[en] Securing NiceLabel Web Printing Installation

La traduction officielle n'est pas encore disponible.

[en] Problem

[en] This article describes the recommendations on how to protect connecting users as well as the integrity of your data and infrastructure when using the product NiceLabel Web Printing.

[en] NiceLabel Web Printing provides you with the ability to create Web applications for label printing and all that without any programming skills. You must protect NiceLabel Control Center and Web Printing site.

[en] The users will connect to your Web Printing site and use the online label-printing applications. You must grant access to your Web server to the users connecting from the internet. That might expose your Web server to potential threats so it is vitally important to protect the Web server.

[en] In most cases, the Web Printing site allows external users to connect and print labels, so it is exposed to the internet. Your application must be reliable and trustworthy, minimizing the risk of security breaches.

[en] Solution

[en] Best security practices:

  • [en] Regularly install security updates from Microsoft Windows Update. Updates for the IIS are particularly important because you expose the Web Printing site to the internet.

  • [en] Set up a firewall/proxy. Open only the services/ports that must be opened to the public, such as port 80 for IIS.

  • [en] Limit access privileges to the Document Storage. This is a WebDAV-based file repository running on the same server as NiceLabel Control Center and hosts NiceLabel solution files. By default, anybody from the internal network can access Document Storage at \\server@8080\DavWWWRoot. Make sure only authorized users can gain access.

  • [en] Install the Web Printing site into the demilitarized zone (DMZ). This will minimize damage in case of server break-ins. You can install each NiceLabel Web Printing server component on the dedicated server computer or all on the same computer.

    kb203-DMZ.png
  • [en] Limit the SQL user permissions for the SQL-user account that the Web Printing site uses to connect to the Control Center database. NiceLabel users should only have access to the Control Center database (NiceAN).

  • [en] Enable user authentication for NiceLabel Control Center. Allow login only for trustworthy administrative users. By default, anybody who connects to the Control Center has administrative privileges. Use Control Center Configuration to set up Control Center access permissions.

  • [en] Set up the Web Printing site to be accessible over a secure link only. Enable the HTTPS/SSL protocol.

[en] See also Web Printing Installation Guide.