TWC Reviews

Software, Services & Hardware Reviews by TheWindowsClub

How to Protect your Windows VPS from Hackers in 10 easy steps

Setting up a new server is remarkably easy nowadays, but finding a reliable company to host it can be a bit of a challenge if you don’t know what type of hosting service you need. Most webmasters start by choosing a shared hosting plan, which is a pretty solid and often very affordable option for beginners. Once you’re ready to take things to the next level, however, you’ll want to switch to a Virtual Private Server (VPS).

VPS hosting is, among other things, a lot faster and more secure when compared to shared hosting. However, that doesn’t mean it’s foolproof. While your hosting provider may offer some protection, it’s ultimately up to you to secure your Windows VPS against any potential hackers. With that in mind, in this article, we’re going to teach you how to strengthen the security of your virtual private server, as well as that of your own PC.

Protect your Windows VPS from Hackers

Protect your Windows VPS from Hackers

1. Choose a Reliable Hosting Provider

This first step is pretty obvious but it’s actually one of the most important ones on this list. That’s because some hosting companies are a lot better than others at securing their own servers. At the same time, certain providers include very good security features with their hosting plans while others are a bit lacking in this area. Choosing the right hosting provider for your exact needs can be pretty difficult if you don’t have any experience with these types of companies. That’s why we recommend checking out some in-depth hosting comparisons and reviews before you commit to a specific service.

If you want to play it safe, it’s always a good idea to pick a company that specializes in Windows-based virtual private servers and even dedicated servers, just in case you decide to upgrade your hosting plan further down the road. Not only can you expect better security features from these companies but you are also likely to see an increase in performance. While there are several reputable hosting providers out there that specialize in Windows VPS services, your best bet would be to go with either Bluehost or GoDaddy. The two old rivals are some of the most experienced and cheapest hosting providers on the market right now. You can read more the Bluehost vs GoDaddy rivalry in this comparison.

It’s worth noting that some hosting companies also offer cloud-based virtual private servers and you can often choose between managed and unmanaged VPS packages. Going with a managed server is a good idea if you want to let your hosting provider take care of many security-related aspects for you. But if you’re tech-savvy and want to have full root access, we recommend going with the unmanaged version instead because it will give you more control over your server.

2. Strong Passwords and 2-Factor Authentication

You’re probably sick of everyone telling you that you should protect your accounts by using strong passwords but there’s a good reason why you should take that advice to heart. Most hackers don’t use advanced software or brute force attacks to expose your server. They simply take advantage of the fact that many people, including experienced users in some cases, use common, easy to guess passwords to protect their accounts. It goes without saying but you should use strong passwords for both your Administrator account and your hosting account. After all, why bother trying to hack the server when you can simply log into the hosting account and get access to everything?

And since you’re securing your account anyway, you might as well turn on 2-factor authentication while you’re at it. Not all hosting providers have this option but pretty much all the big ones do support the feature. Again, make sure to do a bit of research and choose a reliable provider because that can save you a lot of headaches in the long run. But if you’ve already signed up with a company that doesn’t support 2FA, don’t worry because there are a few other good methods of protecting your Windows VPS.

3. Know All the Different Methods of Connecting to the VPS

The default method of connecting to a Windows VPS is to use the Remote Desktop (RDP) service that comes pre-installed with your operating system. While very easy to work with, RDP is also one of the most unsecure methods of connecting to a server. That’s because the service runs on default port 3382, which is a widely known port and thus, vulnerable to brute force attacks. Although you can change the default port number, this can cause certain problems so it might be a better idea to simply connect to your VPS using a different method.

One of the most popular methods of connecting to any remote desktop is TeamViewer, a fast and secure client that comes with a wide variety of useful features. Some of the features can only be accessing by buying the premium version of the software but you can definitely get the job done with the free version as well. If you’re not a fan of TeamViewer, you can try AnyDesk or another third-party alternative to RDP.

Connecting to a Windows VPS using a machine that runs on a different operating system is an excellent, yet often overlooked way of strengthening your security. And out of all the other operating systems you can choose from, Linux is by far the best pick. While Linux may not seem as user-friendly as Windows at first glance, it’s actually a lot easier to work with than you may think. Especially since nowadays you can find plenty of great Linux tutorials and guides that can make the transition an absolute breeze.

4. Set Up and Configure a Firewall

A firewall is a very important tool that will greatly decrease your chances of getting hacked. In addition, a firewall also protects from many forms of malware cand you can set it up to filter incoming or ongoing traffic according to your needs. Your operating system already has a pretty decent firewall, especially if you’re using Windows 10, so we highly recommend keeping it on at all times. Depending on your provider, you might get access to an additional firewall that comes bundled with your hosting plan and gives your VPS an extra layer of protection.

5. Install an AntiMalware Solution on Your Remote Desktop

The importance of installing antimalware software on Windows cannot be overstated enough.  You should always have some type of antimalware protecting your home PC against vulnerabilities and the same goes for your Windows VPS. A lot of people avoid antimalware because this type of software can get pretty expensive. However, you can actually protect your system without having to spend anything thanks to programs like Malwarebytes and BitDefender, both of which have free versions. It’s worth noting that you should use antimalware even if you already have a firewall because the two make a great team.

6. Enable Encryption on Your Server

Encryption is yet another good way to enhance the security of your server and thwart any potential hackers. Luckily, Windows comes by default with a very neat feature that allows you to do just that. BitLocker is a reliable encryption tool that Microsoft decided to include with all versions of Windows starting with Vista. The tool is designed to encrypt drives with either 128-bit or 256-bit keys. The only catch is that you’ll need to have administrator privileges to install BitLocker, but that shouldn’t be much of an issue if you’re the owner of the VPS.

7. Install a Free SSL Certificate

If you decide to look into encrypting your drives, which you should, you might as well take things one step further and also encrypt data flowing to and from your Windows VPS. One of the best and easiest methods of accomplishing that is to install a free SSL certificate on your server. Installing one of these free certificates, which are often included with your hosting plan, enables SSL/TSL encryption and makes it much more difficult for potential malicious actors to intercept communications between the server and the client.

8. Use Custom Ports Whenever Possible

Going back to the topic of ports, you’ll want to stay away from default ones if possible, at least for your commonly used services. As mentioned previously, default ports are a major risk factor because everybody knows them and can be easily accessed by anybody with a little bit of technical know-how. Switching to a custom port is pretty much mandatory if you’re using the RDP, but the same can be said about any other service that has the potential to slow down or even compromise your system if someone else were to gain control of it.

9. Prevent Unwanted IPs from Accessing Your Server

Restricting certain IP addresses from accessing your network is a great preemptive measure that can outright stop most wannabe hackers dead in their tracks. Depending on what type of server you’re running, you’ll want to restrict most if not all IPs from accessing certain essential services or even the VPS as a whole. Just don’t forget to whitelist your own IP or those of people you do want to access the server. This works best if you’re using one or multiple static IPs, but it can also work with rotating IPs as long as you know which subnets to whitelist and which to restrict.

10. Keep Your Operating System Up to Date

Windows comes with several built-in protection mechanisms, but in order for them to work effectively, you’ll need to make sure that your operating system is always up to date. Similar to the operating system found on your home PC, your VPS relies on Windows for the latest security updates for patching known vulnerabilities and exploits. If you don’t want to actively look for updates, you can simply turn on the auto-update feature and let Windows do all the work for you.

Final Thoughts

Cybersecurity is becoming an increasingly bigger concern these days and for good reason. We live in an age where everything is connected. Whether we’re talking about thermostats, baby monitors, or pacemakers, most electronic objects we come into contact with on a daily basis are connected to the Internet or some type of network, which makes them a potential target for hackers.

According to a late 2018 report by Mashable, even something as inconspicuous as an electric scooter can be vulnerable to hackers. Fortunately, hacking an electric scooter does take a fair amount of skill and handiwork, so this isn’t a very common occurrence. But with companies like eScooter working tirelessly to improve the security of the popular motorized vehicles even further, scooter thefts may soon become a thing of the past.

But if hackers go through the trouble of targeting everyday objects like eScooters, you can bet they won’t think twice about attacking your server if given the opportunity. Make sure to secure your Windows VPS using all the methods discussed in this article just to be on the safe side.

Roger Dunning

Roger Dunning is a technology evangelist. He lives in New York with his wife and pet dog. Along with keeping an eye on the Microsoft ecosystem, he loves to review software & hardware.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap