Keep your GpsGate Server secure (on-site)

Hosted and On-site servers

• Read about the general security measures here.

Server On-site security

Basic measures

• Do not use a browser on your Windows server for casual surfing!
• Do not open and read emails on your Windows server!
• Never install software from the Internet that is not 100% needed and know its source!
• Use a strong password! 
  • Include at least 3 of the following: Uppercase letter (A-Z), lowercase letter (a-z), number (0-9), and a special character like @ % & " ! ( ]
  • Read more about password strength and its importance via Wikipedia
• Make sure you always have the latest Windows Updates from Microsoft installed.
• Use a firewall, and only keep open the ports needed.
• Be very restrictive on which software you install on the server.

Additional measures

• Secure your GpsGate Server with a dedicated Windows user.
• Enable HTTPS for the GpsGate Server site in IIS.
• If using HTTPS, make sure to disable SSL 2.0 and 3.0, which are insecure and used by default. You can use a tool like IIS Crypto for that purpose.
• Enable X-Frame-Options: SAMEORIGIN to avoid Clickjacking.

• Mitigate framesniffing with the X-Frame-Options header.

• Enable token-based mitigation authentication to prevent CSRF (Cross Site Request Forgery) attacks. Do this in Site Admin > Security > Use Token Based Mitigation authentication
• Enforce Secure flag on cookies.