The best ways to protect VPS/VDS on Windows Server
14:22, 18.10.2021
Careless protection of important corporate data can turn into a real disaster for a VPS server tenant. An intruder who has managed to break through the configured security methods can introduce extraneous scripts into the site structure, interfering with the normal operation of the infrastructure, and can even steal the data stored on the server in order to resell it or use it in another unfair way.
In this article we'll tell you:
- What traits can be used to identify third-party connections?
- How to protect the server from third parties.
- What you should do to protect SSH keys.
We'll try to address each of these questions in a comprehensive way.
How to tell if a server is compromised
There are a number of signs indicating the presence of third-party connections:
- Spamming from the VPS;
- Presence of abnormal network activity;
- Interruptions in the virtual or dedicated server, despite the fact that the physical equipment is in full working order;
- Presence of sudden increase of daily traffic without any adequate preconditions;
- The presence of redirects to third-party web resources;
- Distortion of the appearance of the site, the appearance of third-party banners, ads, or even entire pages - the content on such pages often has nothing to do with the subject matter of your site;
- Unstable operation of the virtual server;
- Restricted access rights of network administrators - this rarely happens, but creates a lot of problems for a dedicated server service specialist.
Most often, the anomalous activity is monitored at the level of incoming and outgoing traffic - if a virtual or dedicated server is exchanging data packets with some strange resources when it should not - this is a sure sign of hacking. As a rule, the main reason for hacking are vulnerabilities in the server software or in the code of the site. This may also include improper configuration of access rights, use of unreliable passwords, incorrect configuration of the installed software, etc.
How to protect the server from third parties
Consider all the most effective and simple ways to protect VPS and dedicated servers:
- Firewall activation. To do this, open the Group Policy Management Console, click on "Windows Defender Firewall Properties" in the "Overview" section and activate one by one all key firewall functions.
- Using SSH protocol. It is very important when using VPS and a dedicated server because the servers are accessed remotely. SSH protocol ensures better protection of the connection to the host.
- Implementation of IDS. Intrusion detection mechanisms will help to detect intrusion in time, determine the nature of the attack (internal or external) and generate a threat report so that the administrator can take the right action. The following IDS are relevant for Windows Server: SolarWinds Security, RkHunter, Tripwire, Bro, etc.
- Protection with firewalls. This is one of the most affordable ways to protect a VPS server - a firewall acts as a kind of barrier, filtering all incoming traffic based on the settings set. It is an extremely effective method for Linux, but in the case of Windows Server, it is not so relevant, because Microsoft OS already has its own built-in firewall.
- Configure two-factor authentication on the Network Policy Server. First, you need to install the application on your smartphone, and then put it on the VDS server, and then run and configure two-factor authentication with a one-time access code or by PUSH notification. This method is good because during connection the access code will not be requested, but when you try to enter by password, you will definitely need a secret code, access to which intruders simply can not get. The method is applicable to Windows Server 2012 R2, 2016, and 2019, and the authentication itself can be done via SMS, Telegram, using MultiFactor mobile app, and Google Authenticator.
Let's talk separately about the most effective method - SSH protection.
SSH key protection
SSH is an acronym that stands for Secure Shell. It is an extremely popular application-layer network protocol that provides secure, encrypted connections for a variety of purposes, from authentication to executing remote commands on a server without going through manual authorization. Essentially, SSH is a better and more advanced counterpart to Telnet, FTP, RSH, and other similar protocols.
Unlike the obsolete protocols, SSH does not send information in clear text, so it eliminates the most important vulnerability of the "man in the middle" category. An attacker accessing an intermediate subnet has the ability to intercept server data packets in order to save them and then send them to the addressee. Even worse, he might overwrite the packets by replacing ls -la mydir with rm -r mydir, or even send a Trojan-infected file instead of the original one. In general, there can be many different tricks and scenarios.
SSH verifies the authenticity of the host through verification so there is no way to read data packets or do anything else with them when using this protocol. If the connection passes, it is completely secure from start to finish.
To ensure the full security of your Dedicated Server or VPS, SSH keys must be protected. It can be done in the following ways:
- Set up two-factor authentication - in this case it will not be enough for an intruder to know the password, he will also need access to the application on the smartphone that generates the codes, and this is in reality difficult to implement.
- Set passwords to expire, so that they change after a certain amount of time.
- Disable password logins altogether and set up logins with authorization keys only. Such keys consist of two parts - public and private. The first is stored on the server and the second on the user's computer. That is, again, hacking will require physical access to the administrator's computer.
- Change the SSH port. A basic procedure for securing the network infrastructure. The default SSH port is 22 and any skilled intruder will start his attempts to break in from it. You, in turn, can change the port number that is used to access the Secure Shell, thereby making life harder for those guys who are trying to get into your system dishonestly. Simple and very effective at the same time. You can change the port number in the configuration file /etc/ssh/sshd_config - all you have to do is to change the port number from 22 and save the changes.
Basically, these four methods are more than enough to secure your SSH keys and, as a result, to stop any VPS attacks on your network infrastructure. Use it!