Design: Delivering Secure Solutions - PowerPoint PPT Presentation

About This Presentation
Title:

Design: Delivering Secure Solutions

Description:

Michael Young ESRI Senior Enterprise Architect Certified Information Systems Security Professional (CISSP) Version 1.2 Current Security Trends Recent Survey s ... – PowerPoint PPT presentation

Number of Views:187
Avg rating:3.0/5.0
Slides: 45
Provided by: Michael2312
Category:

less

Transcript and Presenter's Notes

Title: Design: Delivering Secure Solutions


1
Design Delivering Secure Solutions
  • Michael Young
  • ESRI Senior Enterprise Architect
  • Certified Information Systems Security
    Professional (CISSP)

Version 1.2
2
Agenda
  • Intro
  • ESRIs GIS Security Strategy
  • Enterprise-wide Security Mechanisms
  • Application Security
  • Enterprise GIS Security Patterns
  • Current Security Trends
  • Scope of ESRI Security Efforts
  • ESRIs Next Steps Supporting Secure Solutions

3
IntroGoals for this session
  • Communicate ESRIs plans to meet your security
    needs
  • Open discussions to incorporate your input

4
IntroSecurity Industry Challenges
  • Service Oriented Architecture (SOA)
  • Virtualized systems
  • Cloud computing
  • Application vulnerabilities

5
IntroGeneral Security Principles
  • CIA Security Triad
  • Confidentiality
  • Prevent intentional or unintentional unauthorized
    disclosure
  • Integrity
  • Prevent unauthorized data modifications
  • Availability
  • Ensure reliable and timely access to data

6
IntroGeneral Security Principles
  • Defense in depth
  • Enterprise-Wide Initiative
  • Multiple Layers
  • Beyond Technology Solutions
  • Security zone based architecture

7
IntroGeneral Security Principles
  • Maintain Defenses Against Different Stages of
    Attack
  • Initial Compromise
  • Causing Damage
  • Long-Term Recognizance

8
ESRIs GIS Security Strategy
9
ESRIs Security StrategyTwo Reinforcing Trends
Enterprise platform and services
Discrete products and services
ESRI
exploiting 3rd party security functionality
exploiting embedded and 3rd party security
functionality
Integrated systems with discretionary access
Isolated Systems
IT/Security
relying on product and solution security
validation
relying on solution security validation
10
ESRIs Security StrategyInterdependent
Capabilities
  • Secure GIS products
  • ESRI develops products incorporating security
    industry best practices and are trusted across
    the globe to provide geospatial services that
    meet the needs of individual users and entire
    organizations
  • Secure GIS solution guidance
  • July release of Enterprise GIS Resource Center
    containing security best practice guidance and
    documentation

11
Enterprise-wide Security Mechanisms
12
Enterprise-Wide Security MechanismsOverview
  • Authentication
  • Authorization
  • Filters
  • Encryption
  • Logging/Auditing

13
Enterprise-Wide Security MechanismsAuthentication
  • ArcGIS Authentication Options
  • Default of none
  • Local connection
  • IIS Web Server Authentication
  • JavaEE Container Managed
  • Server Token Service
  • Forms based
  • Multiple concurrent methods
  • ArcGIS 9.3 Token Service
  • Cross-Platform - .NET Java
  • Cross-API SOAP REST
  • Cross-Product Desktop, Explorer, Web Service
    and Applications
  • 3rd Party
  • Public Key Infrastructure (PKI)
  • Single Sign-On (SSO)
  • Windows Integrated
  • LDAP

Authentication Method Protocol Description User Credential Encryption
Basic Digest Windows Integrated HTTP (SSL optional) Uses the browsers built-in pop-up login dialog box. Basic None, unless using SSL
Form-based HTTP (SSL optional) Application provides its own custom login and error pages. None, unless using SSL
Client Certificate HTTPS (HTTP over SSL) Server authenticates the client using a public key certificate. SSL
ESRI Token HTTP (SSL optional) Cross Platform, Cross API Authentication AES-128bit
14
Enterprise-Wide Security MechanismsAuthorization
  • Role Based Access Control (RBAC)
  • ESRI COTS
  • ArcGIS authorization across product lines to
    Service Level
  • Use ArcGIS Manager to assign access to services
  • Services can be grouped into folders which
    utilize inheritance to ease management
  • 3rd Party
  • RDBMS Row Level or Feature Class Level
  • Multi-Versioned instances may significantly
    degrade RDBM performance
  • Alternative is SDE Views
  • Custom - Limit GUI
  • Rich Clients via ArcObjects
  • Web Applications
  • Check out sample code - Google EDN Common
    Security
  • Try out Microsofts AzMan tool

15
Enterprise-Wide Security MechanismsFilters
  • 3rd Party
  • Firewalls
  • Reverse Proxy
  • Common implementation option
  • MS now has free reverse proxy code for IIS 7
    (Windows 2008)
  • Looking into providing baseline filters
  • Web Application Firewall
  • Looking into providing baseline guidance for
    ModSecurity
  • Anti-Virus Software
  • Intrusion Detection / Prevention Systems
  • Custom
  • Limit applications able to access geodatabase

16
Enterprise-Wide Security MechanismsEncryption
  • 3rd Party
  • Network
  • IPSec (VPN, Internal Systems)
  • SSL (Internal and External System)
  • File Based
  • Operating System BitLocker
  • GeoSpatially enabled PDFs
  • Hardware (Disk)
  • RDBMS
  • Transparent Data Encryption
  • Low Cost Portable Solution - SQL Express 2008
    w/TDE

17
Enterprise-Wide Security MechanismsLogging/Auditi
ng
  • ESRI COTS
  • Geodatabase history may be utilized for tracking
    changes
  • JTX Workflow tracking of Feature based activities
  • ArcGIS Server Logging
  • Custom
  • ArcObjects component output GML of Feature based
    activities
  • 3rd Party
  • Web Server
  • RDBMS
  • OS

18
Application Security
19
Application SecurityOverview
  • Rich Client Applications
  • Web Applications
  • Web Services
  • Online Services
  • Mobile

20
Application SecurityRich Client Applications
  • ArcObject Development Options
  • Record user-initiated GIS transactions
  • Fine-grained access control
  • Edit, Copy, Cut, Paste and Print
  • Interface with centrally managed security
    infrastructure (LDAP)
  • Integration with server Token Authentication
    Service
  • Windows native authentication
  • Client Server Communication
  • Direct Connect RDBMS
  • Application Connect SDE
  • HTTP Service GeoData Service
  • SSL and IPSec Utilization

21
Application SecurityWeb Applications
  • ArcGIS Server Manager
  • Automates standard security configuration of web
    apps in ASP.NET and Java EE
  • E.g. Modifies web.config file of ASP.NET
  • Application Interfaces
  • .NET and Java ADFs
  • Out of the box integration with Token Security
    service
  • REST APIs (JavaScript, Flex, Silverlight)
  • Can embed in URL Simple
  • Better solution is dynamically generate token
  • Dont forget to protect access to your client code

22
Application SecurityWeb Services
  • ArcGIS Server Manager
  • Set permissions on folders as well as individual
    services
  • Restricting access to some services but not
    others is only available through Internet
    connections
  • Can remove Local service requests to ArcGIS
    Server by emptying AGSUsers group
  • Secures access to all ArcGIS Server web
    interfaces
  • REST
  • Service directory is on by default, disable if
    you dont want it browsable
  • SOAP
  • WS-Security can be addressed by 3rd party
    XML/SOAP gateways
  • OGC
  • KML

23
Application SecurityOnline Services
  • New ArcGIS Online Search and Share
  • Central resource for easily accessing, storing
    and sharing maps
  • A membership system
  • You control access to items you share
  • You are granted access to items shared by others
  • You join and share information using groups
  • Organizations self-administer their own users and
    groups
  • Site security similar in approach with other
    social networking sites
  • Not meant for highly confidential or proprietary
    data

24
Application SecurityMobile
  • ArcPad
  • Password protect and encrypt the AXF data file
  • Encrypt mobile device memory cards
  • Secure your ArcGIS Server environment with users
    and groups to limit who can publish ArcPad data
  • Secure your internet connection used for
    synchronizing ArcPad data
  • ArcGIS Mobile
  • Encrypt communication via HTTPS (SSL) or VPN
    tunnel to GeoData Service
  • Utilization of Token Service
  • Web Service Credentials
  • Consider utilization of Windows Mobile Crypto API
  • Third party tools for entire storage system

25
Secure Enterprise GIS Patterns
26
Secure GIS Patterns
  • ESRI is providing security implementation
    patterns to help solve recurring security
    problems in a proven, successful way
  • ESRIs patterns leverage The National Institute
    of Standards and Technology (NIST) guidelines
    for securing information systems
  • Patterns are based on risk for
  • Basic Security Risk Implementations
  • Standard Security Risk Implementations
  • Advanced Security Risk Implementations

To prioritize information security and privacy
initiatives, organizations must assess their
business needs and risks
27
Secure GIS PatternsChoosing the appropriate Risk
Level Pattern
  • How does a customer choose the right pattern?
  • Formal NIST Security Categorization Process
  • Informal Simple scenarios ESRI customers can
    relate to
  • Formal Pattern Selection
  • NIST SP 800-60 - Guide for Mapping Types of
    Information and Information Systems to Security
    Categories

28
Secure GIS PatternsInformation Pattern Selection
Basic
  • Informal Pattern Selection
  • Basic Risk Pattern
  • No Sensitive data Public information
  • All architecture tiers can be deployed to one
    physical box
  • Standard Risk Pattern
  • Moderate consequences for data loss or integrity
  • Architecture tiers are separated to separate
    systems
  • Potential need for Federated Services
  • Advanced Risk Pattern
  • Sensitive data
  • All components redundant for availability
  • 3rd party enterprise security components utilized

Standard
Advanced
29
Secure GIS PatternsBasic Security
Basic
  • Common Basic Security Environment Attributes
  • Utilize data and API downloads from cloud
    computing environments
  • Secure services and web applications with ArcGIS
    Token Service
  • Separate internal systems from Internet access
    with DMZ
  • Utilize a Reverse Proxy to avoid DCOM across
    firewalls

30
Secure GIS PatternsStandard Security
Standard
  • Common Standard Security Environment Attributes
  • Authentication/Authorization
  • No static storage of ArcGIS Token in application
    code
  • Multi-Factor authentication utilized for remote
    system access
  • Network
  • Partitioning system functions such as Web,
    Database and Management by VLANs
  • Servers have separate network connections for
    management traffic
  • Add Application Security Firewall (ex. ModSec) to
    Reverse Proxy Server
  • Utilize host-based firewalls on systems
  • Systems Management
  • Can utilize data from cloud computing
    environments, but have local copies
  • Avoid usage of internal clients consuming
    external services for API downloads
  • Redundant components for High Availability
  • Can utilize low cost load balancers such as MS
    NLB
  • Utilize Intrusion Prevention/Detection Systems
  • Implement least privilege
  • Ensure separation of duties
  • Lock down system ports, protocols, and services
    (Whitepaper available)
  • Standardize system images for clients and server
    (SMS)

31
Secure GIS PatternsAdvanced Security
Advanced
  • Common Advanced Security Environment Attributes
  • Minimal reliance on external data/systems
  • Data Management
  • Separate datasets (e.g. Public, Employees, Subset
    of Employees)
  • Consider utilizing explicit labels on
    information, source and destination objects
  • Clustered Database for High Availability
  • Utilization of Transparent Data Encryption for
    storage of sensitive data
  • Authentication/Authorization
  • Utilize 3rd party security products for service
    and web application authentication and
    authorization
  • Utilize Public Key Infrastructure (PKI) certs
  • Multi-Factor Authentication required for Local
    Access, and for Remote system access Hardware
    Token Multi-Factor required
  • Network configuration
  • Redundant network connections between systems
  • Secure communication via IPSec between backend
    systems
  • Secure communication via SSL/TLS between Clients
    and Servers (Both web and Rich Clients)
  • Partitioning system functions such as Web,
    Database and Management by VLANs
  • Servers have separate network connections for
    management traffic
  • Deploy Network Access Control (NAC) tools to
    verify security configuration and patch level
    compliance before granting access to a network

32
Current Security Trends
33
Current Security TrendsOld-Fashioned DOS Attacks
Still in Style
  • July 4th started off with a bang of 50,000
    'zombies' triggering recent denial of service
    attacks
  • High profile U.S. Web sites affected include
  • The White House site
  • The Department of Homeland Defense
  • The State and the U.S. Treasury
  • The Washington Post, among others
  • Based on old virus - MyDoom.
  • Patchwork of scripts No coding needed
  • No attempt to avoid AV signatures
  • Sad truth on protecting your site from this
  • Batten the hatches, hunker down and work with
    your Internet Service Provider (ISP) to implement
    upstream filtering to cut down the massive online
    traffic overloading their network

34
Current Security TrendsRecent Surveys
  • Increasing focus on degree to which security can
    be improved if applications used for business
    processes within enterprises were designed and
    programmed with fewer vulnerabilities to begin
    with
  • DHS - Build Security In
  • Consensus Audit Guidelines (CAG)
  • SafeCode
  • Application Firewalls have become commonplace
    with over ½ of organizations utilizing them

CSI 2008 Survey
35
Current Security TrendsCloud Computing
  • A current IT hotspot
  • Be careful of security façades that can be
    bypassed
  • NIST Cloud Computing Security Whitepaper out soon
  • The only secure cloud right now are private
    clouds

36
Scope of ESRI Security Efforts
37
Scope of ESRI Security EffortsCompliance and
certifications
  • ESRI fully supports and tests product
    compatibility with FDCC (Federal Desktop Core
    Configuration) security settings
  • ESRI hosts FISMA certified and accredited low
    risk category environments
  • ESRIs Security Patterns are based on NIST/FISMA
    guidance
  • Not provided as full certification compliance
    representations
  • ESRI software products are successfully deployed
    in high risk security environments
  • ESRI does not certify classified environment
    products and systems
  • Function is performed by the system owner
  • ESRI continues to evaluate the need for
    compliance and/or additional certifications

38
Scope of ESRI Security EffortsRegulations and
Standards
  • ESRI patterns based on ISO / NIST guidance
  • Contain the backbone of most security regulations
    and standards
  • NIST Standards can operate as a baseline of
    security and then layer in applicable laws,
    regulations for compliance of an industry on top
  • Referred to as a Unified approach to information
    security compliance

39
Scope of ESRI Security EffortsNEW Enterprise GIS
Resource Center
Incorporates IT Foundation Architecture Guidance
ESRI Provides GIS Best Practice Guidance
40
Scope of ESRI Security Efforts
  • ESRI provides security due diligence with our
    products and solutions, but is not a security
    software company
  • ESRI recognizes every security solution is unique
  • Ultimately, certifications and accreditations are
    based on a customers mission area and
    circumstance
  • Reference Implementations on Enterprise Resource
    Center
  • Validate for performance and security

41
Next Steps Supporting Secure Solutions
42
Next Steps Supporting Secure Solutions
  • Your feedback and insight today are essential
  • Current security issues
  • Upcoming security requirements
  • Areas of concern not addressed today
  • Contact Us At
  • est_at_esri.com

43
Session Evaluation Reminder
  • Session Attendees
  • Please turn in your session evaluations.
  • . . . Thank you

44
References
  • ESRI Enterprise GIS Resource Center Website
  • NEW JULY 2009
  • Focused Enterprise GIS Technical Solutions
  • http//resources.esri.com/enterprisegis/
  • Consensus Audit Guidelines
  • Released May 2009 (Version 2.0)
  • http//www.sans.org/cag/guidelines.php
  • SafeCode Guidelines
  • http//www.safecode.org/
  • MS Application Architecture Patterns
  • Contains security guidance per application type
  • http//www.codeplex.com/AppArchGuide
Write a Comment
User Comments (0)
About PowerShow.com