New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Hardening windows server
I know it's not the best thing to run a windows server, but, I am supposed to manage 2 windows VPS. They run Windows server 2016 standard.
With Linux, one can typically login via ssh keys instead of password. Is there anything similar on windows? I plan to setup Duo 2fa in the interim.
Anything similar to Fail2Ban?
Any remote web administrator tools?
Can I setup an SSL certificate to further secure RDP? (Thinking a Letsencrypt cert)....
What do you recommend how to harden these VPS (apart from running Linux)?
Any feedback is appreciated.
Thank you.
Comments
NoVNC based on Web
Make sure to IP restrict the RDC port or, even better, setup a VPN and access via VPN and disable public RDC port to the outside.
Also, make sure your not running Samba (file sharing) on public ports unless it is restricted by IP.
my 2 cents.
Cheers!
https://github.com/novnc/noVNC
RdpGuard, isn't free but It's good
Disable RDP completely and use TeamViewer
Huh? Why is that?
Anyone remember TeamViewer security fiasco few years ago?
Use VNC and stay logged in as Administrator without locking the screen to get to your MT4 riches faster.
Because
Change RDP port
I might be mixing you up with another Y-username, but aren't you the guy who got servers shut down for malware more than a few times?
+1
using its for last few years and works very well ,
i have a non Public (Mean on internet but not popular ) server and this does black list daily more then 300 Ips , for brute forcing ftp , ms sql and RDP.
Servers ? No.
Reseller Account, Yes.
OK, thanks for clearing that up. The Y other person would buy Linux servers and just let them idle without additional protections. Definitely wasn't reseller accounts.
Use NoVNC probably without locking the screen. Another solution could be AnyDesk or Team Viewer :P
Disable 'Local Area Connection'...
But on a serious note, segment and firewall it using a 'hardware' firewall, since i can't trust the windows firewall well enough.
Or make some firewall contraption with virtual machines and virtual interfaces so the servers won't be directly exposed on the internets and intranets, at least that's what i did back in the days. My windowses were behind two layers of m0n0walls... One hardware, one virtual.
Tastes the soup: Needs more firewall.
Anyhow, filter and drop all unneeded incoming traffic, while maintaining a management channel.
Use a provider with a standalone firewall. Open one port, and use that for a VPN. Access everything through the VPN.
I agree with @Janevski if you have security concerns you can invest in hadware firewall, with this kind of equipment there no question left.