Options to secure ArcPad data

There following are four distinct areas of security that may be applicable to your ArcPad project. You can implement each of these individually, combine some of them, or use all of them.

Password protect and encrypt the AXF data file used in ArcPad

The quickest and easiest way to secure your data is to password protect and encrypt the AXF data file used in ArcPad. An ArcPad AXF file is a Microsoft SQL Server Compact Edition relational database that can be created using ArcPad Data Manager for ArcGIS.

There are four methods of configuring an AXF file using ArcPad Data Manager for ArcGIS, the first three are tools that are available on the ArcPad Data Manager toolbar in ArcMap and the fourth is an ArcToolbox tool. The four tools are as follows:

Each of the ArcMap tools provides a step-by-step wizard for configuring data for ArcPad. On the Select Output Options page of each wizard, you have the option to password protect your AXF file. Check the encrypt checked out data box, and type a password for the AXF file created. The ArcPad Check Outgeoprocessing toolbox tool also has an edit box where you can type a password for the output AXF file.

If you don't encrypt and password protect the AXF file, when you attempt to open the file in ArcPad, you'll be prompted for the password before the data is displayed. Simply put, the AXF file can be distributed as required, but only a person who knows the password can access it.

Encrypt memory cards on your mobile device

Windows Mobile 6.0/6.1 provides a way to encrypt storage cards. You can encrypt memory cards used on your mobile devices to mitigate the threat of a storage card with sensitive data being stolen from a device. For more information on how to prevent data loss on encrypted storage cards that are used in Windows Mobile devices, refer to this Microsoft article.

Secure your ArcGIS for Server environment

Local connections to ArcGIS for Server are handled through operating system users and groups. Two groups, agsadmin and agsusers, are created by the ArcGIS for Server installation process. You need to add to these groups any user that will make local connections to the ArcGIS server. These users will be able to publish an ArcPad project to the ArcGIS server.

NoteNote:

Users who don't have the right to publish can still use (either to download or synchronize) published ArcPad projects. To restrict who can download and subsequently synchronize your ArcPad project, see the Secure your Internet connection section below.

In ArcGIS for Server, you can also configure Internet connections (web services) through the Manager application. ArcPad publications made to an ArcGIS server that has security enabled will not display in the Get Data from Server dialog box in ArcPad.

If your ArcGIS for Server environment has a firewall, it's recommended that you use a reverse proxy web server to receive incoming HTTP requests. The ArcPad Project publication wizard (in ArcCatalog) offers you an option to enter the name of your reverse proxy web server. For more information on ArcGIS for Server security, including the use of a reverse proxy web server, see Implement Security for ArcGIS Server.

If you're using a Secure Sockets Layer (SSL) protocol with ArcGIS for Server or Portal for ArcGIS, you can use a self-signed certificate for your development or test servers. These self-signed certificates are inexpensive and fast to create but can create an issue for ArcPad clients who expect the SSL traffic to be signed by a trusted root. Microsoft documents the steps required to create, export, and deploy self-signed certificates. For more information, see the following:

Secure your Internet connection

When you publish an ArcPad project, web access is automatically enabled. This means that others can browse for the project from ArcPad (assuming they have a network connection) by entering the URL of the GIS server upon which the project is published.

To restrict who can download and subsequently synchronize your ArcPad project, you need to configure security options on your web server.

For more information on ISS security, see Security Guidance for IIS.

9/23/2019