Category: Security

Posts about security, privacy and compliance for Trust.arcgis.com.

Developers – Track Dependencies & Update Apps or Risk Exposing Users

secpatch

The days of developers not keeping track of where they use third party libraries and not upgrading them are dead.  Why?  Over the last year awareness of vulnerabilities in these dependencies has increased in general and also as  security researchers … Continue reading

Posted in Security | Tagged , , | Leave a comment

Enable colleagues to update your maps and apps

Collaboration

Groups are a great way to share and organize your web GIS content, and the July 2015 update to ArcGIS Online just gave groups an exciting and useful new capability: you can now use groups to give members permission to update your items. This … Continue reading

Posted in ArcGIS Online, Security, Story Maps | Tagged , , , | 28 Comments

VENOM & Logjam Vulnerability Hype

SecReview

Mid-May was a busy month for vulnerabilities being covered by media, so we’ve consolidated information about two of the most broadcasted vulnerabilities here. VENOM Vulnerability Information: On May 13, 2015, a hypervisor vulnerability was disclosed CVE-2015-3456 referred to as VENOM that … Continue reading

Posted in Security | Tagged | Leave a comment

Sharing Web GIS Services? Always enable TLS

SecReview

Thousands of public Web GIS services are worthless for enterprise consumption, but there is a simple cure.  These increasingly worthless sites are configured without TLS (HTTPS) support.  Frequently, the operators of the sites are unaware that their lack of TLS … Continue reading

Posted in Security, Uncategorized | Tagged , , , , , , | 2 Comments

ArcGIS January 2015 Security Patch

secpatch

Esri has released security updates for the ArcGIS Web adaptor for Java, ArcGIS Server, and Portal for ArcGIS.  A number of security issues are addressed with this patch as described in the associated KBA’s and we recommend our customers apply … Continue reading

Posted in Security, Uncategorized | Tagged , , | 4 Comments

Esri Managed Cloud Services (EMCS) achieves FedRAMP Moderate compliance

logo3

On January 29th, 2015, the Esri Managed Cloud Services (EMCS) achieved FedRAMP Moderate compliance. This milestone provides assurance to customers that EMCS aligns with today’s latest rigorous security controls required for cloud systems at the moderate impact level (specifically FedRAMP … Continue reading

Posted in Security | Tagged , , , | Leave a comment

Does Ghost haunt you?

SecReview

On January 27, 2015, a serious Linux operating system security vulnerability dubbed “Ghost” was announced concerning the glibc low level system library that can allow attackers to remotely take complete control of a victims system.  This issue does not affect ArcGIS web … Continue reading

Posted in Security | Tagged , , , , | Leave a comment

Oracle Security Patch Issues with ArcGIS

SecReview

The deployment of Oracle’s October 2014 Critical Patch Update (CPU) for security vulnerabilities, causes all versions of ArcGIS connections to hang or crash when attempting to establish a database connection.  See the affected products and versions section of Oracle’s CPU … Continue reading

Posted in Security | Tagged , , , , | 4 Comments

Avoid SSL POODLE Bite

SecReview

MAJOR UPDATE 10/24/14 – On October 14, 2014, a security vulnerability involving SSL v3 was revealed called POODLE (CVE-2014-3566).  SSL v3 is estimated to be utilized by less than 2% of Internet users at this time, many of those users … Continue reading

Posted in Security | Tagged , , , , | 4 Comments

Recent Poisoned API’s and SEO’s

SecReview

The recent compromise of a jQuery server brought to light risks associated with utilizing Application Program Interfaces (API’s) that are not hosted on your system infrastructure.  Fortunately, the worse-case scenario did not happen, as the API files were not modified or … Continue reading

Posted in Security | Tagged , , , | Leave a comment