List of content you will read in this article:
- 1. Disable the default administrator account
- 2. Use Strong Passwords
- 3. Lockdown your Remote Desktop ports
- 4. Use Windows BitLocker Drive Encryption
- 5. Install antivirus on your Windows server
- 6. Intrusion Detection System (IDS)
- 7. Use of Microsoft Baseline Security Analyzer (MBSA)
- 8. Enable a Bastion Host
- 9. Keep Windows Updated
A VPS server is a great hosting option if you want more control over your server without dishing out large amounts of cash for a dedicated one. As you probably already know, there are two operating system options to pick from. You can either go with a Windows-based server or a Linux-based server.
One of the most important matters which worries people while using a virtual server is security. Here we will try to present some useful tips for Secure Windows Server.
Disable the default administrator account
Disable the default administrator account and create a new user with administrator permissions
Your Windows server hosting provider installs the OS and creates a default administrator account. This is quite usual and typical. The drawback is that your account can easily be attacked. The attack is usually done by bots trying to log in with brute force. This is easy and simple to prevent: you just have to disable the default administrator account and create a new user with full administrative privileges. You should choose complex usernames to secure Windows VPS. Hence, you should create a new administrator account with random letters.
Use Strong Passwords
Many users pick easy-to-remember passwords for their windows server, and due to this negligence, they pose a real threat to the server. You must use a combination and multiples of numbers, upper and lower case letters, and special characters.
Here is an example: M@j7Wo0S3
Lockdown your Remote Desktop ports
Lockdown access to Windows Remote Desktop(RDP) to specific IPs like your home or office (Note that you will need a dedicated IP to utilize this feature) and change the default listening port from 3389 to a five-digit, long, randomly picked number. These settings can be changed through the Advanced Windows Firewall options.
Use Windows BitLocker Drive Encryption
Windows BitLocker Drive Encryption secures the operating system booting process and prevents unauthorized data mining. BitLocker Drive Encryption works even when the server is not powered on! It’s a very effective anti-hacking tool against malware.
Install antivirus on your Windows server
The importance of using an antivirus to secure your server is clear. You can start with Essentials, a free and robust option by Microsoft. It auto-updates itself with the latest definition. It also offers real-time protection to your server. Antivirus protects you from almost all online security threats that a firewall lets through. However, combining both is best for securing Windows servers.
Intrusion Detection System (IDS)
An intrusion detection system or IDS is like a burglar alarm on your Windows Server. It keeps a record of when & which files were changed and alerted you of any new alterations. This is critical because hackers usually try to replace binary applications. Apply IDS to save your server from such a threat.
Use of Microsoft Baseline Security Analyzer (MBSA)
MBSA is a free application to determine missing security updates and vulnerable security settings within Windows. It provides detailed insights on vulnerable components and settings and lists possible measures to secure the server.
Enable a Bastion Host
A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. The idea of a bastion host is to prevent direct access to your server from the public network and minimize the chances of penetration. The computer generally hosts a single application, for example, a proxy server, and all other services are removed or limited to reduce the threat to the computer. It usually involves access from untrusted networks or computers.
Keep Windows Updated
And finally, always keep your windows updated. This is one of the simple ways to help keep your server secure. You can either configure Windows Update to notify you when a new update is available or allow it to download and apply the update automatically.
If you follow these tips, they should be no problems with your Windows server security. If you run into some problems, remember that Windows, unlike Linux distributions, is not an open-source software and requires a license purchased from Microsoft. Because of that, you can always contact Microsoft support and get help from them on solving the issue.
Also, here is a good article about Linux VPS security too.
My name is Linda, I have Master degree in Information Technology Engineering. I have some experiences in working with Windows and Linux VPS and I have been working for 2 years on Virtualization and Hosting.