My business partner Aaron Weller once told that a Windows server can be hacked within 45 minutes of being placed on the Internet if basic security policies have not been implemented. Now I’m not a systems administrator but I am someone who holds security close to my chest so rather than trying to prove him wrong I’ve always taken this as fact; better safe than sorry.
Most exploits happen when people fail to implement basic security, missing patches, open ports or weak passwords are at the top of the list and as scary as someone gaining access to your server may sound it’s actually really easy to do if basic safeguards have not been implemented.
If you’re using a Windows VPS you should be mindful of the additional tasks required to keep your server up to date and secure. Most Web Hosting companies will provide you with the server as-is with limited security and unless you purchase a server management plan you’re going to have to dive in and secure the server yourself.
So let’s look at some basic things you can do to protect and secure your server.
- Use Strong Passwords
Rather than trying to explain what not to use i’ll add some clarity around what a strong password is. You must use a combination and multiples of numbers, upper and lower case characters and special characters.
Here is an example: [email protected]
Anything less than that and you’re not going to be at risk of being hacked.
- Enable Windows Firewall
A firewall is designed to protect your Windows VPS against unwanted access. It works by controlling traffic using a predefined set of rules which are set by the user. Microsoft ships Windows Firewall with all Windows Server editions however not all providers enable this feature as standard. This basic security feature can greatly assist with the security of your server and we recommend that you should set your default policies to ‘Deny all’ and only enable what you need.
- Lock down your Remote Desktop ports
Lock down access to Windows Remote Desktop to specific IP’s like your home or office (Note that you will need a dedicated IP to utilise this feature) and change the default listening port from 3389 to a five digit randomly picked number. Changing these settings can be done through the Advanced Windows Firewall options .
- Update Windows regularly
This is such a simple way to ensure that you’re looking out for the security of your server however a lot of people fail to update their servers as regularly as they should. Most businesses operate Monday-Friday so why not set the Windows Update to download and install the updates on Friday night.
A diligent Systems Administrator or user will also research the updates prior to updating their system.
- control User Access
Set user access controls wherever possible, If you letting other people log in to your server create a user account for them and provide them with access only to the systems they need and nothing that they don’t. If you’re the sole user of the VPS consider creating yourself a user account with restricted access and leaving the Administrator login clean without any additional software.
Security should always be first in mind, we never leave the door to our house or car unlocked so why would you do this with some that stores just as much personal and private information about you and possibly your cusotmers?
I would love to hear from you If you have any other tips or experiences good or bad.
|Hosting Options & Info||VPS||Web Solutions & Services|