Unused Web Central Services to Disable
Securing Archibus: Unused Web Central Services to Disable
It is a good general security practice to disable unused services that expose public API to clients.
If you are not using the following optional features, you should disable the corresponding services.
| Feature Not Being Used | Web Central Services to Disable |
|---|---|
| Standard Map Views |
AbCommonResources-ArcgisService
|
| Extensions for ArcGIS |
AbCommonResources-ArcgisExtensionsService AbCommonResources-ArcgisExtensionsServiceForSmartClient |
| Archibus Connectors |
AbSystemAdministration ConnectorHandler AbSystemAdministration ConnectorJob AbSystemAdministration scheduleConnector |
| Archibus Mobile | configService |
Note: For services that do not require broad access, consider deploying them on a different server. For instance, the Connectors only need to be accessed by a local system administrator, and one or two other enterprise servers. They do not need general user access. Consider placing the Connectors on a server that allows only local access, or access from specific IP addresses.
Note
: If you run the Connectors, you might wish to secure them by implementing these recommendations:
-- "AP-002 Med Establish business logic security" and assign SYS-MGR permissions to the Connector workflow rules, so that only system managers are able to execute connectors (either directly or as scheduled rules from the SYSTEM account).
-- "AP-004 Med Establish data-level security" and SYS-MGR permissions to the connector tables, so that only system managers will be able to define connectors.