New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Windows Server 2012 - Security setup?
Hi,
I decided to switch from Linux back to Windows Server because i personally see more logic in this system. Now the problem is that i haven't used windows server for a long time (last version i used was 2003.)
I'm in need of security advice like.. how to prevent RDP bruteforcing, what tool can i use for this? is this a build-in feature into windows server 2012 R2? - on debian i used Denyhosts for this.
It would be great if you could recommend some security measures to help me prevent my server from being rooted,
Much appreciated!!
Comments
This might be a good place to start:
http://technet.microsoft.com/en-us/security/jj720323.aspx
Cert based auth and none standard ports.
regedit + remote sessions manager/ terminal services management (what ever it is called in 2012)
As for other measures could you explain your setup logistics?
Is this a VPS/dedi/home?
A psychiatrist can help you with that problem! ;-) jk
vps. im not in need of a VERY advanced security solution here because its just for personal usage but i atleast wanted to cover the RDP access to prevent bots from entering.
Hilarious.
Sorry, I could simply not resist... ;-) I assume that your project has benefits from using Microsoft technology, but I personally still praise the day on which I had the chance to leave MS behind forever. Accept my apologies for derailing the thread shortly.
you can set the firewall rules on a windows server to only accept connections from certain IP. Like any Linux server
what you also need to do as a security measure (and for performance) is to disable all services that you do not need.
I am writing such an article about services that can/should be disabled but it is a long one and is far from finished
I understand that it is hard to not make this a Windows VS Linux thing. Let's just respect eachother's choices and not comment on it, we all choose what fits our purpose best and what we feel comfy with - in the end that's all that matters.
I hope you'll share it at LET when it's done, sounds like useful information to me.
It will be on lowendguide. @Mark_R
Okay, so far using certificates for authorization purposes has been suggested to fight RDP brute force attacks, is there any feature/tool that does just ban ip addresses after x invalid login attempts? I rather not depend on certificates for authorization - it takes away a certain freedom in accessing your server everywhere.
There used to be an application called Phonefactor that allowed Phone verification to allow logins. Microsoft bought it and the service is now called Azure MFA
http://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/
Costs 1-2 dollars a month but I dont think it gets more secure then that.
if 1-2 dollars a month prevents my server from being abused to DoS attack other services because it got rooted by some random bot i'd gladly pay this price. Thanks alot @mikho - i'll look into this.
@Mark_R Sign up for Duo Security and install two factor authentication for RDP:
https://www.duosecurity.com/docs/rdp
You can configure lockout thresholds and other useful options in the admin panel. Their paid plans offer additional features such as IP whitelisting.
Be sure to close your server's other ports in the windows firewall (except for e.g. "All ICMP v4", "Core Networking" and "Remote Desktop"). You can find those settings in Windows Firewall -> "Allow an app or feature through Windows Firewall".
@Mark_R : It is not bruteforcing that takes your server down these days but unpatched exploits.
I basicly firewall everything very strictly, even if an exploit goes through it will be blocked by the firewall. I'm alot more worried about the authorization parts.
Duo's great. I use it on all my servers, both Linux and Windows.