This page is maintained for older versions of KronoDesk only. The latest documentation can be found at:

KronoDesk 1.0 Administration Guide Help Viewer

2.3. Security Considerations

The Microsoft Internet Information Services (IIS) web-server and SQL Server database are powerful tools to managing web-based applications. However it is important to make sure that they are correctly secured to prevent unauthorized access to applications being hosted on them. This is a fast changing field and beyond the scope of this guide to address, however we recommend reading the following article for details on how to secure IIS:

In addition to the steps outlined in this article, it is important to note that by default, all web pages served by IIS using the HTTP protocol are unencrypted, and as such, the usernames and passwords used by KronoDesk™ to log into the application can be read by network sniffing tools. If you are using KronoDesk™ purely within an intranet environment, this may not be an issue. However if you are externally hosting KronoDesk™ onto a publicly accessible website, we recommend installing a Secure Sockets Layer (SSL) encryption certificate, and restricting all web-traffic to the secure HTTPS protocol instead. For details on how to perform this task, please refer to Appendix B - Installing an SSL Certificate.