Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hardening windows server
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hardening windows server

I know it's not the best thing to run a windows server, but, I am supposed to manage 2 windows VPS. They run Windows server 2016 standard.

With Linux, one can typically login via ssh keys instead of password. Is there anything similar on windows? I plan to setup Duo 2fa in the interim.

Anything similar to Fail2Ban?

Any remote web administrator tools?

Can I setup an SSL certificate to further secure RDP? (Thinking a Letsencrypt cert)....

What do you recommend how to harden these VPS (apart from running Linux)?

Any feedback is appreciated.

Thank you.

Comments

  • NoVNC based on Web

    Thanked by 1plumberg
  • Make sure to IP restrict the RDC port or, even better, setup a VPN and access via VPN and disable public RDC port to the outside.

    Also, make sure your not running Samba (file sharing) on public ports unless it is restricted by IP.

    my 2 cents.

    Cheers!

    Thanked by 1plumberg
  • @Bani99 said:
    NoVNC based on Web

    https://github.com/novnc/noVNC

    Thanked by 1plumberg
  • RdpGuard, isn't free but It's good

    Thanked by 1plumberg
  • Disable RDP completely and use TeamViewer

  • @yokowasis said:
    Disable RDP completely and use TeamViewer

    Huh? Why is that?

  • deankdeank Member, Troll

    Anyone remember TeamViewer security fiasco few years ago?

    Thanked by 1plumberg
  • Use VNC and stay logged in as Administrator without locking the screen to get to your MT4 riches faster.

    Thanked by 1plumberg
  • @plumberg said:

    @yokowasis said:
    Disable RDP completely and use TeamViewer

    Huh? Why is that?

    Because

  • SreeSree Member

    Change RDP port ;)

  • @yokowasis said:

    @plumberg said:

    @yokowasis said:
    Disable RDP completely and use TeamViewer

    Huh? Why is that?

    Because

    I might be mixing you up with another Y-username, but aren't you the guy who got servers shut down for malware more than a few times?

  • karanchookaranchoo Member
    edited April 2019

    +1
    using its for last few years and works very well ,
    i have a non Public (Mean on internet but not popular ) server and this does black list daily more then 300 Ips , for brute forcing ftp , ms sql and RDP.

    danielcardosopt said: RdpGuard, isn't free but It's good

  • @TimboJones said:

    @yokowasis said:

    @plumberg said:

    @yokowasis said:
    Disable RDP completely and use TeamViewer

    Huh? Why is that?

    Because

    I might be mixing you up with another Y-username, but aren't you the guy who got servers shut down for malware more than a few times?

    Servers ? No.
    Reseller Account, Yes.

  • @yokowasis said:

    @TimboJones said:

    @yokowasis said:

    @plumberg said:

    @yokowasis said:
    Disable RDP completely and use TeamViewer

    Huh? Why is that?

    Because

    I might be mixing you up with another Y-username, but aren't you the guy who got servers shut down for malware more than a few times?

    Servers ? No.
    Reseller Account, Yes.

    OK, thanks for clearing that up. The Y other person would buy Linux servers and just let them idle without additional protections. Definitely wasn't reseller accounts.

  • Use NoVNC probably without locking the screen. Another solution could be AnyDesk or Team Viewer :P

  • JanevskiJanevski Member
    edited April 2019

    Disable 'Local Area Connection'...

    But on a serious note, segment and firewall it using a 'hardware' firewall, since i can't trust the windows firewall well enough.

    Or make some firewall contraption with virtual machines and virtual interfaces so the servers won't be directly exposed on the internets and intranets, at least that's what i did back in the days. My windowses were behind two layers of m0n0walls... One hardware, one virtual.

    Tastes the soup: Needs more firewall.

    Anyhow, filter and drop all unneeded incoming traffic, while maintaining a management channel.

  • ras07ras07 Member

    Use a provider with a standalone firewall. Open one port, and use that for a VPN. Access everything through the VPN.

  • IkoulaIkoula Member, Host Rep

    I agree with @Janevski if you have security concerns you can invest in hadware firewall, with this kind of equipment there no question left.

Sign In or Register to comment.