A virtual private server (VPS) offers companies a viable platform for hosting a website and running their eCommerce applications. In cost, performance, and flexibility, a VPS straddles the line between shared cloud hosting options and dedicated server options. Businesses often choose to upgrade to a VPS when shared hosting no longer fulfills their needs.
Customers can configure a VPS to address their business objectives. Working with the base VPS systems delivered by a cloud provider, an organization’s IT team can make changes they deem necessary or worthwhile.
One area of concern for all customers is the security of their VPS environment and the data it contains. Cybercriminals are always probing for new victims and companies with a web presence need to protect themselves. This article presents some best practices that can help enhance the security of Windows or Linux VPS systems.
In many instances, these tips are based on common sense or make use of native operating system functionality and are not difficult to implement. Taking the time to improve your VPS security is well worth the effort.
Improving the Security of a Windows VPS
Companies already invested in Microsoft products may prefer the familiarity of a Windows VPS. Here are some best practices to help improve the security of your Windows VPS.
Disable the default Administrator account
In brute-force attacks, hackers attempt to guess login credentials to gain unauthorized access to your computing environment. They need both an account name and password to be successful. The default Administrator account provides half of the credentials and makes it easier to carry out an effective attack.
Disabling the default Administrator account is one of the first things you should do with your VPS. Creating another named account and giving it the same power as the Administrator account affords more protection for the system.
Only install required OS components
A typical Windows VPS may have been configured with defaults that install the complete operating system. Security can be improved by performing a custom install that only includes the required components. This reduces the system’s attack surface and will minimize the need for patching and updating the OS.
Implement user account policies and strong passwords
You should implement user account policies designed to enhance security if multiple individuals or groups will be accessing the VPS. The policy should enforce the use of strong passwords, lockout accounts after failed login attempts, implement session timeouts for inactivity, and enable two-factor authentication.
Enforce the “least privilege” principle
Many security breaches are perpetrated by individuals having access to credentials with excessive privileges. The remedy for this type of security issue is to implement the principle of least privilege. Users should only have the privileges necessary to do their jobs which can minimize the damage if credentials are compromised or misused.
Turn on Windows Firewall and Antivirus
Microsoft provides operating system components that can substantially improve your VPS security, but you need to use them. While it may take some time and effort to get the Windows Firewall running effectively, it will protect your VPS from being visited by uninvited strangers. You should also strongly consider running Defender Antivirus or a reliable third-party alternative.
Use SFTP for file transfers
Consider using the Secure File Transfer (SFTP) instead of FTP or FTPS. The protocol uses SSH and encrypted FTP commands which makes it impossible for hackers to sniff passwords or obtain plain text information. Clients are authenticated by the server, minimizing the chances of man-in-the-middle attacks. If you process sensitive data on your VPS, you should look into protecting it with SFTP.
Change the remote desktop port
The default port for Windows Remote Desktop (RDP) is 3389. RDP is a well-known method of attacking Windows servers and eliminating this potential entry point contributes to enhanced VPS security. It is recommended to use a 5-digit random number. You can update the port setting in the Advanced Windows Firewall options.
Enable Windows BitLocker drive encryption
Encrypting your drives with BitLocker keeps your data secure and is a viable solution for preventing malware infiltration. BitLocker is not enabled by default, so users need to turn on this Windows feature to reap its benefits.
Install all Windows updates
The final tip should be expanded to include all software on your VPS. Install all updates as soon as they become available to plug security gaps found by developers. Unpatched systems present an inviting target for hackers well-versed in the weak points of Windows and other application software.
Hardening the security of a Linux VPS
In many cases, a Linux VPS may be more suitable for a business than a Windows server. Here are some best practices and tips that will improve the security of a Linux VPS.
Disable root logins
Disabling the ability to log in as root eliminates a popular hacking strategy of perpetrating a brute-force attack against this user. After creating a named user with appropriate authority, change the PermitRootLogin parameter to “no”.
Regularly update the server’s software
System software should be updated regularly using a manual or automated process. Security patches should be prioritized and installed promptly to close newly found flaws that can be exploited by hackers.
Change the SSH port
Hackers love to attack using default settings such as port 22 used by SSH. Modifying this port number to one that is unused adds a layer of protection to a Linux VPS and eliminates one potential entry point for malicious actors.
Remove unwanted packages
Take a hard look at the services and packages that are part of your Linux distribution and remove those that are not in use. Taking this action reduces the server’s attack surface and will often result in improved performance as well.
Enforce a strong password policy
Strong passwords should be required for all users. Requiring passwords to be changed regularly and restricting the use of previously used passwords contribute to improved VPS security.
Implement and configure a firewall
Filtering out unwanted traffic before it gets to your VPS is an essential security tactic. Many Linux-compatible firewalls are available, and you should get one up and running to protect against distributed denial of service (DDoS) attacks.
Encrypt data transmission
Implement encryption with a tool like GnuPG to protect against compromising sensitive information sent in plain text.
Lock accounts after failed logins
Configure user accounts so they are locked after a defined number of failed logins. This protects against brute-force attacks that attempt to guess user passwords.
Disable IPv6
If you are not using IPv6 on your Linux VPS, disable it. It’s a popular attack vector for hackers intent on gaining access to your system.
Conclusion
The best practices and tips discussed above should be implemented to harden the security of a Windows or Linux VPS. Simple steps like enforcing strong passwords and disabling or modifying defaults make your VPS much harder to attack successfully. Hackers often take the path of least resistance and will look for easier prey if you make it difficult for them to get into your system.
Customers should take it upon themselves to ensure the VPS they obtain from a cloud provider is sufficiently secured against cyber criminals. Obtaining the optimal results from your VPS requires you to take the necessary steps to protect it. Be proactive and address these issues before you are the victim of a successful cyberattack.