Best practices for configuring a secure environment

When securing ArcGIS Server, it's important that the environment ArcGIS Server runs in be secure as well. There are several security best practices that you can follow to ensure the greatest security.

Restricting file permissions

It is recommended that file permissions be set so that only necessary access is granted to the ArcGIS Server installation directory, configuration store, and server directories. The only account that the ArcGIS Server software requires to have access to is the ArcGIS Server account. This is the account that is being used to run the software. Your organization may require that additional accounts also be given access. Keep in mind that the ArcGIS Server account needs full access to the installation directory, configuration store, and server directories in order for your site to function properly.

ArcGIS Server inherits file permissions from the parent folder where it is installed. Additionally, ArcGIS Server grants permission to the ArcGIS Server account so it can access the directory where it is installed. Files that are created as ArcGIS Server runs (such as logs) inherit their permissions from the parent folder. If you wish to secure the configuration store and server directories, then set restricted permissions on the parent folder.

Any account that has write access to the configuration store can change ArcGIS Server settings that normally can only be modified by an administrator of the system. If a built-in security store is being used to maintain users, the configuration store will contain encrypted passwords for those users. In this case, read access to the configuration store should also be restricted.

If you have secured map or geoprocessing services, it's important to lock down file permissions on the server directories to ensure that unauthorized accounts don't obtain access to maps and geoprocessing job outputs.

Disabling the primary site administrator account

The primary site administrator account is the account that you specify when you first create a site in ArcGIS Server Manager. It's name and password are recognized only by ArcGIS Server; it is not an operating system account, and it is managed separately from the users account in your identity store.

It's recommended that you disable the primary site administrator account. This ensures that there isn't another way to administer ArcGIS Server other than the group or role you've specified in your identity store. See Disabling the primary site administrator account for full instructions.

Defining the shared key used to generate an ArcGIS token

An ArcGIS token is a string of encrypted information. The shared key is the cryptographic key used to generate this encrypted string. The more complex the shared key, the harder it is for a malicious user to break the encryption and decipher the shared key. If a user is able to decipher the shared key, replicate ArcGIS Server's encryption algorithm, and obtain the list of authorized users, the user will be able to generate tokens and consume any secured resource on that particular ArcGIS Server.

Before defining a shared key, consider the following:

To learn more, see About ArcGIS tokens.

Securely transmitting ArcGIS tokens

To prevent the interception and misuse of tokens, the use of a secure connection using HTTPS (Secure Sockets Layer, or SSL) is recommended. The use of HTTPS/SSL ensures that the user name and password sent from the client and the token returned from ArcGIS Server cannot be intercepted. To learn more, see Enabling SSL on ArcGIS Server.

12/18/2014