Tag: security

Enable colleagues to update your maps and apps

Collaboration

Groups are a great way to share and organize your web GIS content, and the July 2015 update to ArcGIS Online just gave groups an exciting and useful new capability: you can now use groups to give members permission to update your items. This … Continue reading

Posted in ArcGIS Online, Security, Story Maps | Tagged , , , | 28 Comments

Strengthening account security in your organization

security-0

(By Blake Stearman, ArcGIS Online development team) As an administrator you want to keep your data workflows secure, but also allow members of your organization the freedom to accomplish tasks efficiently. ArcGIS Online continues to deliver improved capabilities for administering your … Continue reading

Posted in ArcGIS Online | Tagged , , , | Leave a comment

Sharing Web GIS Services? Always enable TLS

SecReview

Thousands of public Web GIS services are worthless for enterprise consumption, but there is a simple cure.  These increasingly worthless sites are configured without TLS (HTTPS) support.  Frequently, the operators of the sites are unaware that their lack of TLS … Continue reading

Posted in Security, Uncategorized | Tagged , , , , , , | 2 Comments

ArcGIS January 2015 Security Patch

secpatch

Esri has released security updates for the ArcGIS Web adaptor for Java, ArcGIS Server, and Portal for ArcGIS.  A number of security issues are addressed with this patch as described in the associated KBA’s and we recommend our customers apply … Continue reading

Posted in Security, Uncategorized | Tagged , , | 4 Comments

Esri Managed Cloud Services (EMCS) achieves FedRAMP Moderate compliance

logo3

On January 29th, 2015, the Esri Managed Cloud Services (EMCS) achieved FedRAMP Moderate compliance. This milestone provides assurance to customers that EMCS aligns with today’s latest rigorous security controls required for cloud systems at the moderate impact level (specifically FedRAMP … Continue reading

Posted in Security | Tagged , , , | Leave a comment

Does Ghost haunt you?

SecReview

On January 27, 2015, a serious Linux operating system security vulnerability dubbed “Ghost” was announced concerning the glibc low level system library that can allow attackers to remotely take complete control of a victims system.  This issue does not affect ArcGIS web … Continue reading

Posted in Security | Tagged , , , , | Leave a comment

Oracle Security Patch Issues with ArcGIS

SecReview

The deployment of Oracle’s October 2014 Critical Patch Update (CPU) for security vulnerabilities, causes all versions of ArcGIS connections to hang or crash when attempting to establish a database connection.  See the affected products and versions section of Oracle’s CPU … Continue reading

Posted in Security | Tagged , , , , | 4 Comments

Avoid SSL POODLE Bite

SecReview

MAJOR UPDATE 10/24/14 – On October 14, 2014, a security vulnerability involving SSL v3 was revealed called POODLE (CVE-2014-3566).  SSL v3 is estimated to be utilized by less than 2% of Internet users at this time, many of those users … Continue reading

Posted in Security | Tagged , , , , | 4 Comments

Recent Poisoned API’s and SEO’s

SecReview

The recent compromise of a jQuery server brought to light risks associated with utilizing Application Program Interfaces (API’s) that are not hosted on your system infrastructure.  Fortunately, the worse-case scenario did not happen, as the API files were not modified or … Continue reading

Posted in Security | Tagged , , , | Leave a comment

Does the Bash (Shellshock) Vulnerability affect you?

SecReview

On September 24, 2014, a security vulnerability was revealed affecting the standard bash login shell which is broadly deployed and used on Linux hosts. If you were wondering if ArcGIS Server, ArcGIS Online, and Portal for ArcGIS application interfaces are … Continue reading

Posted in Security | Tagged , , | Leave a comment