A VPS server is a great hosting option if you want more control over your server without dishing out large amounts of cash for a dedicated one. As you probably already know, there are two operating system options to pick from. You can either go with a Windows-based server or a Linux-based server.
One of the most important matters which worries people while using a virtual server is security. Here we will try to present some useful tips to improve the security in windows virtual servers.
Disable default administrator account and create a new user with administrator permissions
Your Windows VPS hosting provider installs the OS and creates a default administrator account. This is quite usual and typical. The drawback is that your account can easily be attacked. The attack is usually done by bots trying to login with brute-force. Well, this is easy and simple to prevent: you just have to disable default administrator account and then, create a new user with full administrative privileges. You should choose complex usernames to secure windows VPS. Hence, you should create a new administrator account with random letters.
Use Strong Passwords
Many users pick easy-to-remember passwords for their sites and due to this negligence, they pose a real threat to their site. You must use a combination and multiples of numbers, upper and lower case letters, and special characters.
Here is an example: M@j7Wo0S3
Lock down your Remote Desktop ports
Lock down access to Windows Remote Desktop to specific IP’s like your home or office (Note that you will need a dedicated IP to utilize this feature) and change the default listening port from 3389 to a five-digit, long, randomly picked number. These settings can be changed through the Advanced Windows Firewall options.
Use Windows BitLocker Drive Encryption
Windows BitLocker Drive Encryption secures the operating system booting process and prevents unauthorized data mining. BitLocker Drive Encryption works even when the server is not powered on! It’s a very effective anti-hacking tool against malware.
Install antivirus in your Windows server
The importance of using an antivirus to secure your server is clear. You can start with the Essentials, a free and robust option by Microsoft. It auto-updates itself with the latest definition. It also offers real-time protection to your server. An antivirus protects you from almost all online security threats which firewall lets through, however combining both is best in securing Windows server.
Intrusion Detection System (IDS)
An intrusion detection system or IDS is like a burglar alarm on your Windows Server. It keeps a record of when & which files were changed and alerts you of any new alterations. This is critical because hackers usually try to replace binary applications. Apply IDS to save your server from such a threat.
Use of Microsoft Baseline Security Analyzer (MBSA)
MBSA is a free application to determine missing security updates and vulnerable security settings within Windows. It not only provides detailed insights on vulnerable components and settings but also lists possible measures to secure the server.
Enable a Bastion Host
A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The idea of a bastion host is to prevent direct access to your server from the public network and minimize the chances of penetration. The computer generally hosts a single application, for example, a proxy server and all other services are removed or limited to reduce the threat to the computer. It usually involves access from untrusted networks or computers.
Keep Windows Updated
And finally, always keep your windows updated. This is one of the simple ways to help keep your server secure. You can either configure Windows Update to notify you when a new update is available or allow it to download and apply the update automatically.
If you follow these tips, the should be no problems with your Windows server's security. If, however, you run into some problems, remember that Windows unlike Linux distributions, is not an open-source software and requires a license purchased from Microsoft. Because of that, you can always contact Microsoft support and get help from then on solving the issue.