A Security Model for ArcIMS
Continued...
For a very strong security model, the request can go to port 443 again for SSL connection but performance will be reduced. The HTTP and ArcIMS servers process the request and send the result back to the requestor, the reverse proxy. The reverse proxy again checks the result against its reverse mapping and changes all references in the URL and the HTTP header from myserver.myarcims.com to https://www.myarcims.com. After all the translations are completed, the reverse proxy transfers the result back to the client that originally sent the HTTP request. From the client's point of view, the request was handled by https://www.myarcims.com, but actually it was handled by myserver.myarcims.com.
What Are the Advantages?
By using an SSL connection, data communication between the client and the ArcIMS server is encrypted. The reverse proxy provides a single point of access that allows the addition of another layer of security and a single point of control over who can obtain access (through authentication) and what they can access (through authorization settings).
Another advantage is ease of modification of backend servers or host name changes. These types of changes will not affect clients because they are made to the reverse proxy mapping rules. Load balancing and failover can be set up by using networking software or hardware solutions.
Since both the reverse proxy and HTTP and ArcIMS servers are placed in the DMZ, the internal network and backend database are totally separated from the outside world and, if compromised, deny a hacker access to the internal network. To administer the ArcIMS server from the internal network, a firewall can be placed between the internal network and the DMZ. No access from the DMZ to the internal network is allowed. However, limited access from the internal network to the DMZ is allowed so that an administrator or developer can work on the ArcIMS server.
What Are the Disadvantages?
One of the most significant disadvantages of this model is that ArcIMS performance will be considerably degraded as a result of the high volume of information being transferred over the SSL as it is going through an extensive encryption process. In addition, the system's performance is hindered by the volume of translations required by the reverse proxy and firewall. Another disadvantage is that if the reverse proxy goes down and failover has not been set up, the whole system will be inaccessible. Finally, the costs associated with the required hardware and software will increase as well as required maintenance costs associated with the server and equipment.
Any Additional ArcIMS Configuration Procedures?
Because the outside client will see the reverse proxy address as the actual ArcIMS site address, the following procedures must be performed so that the URL can be resolved from an outside client. In this example, the reverse proxy address is https://www.myarcims.com and the actual ArcIMS site address is myserver.myarcims.com.
- Image map services: The Server Output HTTP location needs to be changed from http://myserver.myarcims.com output to https://www.myarcims.com.
- HTML viewer: The ArcIMSParams.js file needs to be modified, there are two variables that contain the URL to the MapServices. Find the following section:
//********************************************************
//* parameters set by Designer
//********************************************************
var imsURL = 'http://myserver.myarcims.com/servlet/com.esri.esrimap.Esrimap?ServiceName=NY';
var imsOVURL = 'http://myserver.myarcims.com/servlet/com.esri.esrimap.Esrimap?ServiceName=NY';
o Change the imsURL and imsOVURL variables to the URL for the reverse proxy.
var imsURL = 'https://www.myarcims.com/servlet/com.
esri.esrimap.Esrimap?ServiceName=NY';
var imsOVURL = 'https://www.myarcims.com/servlet/com.
esri.esrimap.Esrimap?ServiceName=NY';
o Java viewer: The default .axl needs to be modified. In the section, there are URLs to each of the services subscribed by this page. Find the following line:
‹IMAGESERVERWORKSPACE name="jfs_ws-4" url="http://myserver.myarcims.com/servlet/com.esri.esrimap.
Esrimap" service="NY"/>›
o Change the url variable to the URL of the reverse proxy.
Conclusion
While ArcIMS provides an innovative solution for distributing GIS services and data on the Internet, there are also security concerns. This security model is only one of many standard security models that can be used in conjunction with ArcIMS security features to build a secure ArcIMS Web site. It is important for system administrators and developers to consider the advantages and disadvantages of each security model so that they can design the most suitable architecture for their ArcIMS Web site. For more information, please contact
Linh H. Le, Research Scientist
Bureau of Healthcom Network Systems Management
Information System and Health Statistics Group
New York State Department of Health
733 Broadway, Albany, New York 12207
E-mail: LHL02@health.state.ny.us
References
Engelschall, Ralph S., "Load Balancing Your Web Site," WebTechniques, 1998, www.webtechniques.com/archives/1998/05/engelschall/.
Engelschall, Ralph S., URL Rewriting Guide, 1997, www.engelschall.com/pw/apache/rewriteguide/.
Esri, Security and ArcIMS, 2001, arconline.esri.com/arconline/whitepapers/ims_/securityarcims.pdf.
Loutonen, Ari, Web Proxy Servers, Prentice Hall, 1998 (325-343).
Netscape Communication Corporation, Netscape Proxy Manual, 1997 developer.netscape.com/docs/manuals/proxy/adminnt/revpxy.htm.
Netscape Communication Corporation, The SSL Protocol-Version 3.0, 1996, wp.netscape.com/eng/ssl3/ssl-toc.html.
Stricek, Art, A Reverse Proxy Is A Proxy By Any Other Name, SANS InfoSec Reading Room, 2002, www.sans.org/rr/catindex.php?cat_id=65.
Zwicky, Elizabeth D., Building Internet Firewalls, O'Reilly, 2000.
Acknowledgments
The author thanks Dr. Ivan Gotham at NYSDOH for his invaluable guidance and Debra Sottolano and Carolyn Stetson for their encouragement and support. He is particularly indebted to Dr. William Moyer and Ron Stamp for their insight and help as well as for reviewing this article and contributing their ideas and to Michelle Kosinski for her help with the system prototype.
About the Author
Linh Le is a research scientist at the Bureau of Healthcom Network Systems Management at New York State Department of Health. His primary focus has been on GIS application development, spatial decision support systems, and enterprise GIS systems design and development.
|