When your Windows VPS is live on the public network, VPS security should be your utmost concern. Right after receiving VPS login information, the most important thing you should do is to safeguarding your Windows VPS from malicious users. In this blog, we’ll explain you few tips to secure your Windows VPS.
11 Steps to Secure Your Windows VPS
Step 1: Disable Administrator Account & Create A New User With Administrator Permissions
Typically, when Windows OS is installed on any machine, it is configured with the default Administrator user. You might also have received your Windows VPS with this default administrator account.
The Administrator is the most common user for Windows systems, same as the root user for Linux machines. It’s easily guessable, and it could become a target of brute-force login attacks by bots and automated attacks.
In a typical RDP brute-force scenario, attackers scan a range of IP addresses and their TCP ports for RDP servers. Once an attacker finds any RDP enabled server, he would attempt to login to that server, particularly as an Administrator user.
As such login attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Such attacks can be run round the clock with 2 to 5 attempts per second. If your RDP password is strong enough, attacks are unlikely to succeed, but it can generate huge network traffic. It may also consume VPS resources and generate a massive amount of logs, which in turn affect the performance of your VPS.
The easiest way to prevent such threats is to disable the default administrator account and create a new user with administrative privileges. Be sure you create a random username that can’t be remembered or guessed. Also, similar usernames like, admin, administrator1, administrators or admins are even more susceptible to attacks and must be avoided.
Following are some examples of secure administrative user names:
- User’s-server (ex., Rahul’s-Win-Server)
- admin-company name (ex., admin-accuwebhosting)
- company name-Administrator (ex., accuwebhosting-Administrator)
- Individual username-company name (ex., Rahul-AccuWebHosting)
- individual username -admin (ex., Rahul-admin)
- Individual-some random numbers (ex., Rahul-128337)
Determine If Your Windows VPS is Under Attack
- Once you are logged in to your Windows system.
- Go to Run and type eventvwr and hit enter. This will launch Windows Event Viewer.
- In event viewer window, expand Windows Logs and then click on Security.
- If your Windows server is under attack you would see plenty of Audit Failure logs for Remote Desktop as shown in the following image.
To eliminate the effectiveness of such attacks, you can set the system to lock a user out for a period of time after some number of failed login attempts through Account Lockout Threshold.
The Account lockout threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until it is reset by an administrator or until the number of minutes specified by the Account lockout duration policy setting expires.
However, it is important to note attackers can programmatically attempt a series of password attacks against all RDP users in the server organization. If the number of attempts is greater than the value of account lockout threshold, the attacker could potentially lock every account of the server.
Step 2: Set Up A Strong Password For Remote Desktop Users
After changing the administrator username to one that is more secure & random, the next step will be to set a strong password to the new administrator account and reset other RDP account password.
Here’s a guide you should follow while setting up a password:
- Keep your password at least 10 characters long.
- Password must be a combination of capital & small letters, numbers and special characters.
- Avoid using the same password twice.
- Avoid using variations of the same password.
- Don’t use the same password for multiple accounts.
The above guide favors a random combination of letters, numbers, and special characters. However, the recent trend suggests converting some easily memorable words into a strong password. This will not only make the password secure, but easy to remember.
The password “[email protected]” is as secure as “HO9B(SD&&AVB^ag3” but more memorable.
Considering that you are very bad at remembering complex passwords, instead of writing them down on your monitor’s sticky note,you can consider password safes such as Lastpass.
Step 3: Changing the Default Remote Desktop Connection Port
By default, Remote Desktop service of Windows OS runs on port 3389. Since this is a common and known to the public, the majority of remote desktop brute force attacks are executed on this port. Therefore, changing the default remote desktop port to some unknown port will easily fix this problem and prevent the abuse of server resources.
While you change the Remote Desktop port, it is recommended to choose some random port number. This tutorial will explain how you can change the remote desktop connection port.
If you’re using some other Remote Access software, such as Join.me, Ammyy Admin, LogMeIn Pro, etc., it is advisable that you change the default port for these applications too.
Step 4: Restrict RDP Access By IP Address Using the Windows Firewall
The next step to enhance the security of your Windows VPS is to allow RDP access only from specific IP addresses. It can be achieved by whitelisting all your internal ISP IP addresses in Windows firewall and block the rest. Be careful while restricting RDP access because you may also end up locking yourself out of your own VPS.
To implement this security measure, you must have an internet connection with a static IP address. Typically, standard home DSL/ Cable/ or wireless connections don’t offer static IP address. In this case, this security measure would not work for you.
Step 5: Install Antivirus On Your Windows VPS
When you’re done securing RDP security of your VPS, you’ll be more engaged in downloading – uploading files, and browsing websites from VPS. At this moment, it is highly possible that your VPS may get infected with malware, viruses, spyware, adware and more hacking mechanism.
To secure your VPS from such threats, it is highly recommended that you install a good antivirus. ClamWin antivirus software is an excellent and free option to start with. It can protect your VPS from most of the online security threats.
Step 6: Enable Windows Firewall
Microsoft ships Windows OS along with the default software-based Windows firewall. It’s a pretty decent firewall which compensates the absence of hardware firewall to the great extent.
It checks an incoming and outgoing traffic of your VPS and performs Allow or Block operations as per rules defined by the system and end users.
Make sure your Windows firewall shows both Private networks and Public networks state Enabled. You can switch on and off the firewall as highlighted below.
It is strongly recommended that you keep Windows firewall enabled and set your default policies to Deny all’ and only enable what you need.
Moreover, you can opt for hardware firewall or any third party software firewalls when you run critical operations such as credit card information processing on VPS.
Step 7: Update Windows Regularly
Every code is considered to be PERFECT until its loopholes and backdoors are unidentified. On this note, it is recommended that you install all pending Windows updates regularly.
Some users avoid installing updates on VPS as it is the time-consuming process but this is the most critical task to keep your VPS secured. Microsoft releases important windows and security updates regularly.
To avoid manual intervention for installing updates, you can set windows updates to be installed automatically at a regular interval. You can select day and time to install new updates automatically on your VPS. Even you can set any of the below options:
- Install updates automatically (Recommended)
- Download updates but let me choose whether to install them
- Check for updates but let me choose whether to download and install them
- Never check for updates (Not recommended)
To install windows updates on your VPS,navigate to Start → Control Panel → System and Security → Windows Updates.
Step 8: Update Third Party Software Regularly
Even if you take all precautions to keep your windows VPS secured, it can get compromised if you have vulnerable third party applications on your VPS. More specifically, the security vulnerabilities associated with third-party software are often overlooked. This can include web browsers to simple document viewers.
You should update all third party applications as soon as its new stable version is released. This makes sure that you have updated application with newly added features. To upgrade your application, the first step you should consider is to check application vendor’s site. You should also consider removing the applications which are no longer required.
Step 9: Setup Remote Desktop Gateway
Remote Desktop Gateway is a technique to access your VPS through the web over SSL/TLS. This method has a significant advantage of making connections over secure port 443. This feature is more advanced and used in a specific scenario when you want completely encrypted remote desktop connection for your internal corporate or private network.
To implement this, there is very concise step by step guide here to setup RDP Gateway Role on Windows Server. This tutorial is for Windows Server 2008 R2 OS, but Windows Server 2012 R2 users can also use it as most of the steps are identical.
Step 10: Intrusion Prevention/Detection
Attackers run their port scan & RDP brute-force tools round the clock, and there are chances as they may find a port and password to access your VPS someday.
To prevent such attacks, Intrusion Prevention System (IPS)is implemented. It’s a software which monitors server for suspicious activities running within the server by analyzing events.
It can take actions such as sending an alarm, dropping detected malicious packets, resetting a connection, blocking traffic from the offending IP address which protects your VPS from brute-force attacks.
To configure IPS, you must have server administrative skills otherwise, you should ask your VPS provider to implement it. Among all Intrusion prevention tools available, Snort is probably the most widely used open source network intrusion prevention tool.
Step 11: Use Spyware Protection
This could be the easiest way of getting infected. We often receive many complaints against VPS users running a spyware infected VPS.
Spyware can be defined as software that displays advertisements and collects information from your machine. It is also capable of changing settings on your VPS without your consent. It can install unwanted toolbars, links, add bookmarks in web browsers, change default home page, or display pop-up ads repeatedly.
Some spyware work silently in the background. It does not show any detectable symptoms, but secretly collects sensitive information, such as your visited websites, your search engine keywords, the text you type.
There are many types of Spyware such as Keylogger, Browser Hijack, Adware, Trojans, Profiling Cookies, Dialers, Droneware, Web Bugs, etc. Spyware mostly gets installed through free software that you download from the Internet, by opening an email with an attachment or in some cases simply visiting a website will inject spyware into your VPS.
Anti-spyware software helps you protecting your machine from spyware. It alerts you when spyware tries to install itself on your computer. It also performs timely scans on your computer for existing spyware and removes it. In order to have the latest definitions of spyware, anti spyware software must be updated regularly.
Alright, so we walk you through the various preventive security measures with the exact steps that are really important to secure your windows VPS against hackers and intruders.
Obviously, security is essential when you go online. An absence of security is the open invitations to problems of data leak or data losses. Apparently, these situations are terrible for any business or individual so why to wait for something unexpected to happen with your really sensitive data.
So, secure your Windows server with these easy preventive actions and experience the complete peace of mind Of course! we would love to hear your feedbacks and any other tips to secure windows VPS.
Latest posts by Rahul Vaghasia (see all)
(Visited 1,593 times, 4 visits today)