building secure applications
play

Building Secure Applications Greg Ponto & Tom Shippee - PowerPoint PPT Presentation

Mar 19, 2024 •173 likes •461 views

Esri International User Conference San Diego, California Technical Workshops | July 26, 2012 Building Secure Applications Greg Ponto & Tom Shippee Presentation agenda Overview - Exploring 10.1 architecture Beginners: - Using 10.1

  2. Esri International User Conference San Diego, California Technical Workshops | July 26, 2012 Building Secure Applications Greg Ponto & Tom Shippee

  3. Presentation agenda • Overview - Exploring 10.1 architecture • Beginners: - Using 10.1 pre-configured security • Experts: - Leveraging existing web security

  4. Section A Exploring 10.1 architecture Thomas Shippee

  5. ArcGIS 10.1 for Server architecture • Self-contained • Simplified • Standards-based • Synergized

  6. Architecture at 10.0 GIS Services Service Authorization Data Tier Internal External Application GIS Tier Web Tier Web Tier Tier SOM IIS LAN ArcGIS LAN HTTPS HTTPS Enterprise DCOM Web Geodatabase SOC SOC Reverse custom code for proxy IIS ArcGIS tokens SQL Server Windows Proxy Page users & roles security store ArcGIS tokens DMZ Web Internal Network

  7. Architectural transition GIS Services Service Authorization Data Tier Internal Web Tier External Application GIS Tier Application Web Tier Web Tier Tier Tier GIS Servers SOM IIS IIS LAN ArcGIS LAN HTTPS HTTPS Enterprise DCOM Web Geodatabase SOC SOC Reverse custom code for Wizard builder Web Adaptor proxy IIS ArcGIS tokens Built-in store Identity manager SQL Server Windows Proxy Page users & roles security store ArcGIS Server Site ArcGIS tokens DMZ Web Internal Network

  8. Default 10.1 security configuration GIS Services Service Authorization Application GIS Tier Data Tier Web Tier Tier GIS Servers IIS LAN HTTPS HTTPS Enterprise Geodatabase Wizard builder Web Adaptor Built-in store Identity manager ArcGIS Server Site Internal Network DMZ Web

  9. Section B Using 10.1 pre-configured security Thomas Shippee

  10. Default 10.1 security workflow � Create site � Define Primary Site Administrator � Configure administrative security � Define “Administrator” and “Publisher” type roles � Assign user to appropriate roles � Create Desktop connections & publish services � Configure service access security � Define “User” type roles � Assign as permissions to folders/services � Assign users to appropriate roles � Build Web Applications � Create web apps (Web API viewer-builders)

  11. Demo � Create site � Define Primary Site Administrator � Configure administrative security � Define “Administrator” and “Publisher” type roles � Assign user to appropriate roles � Create Desktop connections & publish services � Configure service access security � Define “User” type roles � Assign as permissions to folders/services � Assign users to appropriate roles � Build Web Applications � Create web apps (Web API viewer-builders)

  12. Administrative Security Primary Site Administrator (PSA) myAdmins Site Alex Admin Default myAdmin Services Accounts Roles Privileges Paul Penny myPubs Pat myPubs myPubs Services myPubs

  13. Demo � Create site � Define Primary Site Administrator � Configure administrative security � Define “Administrator” and “Publisher” type roles � Assign user to appropriate roles � Create Desktop connections & publish services � Configure service access security � Define “User” type roles � Assign as permissions to folders/services � Assign users to appropriate roles � Build Web Applications � Create web apps (Web API viewer-builders)

  14. Service security: Use case • Public – View Only: - Trails - Campgrounds • Gina (Guide) – Edit: - Trails - Campgrounds • Rick (Ranger) – Edit: - Trails - Campgrounds - Restricted Areas

  15. GIS service security Accounts Permissions Roles Rick Site Admin guides Service Root guides Natural Resources rangers guides Secured Gina Restricted rangers Areas Trails George guides rangers guides guides guides

  16. Demo � Create site � Define Primary Site Administrator � Configure administrative security � Define “Administrator” and “Publisher” type roles � Assign user to appropriate roles � Create Desktop connections & publish services � Configure service access security � Define “User” type roles � Assign as permissions to folders/services � Assign users to appropriate roles � Build Web Applications � Create web apps (Web API viewer-builders)

  17. • Automatically manages ArcGIS tokens • Flex API & Viewer 2.5.1+ (works with ArcGIS 10.0 SP-1+) Web App Token Secured Token Secured Service Service

  18. SECTION C Leveraging existing web security: Gregory Ponto

  19. Web tier single-sign-on at 10.1 GIS Services Service Authorization Application GIS Tier Data Tier Web Tier Tier GIS Servers Shared key IIS LAN HTTP HTTP Enterprise Geodatabase Single sign-on Active Directory Web Adaptor ArcGIS security store Server Site Internal Network DMZ Web

  20. Workflow � Configure Security Store � Users & Roles = Active Directory � Authentication Tier = Web Adaptor � Define Shared Key � Grant Role Access to Services � Configure Web Adaptor � Specify Shared Key � Configure Integrated Windows (IIS) � Build Web Applications

  21. Demo � Configure Security Store � Users & Roles = Active Directory � Authentication Tier = Web Adaptor � Define Shared Key � � � � �

  22. Demo � � � � � Grant Role Access to Services � � � �

  23. Demo � � � � � � Configure Web Adaptor � Specify Shared Key � Configure Integrated Windows (IIS) �

  24. Demo � � � � � � � � � Build Web Applications

  25. What Architecture is Right for Me? Capability Security Store Authentication Authentication Application Encryption Tier Method Tier (HTTPS) Single Sign On Active Directory Web Tier (IIS) Integrated Any w/ SSO Optional Windows (IIS) Support Public/Private Any GIS Tier ArcGIS Tokens Any * Recommended Services Enterprise Users Active Directory, Any Any Any * Recommended & Roles LDAP Web Editing Any Any Any Any * Recommended Mobile Any Any Any Any * Recommended Applications SharePoint Any Any Any Any * Recommended Enterprise Users Active Directory, Any Any Any * Recommended & Built In Roles LDAP Linux LDAP, Built-In Any Any Any * Recommended ArcGIS Online Any Any Any Any * Recommended * Silverlight & SharePoint require use of Proxy Page for token management.

  26. Steps to evaluate UC sessions • My UC Homepage > “Evaluate Sessions” • Choose session from planner OR • Search for session www.esri.com/ucsessionsurveys

  27. • Thank you for attending • Have fun at UC2012 • Open for Questions • Please fill out the evaluation: www.esri.com/ucsessionsurveys First Offering ID: 809 Second Offering ID: 1928

  28. Wrap-up & Questions RELATED PRESENTATIONS • Securing ArcGIS: Best Practices for Security Implementations Wed @ 3:15 PM (20 minute) • ??? ?? @ ?:??

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University of California, Santa Cruz Owen Arden Remote Attestation A process for the enclave to gain the trust of a remote service, so that the remote

212 views • 18 slides
Building Secure ColdFusion Applications Presented By Pete Freitag Principal Consultant, Foundeo

Building Secure ColdFusion Applications Presented By Pete Freitag Principal Consultant, Foundeo

Building Secure ColdFusion Applications Presented By Pete Freitag Principal Consultant, Foundeo Inc. The Plan: 1. Unchecked Input 2. File Uploads 3. XSS - Cross Site Scripting 4. SQL Injection 5. Cross Site Request Forgery 6. CRLF

425 views • 16 slides
and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff & Kenneth R. Van Wyk

753 views • 17 slides
Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016

Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016

Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 Christopher Stetson Chief Architect, Professional Services NGINX MORE INFORMATION AT NGINX.COM Agenda Agenda A little NGINX History The

774 views • 45 slides
Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Networking Secure apps Aims Crypto Basics Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014

389 views • 26 slides
Practical Secure Two-Party Computation and Applications Lecture 3: Tools and Applications

Practical Secure Two-Party Computation and Applications Lecture 3: Tools and Applications

Practical Secure Two-Party Computation and Applications Lecture 3: Tools and Applications Estonian Winter School in Computer Science 2016 Overview of this lecture Part 2: ABY Part 3: GSHADE Special Purpose Protocols Generic Protocols

819 views • 52 slides
Welcome to the course! Building Web Applications in R with Shiny Building Web Applications in R

Welcome to the course! Building Web Applications in R with Shiny Building Web Applications in R

BUILDING WEB APPLICATIONS IN R WITH SHINY Welcome to the course! Building Web Applications in R with Shiny Building Web Applications in R with Shiny Background You are familiar with R as a programming language. You are familiar with

705 views • 43 slides
CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs 5:00-6:20PM Deian Stefan UC San Diego Who am I? New assistant professor PhD at Stanford (Mazieres & Mitchell) I like to build secure

896 views • 50 slides
Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito

Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito

ISSRE 2019 Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito Andr Martin Lilia Sampaio Fbio Silva Security-aware data processing Part 1 Why secure data processing? 3 In 2019, companies

1.24k views • 69 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
Secure by Default Web Applications With Apache Sling Robert Munteanu, Adobe Systems ApacheCon

Secure by Default Web Applications With Apache Sling Robert Munteanu, Adobe Systems ApacheCon

Secure by Default Web Applications With Apache Sling Secure by Default Web Applications With Apache Sling Robert Munteanu, Adobe Systems ApacheCon Core 2016 http://robert.muntea.nu @rombert Who I am $DAYJOB Open Source Adobe

610 views • 40 slides
Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key Components SKE, MAC Public-Key Components PKE, Digital Signatures Building blocks: Block-ciphers (AES), Hash-functions (SHA-3), Trapdoor PRG/OWP for PKE

1.07k views • 72 slides
Reactive elements Building Web Applications in R with Shiny Reactive objects Building Web

Reactive elements Building Web Applications in R with Shiny Reactive objects Building Web

BUILDING WEB APPLICATIONS IN R WITH SHINY Reactive elements Building Web Applications in R with Shiny Reactive objects Building Web Applications in R with Shiny Reactive sources and endpoints Reactive source: User input that comes through

624 views • 43 slides
CEF eI D Building Block European Com m ission DI GI T Frdric POELS STORK Secure idenTity

CEF eI D Building Block European Com m ission DI GI T Frdric POELS STORK Secure idenTity

CEF eI D Building Block European Com m ission DI GI T Frdric POELS STORK Secure idenTity acrOss boRders linKed I SA Interoperability Solutions for European Public Administrations eI DAS STORK 2 .0 Electronic Identification, Secure

793 views • 31 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Developing Secure Applications for IBM i Introductions Design and Documentation

Developing Secure Applications for IBM i Introductions Design and Documentation

Developing Secure Applications for IBM i Introductions Design and Documentation Application Ownership and Authority A Simple Security Model Integrity Considerations Resources for Security Officers Questions & Answers

1.06k views • 93 slides
assessment practices Leonor Santos, Institute of Education, Lisbon University Jorge Pinto, School

assessment practices Leonor Santos, Institute of Education, Lisbon University Jorge Pinto, School

Articulating summative and formative assessment practices Leonor Santos, Institute of Education, Lisbon University Jorge Pinto, School of Education, Polytechnic Institute of Setbal Portugal Assessment practices: What research says At the

512 views • 20 slides
Cybersecurity : Minimizing the X-Factor Kathleen Rice Faegre Baker Daniels NFI Insurance Forum

Cybersecurity : Minimizing the X-Factor Kathleen Rice Faegre Baker Daniels NFI Insurance Forum

Cybersecurity : Minimizing the X-Factor Kathleen Rice Faegre Baker Daniels NFI Insurance Forum Indianapolis, IN October 23, 2015 1 Data Security and Privacy Incidents Are on the Rise Billions lost in cyber theft of Potential for identity

202 views • 16 slides
London Investor Meetings June 20-21, 2013 Disclaimer The information contained in this

London Investor Meetings June 20-21, 2013 Disclaimer The information contained in this

London Investor Meetings June 20-21, 2013 Disclaimer The information contained in this presentation (the Information) is provided by Global Logistic Properties Limited (the Company) to you solely for your reference and may not be

498 views • 45 slides
WEL ELCOME COME Christina Hippisley Portuguese Chamber of Commerce in the UK LIVING IN

WEL ELCOME COME Christina Hippisley Portuguese Chamber of Commerce in the UK LIVING IN

WEL ELCOME COME Christina Hippisley Portuguese Chamber of Commerce in the UK LIVING IN PORTUGAL Dylan Her erholdt oldt - Portugal tugal Rea ealty ty (Sil ilver er Coast) Bruc uce e Hawker er - Fine Fine an and C d Coun untr try

1.15k views • 103 slides
December 2016 PROFICO AMBIENTE E ORDENAMENTO, LDA. Morada: Rua Alfredo da Silva 11-B 1300-040

December 2016 PROFICO AMBIENTE E ORDENAMENTO, LDA. Morada: Rua Alfredo da Silva 11-B 1300-040

ENVIRONMENT IS OUR PRIORITY December 2016 PROFICO AMBIENTE E ORDENAMENTO, LDA. Morada: Rua Alfredo da Silva 11-B 1300-040 Lisboa E-mail: ambiente@profico.pt Tel.: (+351) 21 361 93 60 Fax: (+351) 21 361 93 69 www.proficoambiente.pt ENVIRONMENT

706 views • 32 slides
Jus$n G. Mychek-Londer and David (Bo) Bunnell Acknowledgements

Jus$n G. Mychek-Londer and David (Bo) Bunnell Acknowledgements

Jus$n G. Mychek-Londer and David (Bo) Bunnell Acknowledgements Great Lakes Fisheries Commission (GLFC) Great Lakes Restora$on Ini$a$ve (GLRI) USGS

554 views • 54 slides
FOR REFLECTION AND EXPLORATION IN THE PRACTICUM Ins K. de Miller (PUC-Rio, Brasil) Teacher

FOR REFLECTION AND EXPLORATION IN THE PRACTICUM Ins K. de Miller (PUC-Rio, Brasil) Teacher

Ministry of Education Chile / British Council Chile Initial Teacher Education Seminar on Teacher-research 22-23 March 2016, Santiago FINDING OPPORTUNITIES FOR REFLECTION AND EXPLORATION IN THE PRACTICUM Ins K. de Miller (PUC-Rio, Brasil)

341 views • 31 slides
apresentao do sis iste tema http://www.LuminaIT.com.br htt ttp:/ ://www.LuminaIT.co

apresentao do sis iste tema http://www.LuminaIT.com.br htt ttp:/ ://www.LuminaIT.co

apresentao do sis iste tema http://www.LuminaIT.com.br htt ttp:/ ://www.LuminaIT.co com.br Lumina@LuminaIT.com.br Lumina@LuminaIT.co com.br +55 11 3996 4275 +55 1 11 3 3996 4275 Um ERP para a Construo Civil O negcio

586 views • 31 slides

More recommend