How to install MT4 on VPS? (Step by Step Guid
💡 Note: Forex trading platforms, trading bots, and E...
You can never be too careful when it comes to your VPS security. With hackers and malware and ransomware lurking around the corner, it’s essential to take whatever precautions you can. While there is no such thing as a 100% secure Windows VPS, there are ways to ramp up security without too much effort.
[lwptoc]Though knowing just what to do and where to start can be a little intimidating at first, once you get the basics down it will be easier than you’d think. That is the purpose of this post. Here we will go over X of them to get your Windows server in shape and you’ll be much better equipped to make the right calls once you’re through.
As I promised before, I will cover five easy ways you can use to make sure your Windows VPS is more secure. By using these tricks, you can simply secure Windows VPS enough to make it really hard for the average hacker to breakthrough.
There are different ways we can approach this. Some of my colleagues even suggested enabling Two-Factor Authentication. True, it’s an important security measure but only for your Microsoft account, relating to a secure Windows VPS only indirectly. Here, I will focus on the more direct methods: from getting rid of the default admin account to choosing a complex and lengthy password and restricting the remote desktop connection. So, without any delays, here are the 5 easy steps to a more secure Windows VPS.
[rh-cta-windows-original type=”2″ ]Your usual Windows VPS plan comes with a default Administrator account already set up. While that’s very useful when first installing the operating system, it can prove a liability soon enough. The problem, of course, is automatic brute-force attacks that basically try to guess your username-password combination over and over again. That’s much easier when they already know one username: the default “Administrator†account, of course. There are different ways to get rid of this vulnerability, the easiest and the most fireproof being to simply disable the default Administrator account.
The exact way to do it is slightly different for different Windows versions, but there are certain core similarities. Here we’ll look at the exact steps you need to take to disable the default Administrator account in Windows Server 2019.
Open Server Manager from the Start screen. From Tools select Computer Management. So basically:
Server Manager → Tools → Computer Manager
In order to be able to disable the Administrator account, you first need to create another account with administrator privileges. For that, you need to:
From the Local Users menu, select Users. Right-click the list of users and create a New User.
Now you need a good username for this new account because this will serve as your new administrator-level account. It’s best you refrain from using obvious names like “admin†or “root†and instead use proper names or string-number combinations.
In case we’re setting up an account for our own company, a good example would be: “routerhosting-admin-0†or “rtrhst123â€. You also need to set a strong password and confirm it. Later on, we will explain what makes a good password, so for now, make sure it’s an alphanumeric combination and at least 8 characters long.
You must also select “Password Never Expires†and make sure the “Account is Disabled†option is not selected (this is the option we’ll use to disable “Administrator†later).
Now it is imperative that you add this account to the Administrators group or else you won’t be able to disable the default account. Go to Groups under Local Users and Groups and select Administrators:
Computer management → Local Users and Groups → Groups → Administrators
Also Read: change Remote Desktop port in Windows VPS
Now just add the newly created account through the properties menu of the Administrators group. Once that is done, we can move on to the final phase of the mission.
Now we’re finally ready to get rid of that default administrator account for good. First, you must sign out, since you are going to disable it and you can’t do that while still signed in. Once signed out, log in with the newly created account using the password you chose.
Now that you’re signed in, it’s back to the Computer Management tool for the last time. Go to:
Server Manager → Tools → Computer Manager → Local Users and Groups → Users
Now right-click on Administrator and select properties. Finally, select the “Account is Disabled†option from the properties.
Et voila, you have disabled the Default Administrator Account, taking the first step to a secure Windows VPS. Now hackers and brute-force bots must work twice as hard to log in to your server and that is a definite win. Let’s get some more wins by going through the other methods of securing your Windows VPS.
If you have a Linux VPS and you want to figure out how you can secure your Linux VPS, read the “How to Secure Linux VPS?” article to find out about that!
Now that you have done away with the security risk posed by the default administrator account, you need to make sure your new one is safe by choosing a strong password. There have been many great articles on how to create good passwords and it never hurts to improve your knowledge of what makes or breaks a password, or your VPS, in this case!
[rh-cta-windows type=”2″]There are some basic tips, however, that can help you strengthen your passwords considerably. One is the password’s length. With passwords, it is the longer the better (you have to actually be able to memorize it though, so don’t get carried away). A 10-character long password is a good place to start and if you use a combination of lowercase and uppercase letters and numbers and avoid dictionary words, then your Windows VPS gets much more secure.
The most usual way for accessing your Windows VPS is by using Remote Desktop. That is a Windows feature that, as its name suggests, allows you to connect to your desktop remotely. Remote Desktop, and any other remote access software for that matter, use a default port (3389) for its connections.
This is a widely-known fact and hackers and malware will exploit that to gain access. So to bolster your Windows VPS security, we suggest you change the Remote Desktop listening port (as it’s called) as soon as possible. Port scanners coupled with brute-force bots are not to be trifled with and leaving the port at its default value only improves their chances of a successful attack.
To change the listening port, you need to use Windows Registry Editor to modify the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Use a random 4-digit number for the new port number and try to avoid obvious or popular choices like 8080 or 8888. You must also take care that your firewall is not blocking the port number you choose and that it is not already being used by another application or service. That will create conflict and can have catastrophic results.
Changing the default port for Remote Desktop may not be enough on its own. One way to further improve your Windows VPS security is to restrict the IP addresses that can connect to your VPS via Remote Desktop. This is especially useful if you have a limited number of people connecting to it from a fixed location like an office or if it’s just you connecting from home.
Also Read: How to install Wireguard on Netflix VPS?
If your ISP provides static IP services, then this method might be perfect for you, as you will know exactly with which IP you will be connecting to Remote Desktop. This method is not without some drawbacks, however, as it could prove troublesome if you have more people accessing your VPN or if they are not exactly staying in one place.
There is also a possibility that you will lock yourself out if you’re somehow not able to use your previously defined IPs to connect to Remote Desktop anymore. You should probably weigh the pros and cons carefully before going in for this security measure, but if you do it will make for a much more secure Windows VPS.
All Windows versions come equipped with Windows Firewall, which is a decent enough firewall software if you’re not doing anything too sensitive with your Windows VPS.
While there are some steps you can take to improve the efficiency of the Windows Firewall, you should also give some thought to using third-party software that’s capable of handling more sensitive tasks, such as processing credit card transactions. Naturally, there are many firewalls to choose from, and finding the right one may take some digging. That’s why I’ve written this list of the 6 best firewalls for Windows 10.
Windows Firewall is great at basic and even intermediate-level tasks and you can make sure it operates more efficiently by choosing the right policies. One way to go about that is to simply choose the “Deny All†policy, which blocks all incoming and outgoing traffic but predefined exceptions… One potential risk, however, is locking yourself or your users out, without knowing how to fix it. The problem is more widespread than you may think and we have even written a guide on how to disable Windows Firewall using Group Policy, which is the only way you can fix things.
[rh-cta-windows-original type=”2″ ]Creating and maintaining a secure Windows VPS is essential to any venture. To ensure your Windows server is secure you can take some simple measures yourself and choosing the right VPS hosting provider goes a long way as well. Knowing your hosting company is going the extra mile means you will have more time on your actual work than trying to bolster security. Choose one of our Windows VPS hosting plans now, rest assured that we place security first.
An SEO-Specialist who loves digital marketing and has a background in creating content. Matt loves teamwork and enjoys working with professional people. He always tries to bring more things to the team.
💡 Note: Forex trading platforms, trading bots, and E...
💡 Note: Facing audio issues on remote desktop? Our R...
To resize Windows VPS Server drive, you may encounter ...