Securing Windows VPS is vital. In fact, it is equal to keeping your VPS live on the public network. Most website owners do overlook this simple step. After buying your Windows VPS hosting and receiving your VPS login details, security is the next smart move. Today, we sup on few tips on securing Windows VPS.
Disable Default Administrator Account. Then, Create A New User With Administrator Permissions.
Your Windows VPS hosting provider installs the OS and creates a default administrator account. This is quite usual and typical. The drawback is that your account can easily be attacked. The attack is usually by bots trying to login with brute-force. Also, there are some automated attacks that can follow suit.
Well, this is easy and simple to prevent. You just have to disable default administrator account. And then, create a new user with full administrative privileges. Some enthusiast VPS administrators change their usernames to “admin,” which is as bad as leaving it unchanged. Hence, you should create a new administrator account with random letters.
Let’s look at some safe and secure examples below:
- admin-company name (ex., admin-accuwebhosting)
- company name-Administrator (ex., accuwebhosting-Administrator)
- Individual username-company name (ex., Rahul-AccuWebHosting)
- individual username -admin (ex., Rahul-admin)
- Individual-some random numbers (ex., Rahul-128337)
Set up a Strong Password for Your Administrator Account
The need for a strong password is (almost) always overlooked. But when securing Windows VPS, it is primary. You should generate a strong password after securely changing the administrator username as advised before. Here is a guide for generating a strong password:
- Password must be at least 10 characters long.
- It must combine capital-small letters, numbers and special characters.
- Avoid using the same password twice.
- Avoid using variations of the same password.
The above guide helps create a random password. Following it, it favors a random combination of letters, numbers, and special characters. Meanwhile, you can also convert some easily memorable words into a strong password. This trend is two-fold: your password is secure and easy to remember.
“Th31ncredIble$PiderM@n” is as secure as “HO9B(SD&&AVB^ag3” – but more memorable.
However, some of us are bad at remembering complex passwords. Please do not note them down on your monitor’ sticky note. Instead, use password safes such as Keypass.
Change the default remote desktop connection Port
Accessing the desktop of your Windows VPS requires a Remote Desktop. This Windows feature runs on default port 3389. Since the port is known publicly, it is open to brute-force attacks. The easiest solution for securing Windows VPS is to change the default port. This way, your VPS is prevented from such attacks and abuse of server resources.
Further, we advise you choose a random port number during the changing process. This article will explain the exact steps on how to change the remote desktop connection port. You should also change the default port of any other Remote Access software you might be using.
As a Windows VPS hosting provider, we have seen extreme cases more serious than just changing the port. This occurs when network or port scanners and RDP brute-force tools work 24/7. They might succeed in accessing your VPS in the end.
In this case, we implement host-based intrusion prevention system (HIPS). HIPS will secure your Windows VPS by:
- Protecting your VPS from brute-force attacks
- Monitoring the audit logs
- Detecting failed login attempts
- Instantly blocking the IP address if the number of failed login attempts exceeds the normal limit
IP based restriction to Remote Desktop using the Windows Firewall
The next on our list follows the preceding step. So, you have to change the default port for Remote Desktop before restricting unknown IP addresses to gain access to your VPS. You only need an Internet connection with a static IP address to meet this.
Standard home DSL, Cable, and Wireless connections do not have a static IP address. Note that most home connections do not have a static IP address whatsoever.
Lastly, restricting IP addresses requires care. You can unknowingly lock yourself out.
Install Antivirus in Your Windows VPS
The importance of an antivirus to secure your VPS is clear. You can start with the Essentials, a free and robust option by Microsoft. It auto-updates itself with the latest definition. It also offers real-time protection to your VPS.
Antivirus protects you from almost all online security threats — which firewall cannot do. However, combining both is best in securing Windows VPS.
Enable Windows Firewall
The default Windows Firewall normally comes with every Windows OS. It does its job well and can contend with expensive firewalls. Below are some of its benefits:
- Prevents hackers and malicious software
- Filters information coming from the Internet according to your settings
Windows Firewall is decent — but lacking when you are running critical operations (such as credit card information processing) on VPS. Windows Firewall is more than enough for basic to intermediate operations. Advanced operations, though, requires more. Opting for a third-party firewall is the only option in such situations.
Our advice is to select “Deny all” as your default policy and carefully enable those you need.
You can opt for any third party firewalls when you run critical operations such as credit card information processing on VPS. But these may not be required if you are just running few non-secure websites.
Update Windows regularly
Every code is considered to be PERFECT until its loopholes and back doors are unidentified. On this note; when you receive your new VPS, it is recommended that you run Windows updates as soon as possible.
To install important updates automatically, you should turn on automatic updating. Important updates provide benefits such as improved security, vulnerability patches, and bug fixes. Recommended updates are meant to address non-critical problems and enhance computing experience. Recommended updates can also be downloaded and installed automatically. Optional updates are downloaded and installed at your choice, as you cannot set them to automatic. When you do not turn on automatic updating, make sure that you check for updates regularly.
Update third party software regularly
Microsoft always works really hard to highly secure Windows. Despite the number of OS today, Windows is arguably the safest. Yet, security is often weakened when we install a third-party software.
We often overlook the security dangers allied with these third-party software. Whether a web browser or document viewer, these applications pose threats. Besides, your security dangers are on the number of installed applications. This means your VPS is in more danger with ten apps than two. The trick is to install the essentials only while keeping them up-to-date.
Setup remote desktop gateway
Data encryption is a great technique of securing Windows VPS — and Remote Desktop Gateway does that perfectly. The tool lets you access your VPS through web over SSL/TLS. Your connections are also made over secure port 443, so the advantage is significant.
Configuring a Remote Desktop Gateway server on your VPS is easy with this step-by-step guide.
Setting up an intrusion prevention and detection tool is not for everyone. It is highly advised to hire experts in this field. Better yet, you can contact your Windows VPS hosting provider for more reliable help.
You need to make sure there is a firewall-like software analyzing real-time network traffic to your VPS. Also, attack signatures should be identified by this software.
Snort is arguably the best option for such tasks. It is a widely-used open-source network intrusion prevention tool.
Use spyware protection
Spyware infects your VPS with ease. We often receive complaints about VPS users running a spyware-infected VPS.
First, let’s define spyware. A spyware is a software that displays unwanted advertisements on your machine. A spyware mostly collects your information without your permission. Also, it alters your VPS settings without your permission.
Having a spyware on your Windows can result to toolbars being installed. Even worse, a spyware can alter your default home page, add links and bookmarks, and/or display pop-up ads repeatedly.
That kind of spyware is even better than the “silent” ones. These spyware work silently in the background and collect personal information. These can range from visited websites to search engine keywords and your keystrokes.
So, where can you get spyware? The most likely way is through the Internet. Some free apps you have downloaded and installed are likely the source. In other cases, simply visiting a website can inject spyware into your Windows.
Installing anti-spyware software is the safest protection technique. A typical anti-spyware software alerts you of spyware attacks. You can also scan to detect the spyware and remove it successfully. Lastly, keep your anti-spyware software up-to-date to get the best security.
Security is essential when you are online. Leaving our servers open is like leaving our house open or car unlocked. We should never risk our customer’s personal and private information. Neither should we invite intruders and their problems.
You have to do some homework, and not leave everything in the hands of a Windows VPS hosting provider. Following each step of this list will secure your VPS significantly. Hence, you will be free from common attacks or problems.
We love to know exactly how you are securing Windows VPS. If you have any other tips not included in this article, do let us know as well.