Community
Select to view content in your preferred language

ArcSDE security: ST_GEOMETRY EXTPROC listener exploits and hardening the SDE schema?

275
0
04-14-2012 01:08 AM
danan
by
Frequent Contributor
‎04-14-2012 01:08 AM
At ArcSDE 9.3.1 for Oracle I didn't like what I saw regarding out of the box security for ArcSDE:
"Harden" ArcSDE repository on Oracle: do not grant privileges to PUBLIC role unnecessarily
http://ideas.arcgis.com/ideaView?id=087300000008HY6AAM

Unless I'm mistaken, the SDE schema / ArcSDE repository violates all three basic principles of security: Confidentiality, Integrity, and Availability as described in the Idea link above. There's a KB article out there somewhere saying how to manually harden the SDE repository and that's welcome. But it should probably be a bit more front and center in the install documentation--e.g. if this has not been done already, linked to the KB article from the install docs please. It may not occur to someone up front to harden the SDE repository.

The vast majority of security exploits are evidently caused by misconfiguration according to Cloud Security expert Steve Riley (during his spectacular 2012 DevSummit Keynote--view it online). Presuming that's true, it might be nice to alert folks up front what countermeasures they might take. Rather than learn what ought to have been done up front post-breach...

ArcSDE Security Improvements at 10.1?
I've not looked at privileges granted at ArcSDE 10 to see if there's been improvement. Hoping such is the case at ArcSDE 10.1 Final. While I understand hardening the SDE schema requires a bit more work up front (e.g. revoking grants from PUBLIC and granting to data owners, etc per the KB article), it's an investment worth considering.

Security Issues With EXTPROC Oracle Listener for ST_GEOMETRY Spatial SQL Functions?
Someone added a comment to the Idea entry above questioning the use of EXTPROC, e.g. presumably the listener for ST_GEOMETRY spatial SQL functions. The only best practice I know of, one mentioned in Esri documentation and one we've implemented, is to create a second, less privileged user to run a second, dedicated Oracle listener for ST_GEOMETRY. Are there ways to harden this further? What are the issues if any? No system is 100% secure unless it's unplugged. But what other due diligence, relatively low effort / low cost items can ArcSDE admins perform to ensure ArcSDE is more secure than what one gets out of the box?
0 Kudos
0 Replies