building secure applications
play

Building Secure Applications Greg Ponto & Tom Shippee - PowerPoint PPT Presentation

Mar 19, 2024 •173 likes •461 views

Esri International User Conference San Diego, California Technical Workshops | July 26, 2012 Building Secure Applications Greg Ponto & Tom Shippee Presentation agenda Overview - Exploring 10.1 architecture Beginners: - Using 10.1

  2. Esri International User Conference San Diego, California Technical Workshops | July 26, 2012 Building Secure Applications Greg Ponto & Tom Shippee

  3. Presentation agenda • Overview - Exploring 10.1 architecture • Beginners: - Using 10.1 pre-configured security • Experts: - Leveraging existing web security

  4. Section A Exploring 10.1 architecture Thomas Shippee

  5. ArcGIS 10.1 for Server architecture • Self-contained • Simplified • Standards-based • Synergized

  6. Architecture at 10.0 GIS Services Service Authorization Data Tier Internal External Application GIS Tier Web Tier Web Tier Tier SOM IIS LAN ArcGIS LAN HTTPS HTTPS Enterprise DCOM Web Geodatabase SOC SOC Reverse custom code for proxy IIS ArcGIS tokens SQL Server Windows Proxy Page users & roles security store ArcGIS tokens DMZ Web Internal Network

  7. Architectural transition GIS Services Service Authorization Data Tier Internal Web Tier External Application GIS Tier Application Web Tier Web Tier Tier Tier GIS Servers SOM IIS IIS LAN ArcGIS LAN HTTPS HTTPS Enterprise DCOM Web Geodatabase SOC SOC Reverse custom code for Wizard builder Web Adaptor proxy IIS ArcGIS tokens Built-in store Identity manager SQL Server Windows Proxy Page users & roles security store ArcGIS Server Site ArcGIS tokens DMZ Web Internal Network

  8. Default 10.1 security configuration GIS Services Service Authorization Application GIS Tier Data Tier Web Tier Tier GIS Servers IIS LAN HTTPS HTTPS Enterprise Geodatabase Wizard builder Web Adaptor Built-in store Identity manager ArcGIS Server Site Internal Network DMZ Web

  9. Section B Using 10.1 pre-configured security Thomas Shippee

  10. Default 10.1 security workflow � Create site � Define Primary Site Administrator � Configure administrative security � Define “Administrator” and “Publisher” type roles � Assign user to appropriate roles � Create Desktop connections & publish services � Configure service access security � Define “User” type roles � Assign as permissions to folders/services � Assign users to appropriate roles � Build Web Applications � Create web apps (Web API viewer-builders)

  11. Demo � Create site � Define Primary Site Administrator � Configure administrative security � Define “Administrator” and “Publisher” type roles � Assign user to appropriate roles � Create Desktop connections & publish services � Configure service access security � Define “User” type roles � Assign as permissions to folders/services � Assign users to appropriate roles � Build Web Applications � Create web apps (Web API viewer-builders)

  12. Administrative Security Primary Site Administrator (PSA) myAdmins Site Alex Admin Default myAdmin Services Accounts Roles Privileges Paul Penny myPubs Pat myPubs myPubs Services myPubs

  13. Demo � Create site � Define Primary Site Administrator � Configure administrative security � Define “Administrator” and “Publisher” type roles � Assign user to appropriate roles � Create Desktop connections & publish services � Configure service access security � Define “User” type roles � Assign as permissions to folders/services � Assign users to appropriate roles � Build Web Applications � Create web apps (Web API viewer-builders)

  14. Service security: Use case • Public – View Only: - Trails - Campgrounds • Gina (Guide) – Edit: - Trails - Campgrounds • Rick (Ranger) – Edit: - Trails - Campgrounds - Restricted Areas

  15. GIS service security Accounts Permissions Roles Rick Site Admin guides Service Root guides Natural Resources rangers guides Secured Gina Restricted rangers Areas Trails George guides rangers guides guides guides

  16. Demo � Create site � Define Primary Site Administrator � Configure administrative security � Define “Administrator” and “Publisher” type roles � Assign user to appropriate roles � Create Desktop connections & publish services � Configure service access security � Define “User” type roles � Assign as permissions to folders/services � Assign users to appropriate roles � Build Web Applications � Create web apps (Web API viewer-builders)

  17. • Automatically manages ArcGIS tokens • Flex API & Viewer 2.5.1+ (works with ArcGIS 10.0 SP-1+) Web App Token Secured Token Secured Service Service

  18. SECTION C Leveraging existing web security: Gregory Ponto

  19. Web tier single-sign-on at 10.1 GIS Services Service Authorization Application GIS Tier Data Tier Web Tier Tier GIS Servers Shared key IIS LAN HTTP HTTP Enterprise Geodatabase Single sign-on Active Directory Web Adaptor ArcGIS security store Server Site Internal Network DMZ Web

  20. Workflow � Configure Security Store � Users & Roles = Active Directory � Authentication Tier = Web Adaptor � Define Shared Key � Grant Role Access to Services � Configure Web Adaptor � Specify Shared Key � Configure Integrated Windows (IIS) � Build Web Applications

  21. Demo � Configure Security Store � Users & Roles = Active Directory � Authentication Tier = Web Adaptor � Define Shared Key � � � � �

  22. Demo � � � � � Grant Role Access to Services � � � �

  23. Demo � � � � � � Configure Web Adaptor � Specify Shared Key � Configure Integrated Windows (IIS) �

  24. Demo � � � � � � � � � Build Web Applications

  25. What Architecture is Right for Me? Capability Security Store Authentication Authentication Application Encryption Tier Method Tier (HTTPS) Single Sign On Active Directory Web Tier (IIS) Integrated Any w/ SSO Optional Windows (IIS) Support Public/Private Any GIS Tier ArcGIS Tokens Any * Recommended Services Enterprise Users Active Directory, Any Any Any * Recommended & Roles LDAP Web Editing Any Any Any Any * Recommended Mobile Any Any Any Any * Recommended Applications SharePoint Any Any Any Any * Recommended Enterprise Users Active Directory, Any Any Any * Recommended & Built In Roles LDAP Linux LDAP, Built-In Any Any Any * Recommended ArcGIS Online Any Any Any Any * Recommended * Silverlight & SharePoint require use of Proxy Page for token management.

  26. Steps to evaluate UC sessions • My UC Homepage > “Evaluate Sessions” • Choose session from planner OR • Search for session www.esri.com/ucsessionsurveys

  27. • Thank you for attending • Have fun at UC2012 • Open for Questions • Please fill out the evaluation: www.esri.com/ucsessionsurveys First Offering ID: 809 Second Offering ID: 1928

  28. Wrap-up & Questions RELATED PRESENTATIONS • Securing ArcGIS: Best Practices for Security Implementations Wed @ 3:15 PM (20 minute) • ??? ?? @ ?:??

Recommend

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University of California, Santa Cruz Owen Arden Remote Attestation A process for the enclave to gain the trust of a remote service, so that the remote

212 views • 18 slides
Building Secure ColdFusion Applications Presented By Pete Freitag Principal Consultant, Foundeo

Building Secure ColdFusion Applications Presented By Pete Freitag Principal Consultant, Foundeo

Building Secure ColdFusion Applications Presented By Pete Freitag Principal Consultant, Foundeo Inc. The Plan: 1. Unchecked Input 2. File Uploads 3. XSS - Cross Site Scripting 4. SQL Injection 5. Cross Site Request Forgery 6. CRLF

425 views • 16 slides
and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff & Kenneth R. Van Wyk

753 views • 17 slides
Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016

Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016

Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 Christopher Stetson Chief Architect, Professional Services NGINX MORE INFORMATION AT NGINX.COM Agenda Agenda A little NGINX History The

774 views • 45 slides
Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Networking Secure apps Aims Crypto Basics Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014

389 views • 26 slides
Practical Secure Two-Party Computation and Applications Lecture 3: Tools and Applications

Practical Secure Two-Party Computation and Applications Lecture 3: Tools and Applications

Practical Secure Two-Party Computation and Applications Lecture 3: Tools and Applications Estonian Winter School in Computer Science 2016 Overview of this lecture Part 2: ABY Part 3: GSHADE Special Purpose Protocols Generic Protocols

819 views • 52 slides
Welcome to the course! Building Web Applications in R with Shiny Building Web Applications in R

Welcome to the course! Building Web Applications in R with Shiny Building Web Applications in R

BUILDING WEB APPLICATIONS IN R WITH SHINY Welcome to the course! Building Web Applications in R with Shiny Building Web Applications in R with Shiny Background You are familiar with R as a programming language. You are familiar with

705 views • 43 slides
CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs 5:00-6:20PM Deian Stefan UC San Diego Who am I? New assistant professor PhD at Stanford (Mazieres & Mitchell) I like to build secure

896 views • 50 slides
Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito

Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito

ISSRE 2019 Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito Andr Martin Lilia Sampaio Fbio Silva Security-aware data processing Part 1 Why secure data processing? 3 In 2019, companies

1.24k views • 69 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
Secure by Default Web Applications With Apache Sling Robert Munteanu, Adobe Systems ApacheCon

Secure by Default Web Applications With Apache Sling Robert Munteanu, Adobe Systems ApacheCon

Secure by Default Web Applications With Apache Sling Secure by Default Web Applications With Apache Sling Robert Munteanu, Adobe Systems ApacheCon Core 2016 http://robert.muntea.nu @rombert Who I am $DAYJOB Open Source Adobe

610 views • 40 slides
Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key Components SKE, MAC Public-Key Components PKE, Digital Signatures Building blocks: Block-ciphers (AES), Hash-functions (SHA-3), Trapdoor PRG/OWP for PKE

1.07k views • 72 slides
Reactive elements Building Web Applications in R with Shiny Reactive objects Building Web

Reactive elements Building Web Applications in R with Shiny Reactive objects Building Web

BUILDING WEB APPLICATIONS IN R WITH SHINY Reactive elements Building Web Applications in R with Shiny Reactive objects Building Web Applications in R with Shiny Reactive sources and endpoints Reactive source: User input that comes through

624 views • 43 slides
CEF eI D Building Block European Com m ission DI GI T Frdric POELS STORK Secure idenTity

CEF eI D Building Block European Com m ission DI GI T Frdric POELS STORK Secure idenTity

CEF eI D Building Block European Com m ission DI GI T Frdric POELS STORK Secure idenTity acrOss boRders linKed I SA Interoperability Solutions for European Public Administrations eI DAS STORK 2 .0 Electronic Identification, Secure

793 views • 31 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Developing Secure Applications for IBM i Introductions Design and Documentation

Developing Secure Applications for IBM i Introductions Design and Documentation

Developing Secure Applications for IBM i Introductions Design and Documentation Application Ownership and Authority A Simple Security Model Integrity Considerations Resources for Security Officers Questions & Answers

1.06k views • 93 slides
Building Enterprise Applications with Windows Presentation Foundation and the Model View

Building Enterprise Applications with Windows Presentation Foundation and the Model View

Building Enterprise Applications with Windows Presentation Foundation and the Model View ViewModel Pattern (Developer Reference) Raffaele Garofalo Click here if your download doesn"t start automatically Building Enterprise Applications

210 views • 5 slides
Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications Dominic Tarr (SSB, New Zealand) Erick Lavoie (McGill University, Montreal) Aljoscha Meyer (TU Berlin, Germany) Christian Tschudin (U of

501 views • 18 slides
A secure infrastructure for mobile blended learning applications M. Politze, S. Schaffert, B.

A secure infrastructure for mobile blended learning applications M. Politze, S. Schaffert, B.

A secure infrastructure for mobile blended learning applications M. Politze, S. Schaffert, B. Decker IT Center RWTH Aachen University Overview Motivation & Goals Current State Case Studies Lessons Learned Future Work 2

623 views • 20 slides
New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning a

New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning a

New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning a ard 1 Daniel Escudero 1 Tore Frederiksen 2 Marcel Keller 3 Peter Scholl 1 Ivan Damg Nikolaj Volgushev 2 May 19, 2019 1 Aarhus University, Denmark 2

711 views • 32 slides
Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov

Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov

Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov joint work with A.Blanchard, F.Bobot, M.Lemerre,. . . SEC2, Lille, June 30 th , 2015 N. Kosmatov (CEA LIST) Formal Verification for secure Cloud

597 views • 37 slides
Building Secure Cultures Leigh Honeywell @hypatiadotca about me Canadian ex-Symantec,

Building Secure Cultures Leigh Honeywell @hypatiadotca about me Canadian ex-Symantec,

Building Secure Cultures Leigh Honeywell @hypatiadotca about me Canadian ex-Symantec, Microsoft Rebooted your Windows machines a few times in 2012 Now at Heroku, a Salesforce.com company move fast and break things. until this happens

445 views • 23 slides
Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School in Computer Science 2016 Overview Lecture 1: Introduction to Secure Two-Party Computation Lecture 2: Private Set Intersection Lecture 3: Tools

935 views • 67 slides
Designing and Building Secure Software With material from Dave Levin, Mike Hicks, Adam Shostack

Designing and Building Secure Software With material from Dave Levin, Mike Hicks, Adam Shostack

Designing and Building Secure Software With material from Dave Levin, Mike Hicks, Adam Shostack Making secure software Flawed approach : Design and build software, ignore security at first Add security once the functional requirements

858 views • 39 slides

More recommend