products for service and web application authentication and
authorization
• Utilize Public Key Infrastructure (PKI) certs
• Multi-Factor Authentication required for Local Access, and for Remote system access
Hardware Token Multi-Factor required
– Network configuration
• Redundant network connections between systems
• Secure communication via IPSec between backend systems
• Secure communication via SSL/TLS between Clients and Servers (Both web and Rich
Clients)
• Partitioning system functions such as Web, Database and Management by VLANs
• Servers have separate network connections for management traffic
• Deploy Network Access Control (NAC) tools to verify security configuration and patch
level compliance before granting access to a network
Current Security Trends
Current Security Trends
Old-Fashioned DOS Attacks Still in Style
• July 4th started off with a bang of 50,000 'zombies' triggering
recent denial of service attacks
– High profile U.S. Web sites affected include:
•
•
•
•
The White House site
The Department of Homeland Defense
The State and the U.S. Treasury
The Washington Post, among others
• Based on old virus - MyDoom.
• Patchwork of scripts – No coding needed
• No attempt to avoid AV signatures
• Sad truth on protecting your site from this
– Batten the hatches, hunker down and work with your Internet Service
Provider (ISP) to implement upstream filtering to cut down the massive
online traffic overloading their network
Current Security Trends
Recent Survey’s
• Increasing focus on degree to
which security can be improved if
applications used for business
processes within enterprises were
designed and programmed with
fewer vulnerabilities to begin with
– DHS - Build Security In
– Consensus Audit Guidelines (CAG)
– SafeCode
• Application Firewalls have
become commonplace with
over ½ of organizations
utilizing them
CSI 2008 Survey
Current Security Trends
Cloud Computing
• A current IT hotspot
– Be careful of security
façades that can be
bypassed
– NIST Cloud Computing
Security Whitepaper out
soon
– The only “secure
cloud” right now are
private clouds
Scope of ESRI Security Efforts
Scope of ESRI Security Efforts
Compliance and certifications
• ESRI fully supports and tests product compatibility with FDCC (Federal
Desktop Core Configuration) security settings
• ESRI hosts FISMA certified and accredited low risk category environments
• ESRI’s Security Patterns are based on NIST/FISMA guidance
– Not provided as full certification compliance representations
• ESRI software products are successfully deployed in high risk security
environments
• ESRI does not certify classified environment products and systems
– Function is performed by the system owner
• ESRI continues to evaluate the need for compliance and/or additional
certifications
Scope of ESRI Security Efforts
Regulations and Standards
• ESRI patterns based on ISO / NIST guidance
– Contain the backbone of most security regulations
and standards
• NIST Standards can operate as a baseline of
security and then layer in applicable laws,
regulations for compliance of an industry on top
– Referred to as a Unified approach to information
security compliance
Step 2.
Preliminary Awareness
Raising and Training
Determine
Applicable Laws
and Regulations.
Step 1.
Establish
Requirements
Determine
Security and
Privacy Standards
Step 3.
Information Collection
Step 4.
Perform Risk and other
Analyses
Step 5.
Report of Findings and
Recommendations
Step 6.
Prepare Implementation
Plan
Step 7.
Implementation Program,
Provide Training
Documentation
Review
Interviews/
Questionnaires
Data Classification
and Mapping
Scope of ESRI Security Efforts
NEW Enterprise GIS Resource Center
Scope of ESRI Security Efforts
• ESRI provides security due diligence with our products and
solutions, but is not a security software company
• ESRI recognizes every security solution is unique
• Ultimately, certifications and accreditations are based on a
customers mission area and circumstance
• Reference Implementations on Enterprise Resource Center
– Validate for performance and security
Next Steps Supporting Secure Solutions
Next Steps Supporting Secure Solutions
• Your feedback and insight today are essential
– Current security issues
– Upcoming security requirements
– Areas of concern not addressed today
Contact Us At:
est@esri.com
Session Evaluation Reminder
Session Attendees:
Please turn in your session evaluations.
. . . Thank you
References
• ESRI Enterprise GIS Resource Center Website
– NEW JULY 2009
– Focused Enterprise GIS Technical Solutions
– http://resources.esri.com/enterprisegis/
• Consensus Audit Guidelines
– Released May 2009 (Version 2.0)
– http://www.sans.org/cag/guidelines.php
• SafeCode Guidelines
– http://www.safecode.org/
• MS Application Architecture Patterns
– Contains security guidance per application type
– http://www.codeplex.com/AppArchGuide
Related documents
Esri
Esri
4150_Senior Software Test Lead
4150_Senior Software Test Lead
GIS Water Utility Infrastructure
GIS Water Utility Infrastructure
Consultant - Business Analyst (Municipal Public Works
Consultant - Business Analyst (Municipal Public Works
Median Household Income Contact: Bryan Townsend York County
Median Household Income Contact: Bryan Townsend York County
CE 525
CE 525
Technical Marketing Industry Solutions Specialist (HO03-08)
Technical Marketing Industry Solutions Specialist (HO03-08)
Spring 2016: SYA 3930 – Spatial Sociology
Spring 2016: SYA 3930 – Spatial Sociology
References: Chapter 8
References: Chapter 8
Download
advertisement