Hi guys, at work we have an unmanaged Windows Server 2k8 Standard VPS from poundhost which is going to be used as a host for 3 websites. The server is currently configured with a single IP and I'm accessing it via RDP which is completely open. I want to ensure that the server is secure especially due to the fact that it's going to be public and a simple ping will resolve the server's IP, but I'm really not sure what lengths I should go to and what I should deploy and secure, any advice chaps?
Unmanaged VPS security
- Thread starter EvilGrin
- Start date
Ah sorry didn't quite make myself clear, RDP is secured by a fairly hefty password on the only Administrator account, but if someone typed in ourwebsite.com into mstsc, it'd bring up the login splash screen - I'd prefer for that not to happen. So I wanted to secure it to our network, however I didn't want to lock myself out at the same time by getting it wrong! lol. I don't believe that poundhost have any firewalls, it's a completely open network, so the port on which RDP operates is really down to the config on the server, it seems from the firewall that it's definitely port 3389, and i've now locked down remote IP ranges to our own network only, didn't lock myself out, so that's good news! 
I'm more than happy to manage the server myself - I'm the sole IT admin for this company, and I manage 15 or so other servers on-site, so adding another to my maintenance routine isn't going to break my balls too much. Of course, my only concern is getting it right, and the difference in security between my network and this external VPS is that my on-site servers are sitting behind a nice little Cisco ASA5505 firewall. A managed service isn't really an option either due to budget restrictions for now, but as ever this may change in the future...
Anyway, this is my first W2k8 server to manage, combine this with the fact that for the last 3 years I've sat behind a hardware firewall makes the software firewall with advanced services installed on here somewhat alien as I generally haven't had to mess with anything other than configure the odd port forward. Is there anything in particular that I should lock down? The server is going to be used for HTTP, HTTPS, POP3, SMTP and that's it, I've uploaded a few pics of the default firewall settings below, could you guys cast your eyes over them and let me know if I should make any changes please?
Thanks a lot guys.
I'm more than happy to manage the server myself - I'm the sole IT admin for this company, and I manage 15 or so other servers on-site, so adding another to my maintenance routine isn't going to break my balls too much. Of course, my only concern is getting it right, and the difference in security between my network and this external VPS is that my on-site servers are sitting behind a nice little Cisco ASA5505 firewall. A managed service isn't really an option either due to budget restrictions for now, but as ever this may change in the future...
Anyway, this is my first W2k8 server to manage, combine this with the fact that for the last 3 years I've sat behind a hardware firewall makes the software firewall with advanced services installed on here somewhat alien as I generally haven't had to mess with anything other than configure the odd port forward. Is there anything in particular that I should lock down? The server is going to be used for HTTP, HTTPS, POP3, SMTP and that's it, I've uploaded a few pics of the default firewall settings below, could you guys cast your eyes over them and let me know if I should make any changes please?
Thanks a lot guys.
Last edited: