The following section identifies best practices to consider when deploying ArcGIS Enterprise in an environment.
Application security settings
The following best practices are recommended for ArcGIS Server specifically. When possible, it is recommended customers apply the following application-level settings to their ArcGIS Server implementation:
- Do not expose Server Manager or Admin interfaces to public
- This can be accomplished by deploying the web adaptor or a reverse proxy
- Disable services directory (especially for public-facing servers)
- Avoid having anyone except developers freely discover services and associated operations
- Disabled service 'query' operations (where feasible)
- If not required for a particular service, it should be disabled to minimize potential attack surface
- Disable the Primary Site Administrator (PSA) account
- Disabling the default account ensures a singular access path for administrators identified in the enterprise identity store and provides additional accountability
- Limit utilization of commercial databases under website
- Avoid having public users directly (or indirectly) access the enterprise database. A file geodatabase can be a useful intermediary and help mitigate potential SQL injection attacks
- Enable standardize SQL queries
- Enable this security option in ArcGIS Server to provide greater protection against SQL injection attacks.
- Restrict cross-domain requests
- Restrict the use of ArcGIS Server services only to applications hosted in a whitelist of trusted domains
- Use the ArcGIS Online print service instead of the ArcGIS Server print service for public facing applications (accessible outside the corporate firewall)
- This enables offloading requests to cloud infrastructure and prevents web service requests directly to an internal ArcGIS Server
- If you must use the ArcGIS Server print service externally, always deploy the public-facing ArcGIS Server into the DMZ and not internally on a trusted network
For details, please consult best practices for configuring a secure environment.
Authentication involves verifying the credentials in a connection attempt to confirm the identity of the client.
- Require authentication to ArcGIS Server services using either GIS-tier or web-tier authentication. If using Portal for ArcGIS federated with your ArcGIS Server, customers also have the option of leveraging enterprise logins using SAML 2.0.
- GIS-tier authentication: Uses ArcGIS Token model authentication and the built-in User Store
- Web-tier authentication: Can use any authentication supported by the web server such as Integrated Windows Authentication or even leverage an organization's existing Public Key Infrastructure (PKI)
- Enterprise logins: If Portal for ArcGIS is federated with ArcGIS Server as part of an ArcGIS Enterprise deployment, there is also the option to use Enterprise Logins.
- Integrate with a SAML 2.0 Identity Provider (IdP) to provide Web Single Sign On
- SAML is an open standard to securely exchange authentication data between an IdP and a server provider (in thise case, Portal for ArcGIS)
Authorization is the process by which client permissions are verified prior to accessing a resource or performing a specific function.
- Perform Role-Based Access Control (RBAC)
- Use a least-privilege model for role management in ArcGIS Server
- Only assign privileges necessary for a user to perform their required functions
- The default roles that existing within ArcGIS Server are:
- If Portal for ArcGIS is being used, it is recommended that Custom Roles be utilized based on a principle of least privilege to more granularly define user access.
Encryption is the process of transforming data so that it is unreadable by those without access to a decryption key.
- Encrypt data-in-transit by enabling HTTPS on ArcGIS Server
- Use TLS 1.0 and above
- Use existing certificate infrastructure and use trusted certificates signed by a trusted third party certificate authority
- Encrypt data-at-rest (as feasible), particular for sensitive data sets
- For databases, consider using Transparent Data Encryption (TDE)
- For file repositories, consider using full disk encryption
- Ensure the use of strong encryption algorithms
- Cryptography is a constantly changing field and older algorithms will continue to be found unsafe
- Monitor standard bodies such as NIST for recommendations
Logging and Auditing
Logging involves recording events of interest from a system. Auditing is the practice of inspecting those logs to ensure system is functioning desirably or to answer a specific question about a particular transaction that occurred.
- Log events of interest such as who is publishing services
- Ensure logging across the system at the application, operating system and network layers
- Ensure logs are reviewed at an organization defined interval
- The use of a Security Information and Event Management (SIEM) is beneficial to aid in automatic correlation
Hardening is the process of securely configuring systems to mitigate as many security risks as possible. The attack surface can be minimized on a given system by:
- Implementating application-level hardening such as the guidance mentioned above
- Removing unnecessary software
- Disabling unnecessary services
- Consulting industry hardening guidelines such as CIS Security Benchmarks
Additional best practice information for ArcGIS Server and details can be found in the existing documentation.