Wavepoint 1.5 – Configuration Guide

Security Considerations

This topic provides security recommendations.


Secured Services:

  • You should always used Secured Services that require authentication.

  • You should always use HTTPS as the web communication protocol.

  • Ensure your users have proper authentication and authorization to access their resources. For example, a URL that is accessed via a proxy might require a login to proceed. However, if users do not use the proxy, they might be able to access the URL without a login.


ArcGIS Server:

  • All ArcGIS Servers must be protected against cross-site scripting attacks by configuring the origins allowed to be accessed alongside content from ArcGIS Server. It is crucial that you follow the instructions to Restrict cross-domain requests to ArcGIS Server.

  • ArcGIS Server is usually hosted within another HTTP stack (IIS, Apache). Follow the vendor's best practices for hardening the server against attack.

  • If you install ArcGIS Web Adaptor to allow ArcGIS Server to integrate with your existing web server, you must enable HTTPS on your web server, which means you need to obtain a server certificate and bind it to the website that hosts ArcGIS Web Adaptor.


Client Devices that Run the Wavepoint Application:

Wavepoint provides users with access to an important asset of the organization: its GIS data. As such, it is important to secure that data against theft.

Recommendations specifically for securing client devices:

  1. Enable full disk encryption on devices that host Wavepoint.

  2. Configure screen lock timeout for a maximum of five minutes.

  3. Follow these recommendations for general Windows settings:

    • Do not grant local administrator privileges to end users.

    • Do not grant end-user account permissions to install applications.

    • Use application “allow-listing” to permit only approved applications or executables to run.

    • Use real-time endpoint protection to detect unauthorized changes to installed components.


Uninstalling the Application and Transferring Equipment:

Uninstall the application from the Control Panel.

When you uninstall the application, the files and configurations are left untouched in this folder:

  • C:\inetpub\wwwroot\Wavepoint

In this manner, if the user re-installs the application, the settings are preserved. However, if your company intends to transfer the equipment to another user, you should follow best practices for the secured deletion of the Wavepoint directories.

Further, because Wavepoint is browser based, an end user could have saved login credentials in the browser. You should also follow best practices for the secured deletion of browser-based user information.

QR Code is a registered trademark of DENSO WAVE INCORPORATED in Japan and other countries.

Was this helpful?

Contact Information
Legal Information
Privacy Policy
Change your cookie settings