User avatar
johan
GpsGate
Posts: 14925
Joined: Wed Aug 04, 2004 10:40 pm
Location: Sweden
Contact: Website

GUIDE: Keep your GpsGate Server secure.

Thu Dec 18, 2014 12:37 pm

Note: for an updated version of this and other articles, we recommend you to check our knowledge base here

GUIDE: Keep your GpsGate Server secure.

Tips for hosted and on-site servers:

# Make sure you always have all plugins up to date under SiteAdmin -> Plugins. All "green".

# The AccessFilter plugin makes it possible for you to control which IP addresses can access your GpsGate Server.
http://gpsgate.com/blogComment/accessfilter_plugin

# Make sure you only assign one physical person per login (username). And in this way you know "who did what".

# Use Roles and Features/Privileges to make sure a user can not access features not needed for his work.
http://gpsgate.com/blogComment/roles_and_features
http://gpsgate.com/blogComment/siteadmin_privileges

# See exactly which user did what using "User Actions". You find it under SiteAdmin -> System Tools -> User Actions.

# See exactly which user was logged into the system from which IP and during which time. You find it under SiteAdmin -> System Tools -> Activity.

# Set inactive users to logout automatically. You do this in SiteAdmin under Applications -> [Select app.] -> Automatic Logout.

Tips if you have your own server on-site:

Do not use a browser on your Windows server for casual surfing! Do not open and read emails on your Windows server! Never install software from the Internet that you do not 100% need and know what it is!

# Make sure you always have the latest Windows Updates from Microsoft installed.

# Use a firewall, and only keep the ports opened that you need.

# Be very restrictive on which software you install on the server.

# Securing your GpsGate Server with a dedicated Windows user
http://gpsgate.com/blogComment/securing_your_gpsgate_server_with_a_dedicated_windows_user

# Enable HTTPS for the GpsGate Server site in IIS.

# If using HTTPS, make sure to disable SSL 2.0 and 3.0, which are insecure and used by default: https://www.nartac.com/Products/IISCrypto/

# Enable X-Frame-Options: SAMEORIGIN to avoid Clickjacking. ( https://en.wikipedia.org/wiki/Clickjacking )
How to protect your web server: https://support.microsoft.com/en-us/help/2694329/mitigating-framesniffing-with-the-x-frame-options-header

If you have other security requests, please let us know and we will consider them.

Regards,
Johan

GpsGate Support

User avatar
johan
GpsGate
Posts: 14925
Joined: Wed Aug 04, 2004 10:40 pm
Location: Sweden
Contact: Website

RE: GUIDE: Keep your GpsGate Server secure.

Fri Jun 12, 2015 2:17 pm

Updated:

# Securing your GpsGate Server with a dedicated Windows user
http://gpsgate.com/blogComment/securing ... ndows_user


Regards,
Johan

GpsGate Support

piter197
Posts: 830
Joined: Sun Jan 09, 2011 3:32 am

RE: GUIDE: Keep your GpsGate Server secure.

Sun Jun 21, 2015 1:47 am

I assumes this also apply for Franson.SysMonitor.Service service.


Originally posted by johan

Updated:

# Securing your GpsGate Server with a dedicated Windows user
http://gpsgate.com/blogComment/securing ... ndows_user


Regards,
Johan

GpsGate Support


Best Regards,
piter197

User avatar
johan
GpsGate
Posts: 14925
Joined: Wed Aug 04, 2004 10:40 pm
Location: Sweden
Contact: Website

RE: GUIDE: Keep your GpsGate Server secure.

Sun Jun 21, 2015 12:48 pm

Franson.SysMonitor.Service is less sensitive since it will not accept requests from outside the server, and it does not allow plugins.

Regards,
Johan

GpsGate Support

piter197
Posts: 830
Joined: Sun Jan 09, 2011 3:32 am

RE: GUIDE: Keep your GpsGate Server secure.

Sat Jul 04, 2015 1:11 pm

Hi Johan,

I like to update:

1. If we use dedicated windows user for service Franson.SysMonitor.Service this will cause failure to update Patch.v4 plugin usually the updte progress will stop in the middle of the process like 13/16.

2. If we use dedicated windows user for service Franson NMEA Service this will cause any web service request will fail from outside and got error message:

404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

but when testing web service script internally from Script Editor everything just fine.




Best Regards,
piter197

User avatar
johan
GpsGate
Posts: 14925
Joined: Wed Aug 04, 2004 10:40 pm
Location: Sweden
Contact: Website

RE: GUIDE: Keep your GpsGate Server secure.

Sat Jul 04, 2015 4:46 pm

1. You should not use a dedicated user Franson.SysMonitor.Service

2. You mean Web Service Scripting?

Try:

netsh http add urlacl url=http://myserver.com:80/webservicescript user=username

Where myserver.com is the domain name of your server.
Where username is the username of the account you let the service run under.

Regards,
Johan

GpsGate Support

piter197
Posts: 830
Joined: Sun Jan 09, 2011 3:32 am

RE: GUIDE: Keep your GpsGate Server secure.

Sun Jul 05, 2015 1:46 am

Hi Johan,

Thank you for informing this.

I just want to share,
1.
netsh http add urlacl url=http://mydomain.com:80/webservicescript user=localusername
Sucess adding URL reservation then Restart Franson NMEA Service.
When try to access web service, I got this error message:

404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.


2.
netsh http add urlacl url=http://servername.mydomain.com:80/webservicescript user=localusername
Sucess adding URL reservation then Restart Franson NMEA Service.
When try to access web service, I got this error message:

Service Unavailable
HTTP Error 503. The service is unavailable.


3.
netsh http add urlacl url=http://+:80/webservicescript user=localusername
Success adding URL reservation then Restart Franson NMEA Service.

Finally success to access web service.


Best Regards,
piter197

Return to “GpsGate Server - How to setup and use”