Keep your GpsGate On-site platform secure
There are certain guidelines that apply to both GpsGate Cloud and On-site servers. However, since On-site servers are not managed by us, we recommend additional security measures. This guide will provide you with basic steps to enhance your server's security.
Basic measures
- Do not use a browser on your Windows server for casual surfing!
- Do not open and read emails on your Windows server!
- Never install software from the Internet that is not 100% needed and know its source!
-
Use a strong password!
- Include at least 3 of the following: Uppercase letter (A-Z), lowercase letter (a-z), number (0-9), and a special character like @ % & "! ( ]
- Read more about password strength and its importance via Wikipedia
- Make sure you always have the latest Windows Updates from Microsoft installed.
- Use a firewall, and only keep open the ports needed.
- Be very restrictive on which software you install on the server.
Additional measures
- Secure your GpsGate platform with a dedicated Windows user.
- Enable HTTPS for the GpsGate site in IIS.
- If using HTTPS, disable SSL 2.0 and 3.0, which are insecure and used by default. You can use a tool like IIS Crypto for that purpose.
- Enable X-Frame-Options: SAMEORIGIN to avoid Clickjacking.
- Enable token-based mitigation authentication to prevent CSRF (Cross-Site Request Forgery) attacks. Do this in Site Admin > Account > Security > Use Token-Based Mitigation authentication
- Enforce the Secure flag on cookies.