Note: for an updated version of this and other articles, we recommend you to check our knowledge base here
GUIDE: Keep your GpsGate Server secure.
Tips for hosted and on-site servers:
# Make sure you always have all plugins up to date under SiteAdmin -> Plugins. All "green".
# The AccessFilter plugin makes it possible for you to control which IP addresses can access your GpsGate Server.
# Make sure you only assign one physical person per login (username). And in this way you know "who did what".
# Use Roles and Features/Privileges to make sure a user can not access features not needed for his work.
# See exactly which user did what using "User Actions". You find it under SiteAdmin -> System Tools -> User Actions.
# See exactly which user was logged into the system from which IP and during which time. You find it under SiteAdmin -> System Tools -> Activity.
# Set inactive users to logout automatically. You do this in SiteAdmin under Applications -> [Select app.] -> Automatic Logout.
Tips if you have your own server on-site:
Do not use a browser on your Windows server for casual surfing! Do not open and read emails on your Windows server! Never install software from the Internet that you do not 100% need and know what it is!
# Make sure you always have the latest Windows Updates from Microsoft installed.
# Use a firewall, and only keep the ports opened that you need.
# Be very restrictive on which software you install on the server.
# Securing your GpsGate Server with a dedicated Windows user
# Enable HTTPS for the GpsGate Server site in IIS.
# If using HTTPS, make sure to disable SSL 2.0 and 3.0, which are insecure and used by default: https://www.nartac.com/Products/IISCrypto/
# Enable X-Frame-Options: SAMEORIGIN to avoid Clickjacking. ( https://en.wikipedia.org/wiki/Clickjacking )
How to protect your web server: https://support.microsoft.com/en-us/help/2694329/mitigating-framesniffing-with-the-x-frame-options-header
If you have other security requests, please let us know and we will consider them.