How Do I Protect and Secure VPS From Threats

WINNERvps provides 3 (three) account types:

  1. CLIENT AREA account (using an e-mail address as the username)
  2. WINDOWS VPS ADMINISTRATOR account (using Administrator as the username)
  3. VPS Control Panel account (using the format winnerxxx = numbers as the username)

These 3 (three) accounts will be sent to you by e-mail by the time of the VPS activation (can be also obtained at the CLIENT AREA -> MY E-MAIL).

In order to secure a VPS, besides the above-mentioned parameters, there are also 4 (four) other things which have to be considered, they are:

  1. Windows Administrator Password (same as the No. 2 mentioned above)
  2. VNC Password
  3. RDP Port (default: 3389)
  4. File encryption

A). Changing the Windows Administrator Password
Windows Administrator Password, easy and often seen (or probably often replaced).

04 - Security01

04 - Security02

04 - Security03

B). Changing VNC Password
VNC Password, perhaps for some, may heard VNC for the first time.

In short: VNC is the Linux version of VPS access. Since the Windows VPS we developed is running “on top of” Linux, a VNC password is absolutely has to be considered (may be changed as well).

Usually, a VNC password can be located in the VPS Control Panel menu. Contact your VPS provider to find out about the link to access the VPS Control Panel, since each VPS provider is generally different one to another. Examples of VPS Control Panel: HyperVM, VMware, SolusVM, vePortal etc
.
Make sure to alter these two parameters regularly (password for Windows Administrator and VNC), with an adequate level of difficulty. And please take note, if the password has been changed without any intervention (and/or confirmation) by you, then it means that there’s a possibility that the ‘the admin’ has altered it for certain purposes or the VPS has been compromised. Please visit https://cp.winnervps.com (WINNERvps VPS Control Panel).

C). Changing RDP Port (for advanced users only!)
One important thing, which is usually being forgotten, is that if someone knows an IP address of another person’s VPS, that “person” would have the ability to establish a connection to the specific VPS, even though the person (the potential intruder) may
not know the Windows Administrator password yet, it doesn’t mean that he/she can’t obtain one, since it is not that difficult to break a Windows Administrator password (don’t believe it?)

Another trick to protect a VPS from this case is by changing the default connection port which is usually being used by the RDP (Remote Desktop Program) to connect to the VPS (the default RDP port is 3389), with another port of your own choice (in this example, being changed to port 3398 dari 3389), which is as follow:

  1. Edit Registry
    • Run regedit (Start >> Run >> regedit 
      04 - RDP Port1
    • 04 - RDP Port2
    • Browse and Find HKEY_LOCAL_MACHINE >> System >> CurrentControlSet >> Control >> TerminalServer >> WinStations >> RDP-Tcp >> Port Number
      04 - RDP Port3
    • Change it with your own choice (try to replace the port with the same 4 digit port number). Please note that the numbering format is Decimal (not Hex) 
      04 - RDP Port3
    • Replace “0000D3D” (3389) with the desired port number (use the following converter >> http://www.binaryhexconverter.com/decimal-to-hex-converter) to change, for example, port 1234 becomes hex = “000004D2”.
  2. Changing the Firewall according to the RDP PortDon’t forget to activate the Firewall to open the particular port (for yourself to be able to connect to the VPS)
    • Click Network Connection (Start > Network Connection).
      04 - RDP Port4
    • Right-click LAN and choose PROPERTIES.
      04 - RDP Port5
    • Then, choose the ADVANCED Tab and click SETTINGS.
    • 04 - RDP Port6
    • Next, on the following screen, choose the EXCEPTION Tab and click ADD PORT.
    • 04 - RDP Port7
    • Enter the Name (of your own choice), and Port Number (representing the new port number, according to the one that we replaced earlier)
      04 - RDP Port8
  3. Restart VPS
    • Connect to the VPS, using the specific port, by adding a semicolon symbol and the number of the port itself (example: xxx.164.73.132:3398)
      04 - RDP Port9

File Encryption
One of the ways to secure data from being accessed by irresponsible parties, especially those are commonly being named as hackers and crackers, besides changing RDP port (from the default: 3389, as being described previously on this tutorial), is utilizing the file encryption technology.

Surely, before we discuss more further on what and why we do file encryption, it’s good that we firstly become familiar on some threat techniques and tricks (hacking and cracking) which come along with the use of a VPS, so by knowing the thesis, at least, we will become more aware knowing the anti-thesis, which is:

  1. Brute force attack. Commonly used to gain access to a VPS. The attackers would run a string of possible password combination, randomly within a period of time, continuously and constantly. This brute force attack is not only being done to the Windows itself, instead, it is also being executed to the programs installed within the Windows.
  2. Portscan and Cross-site port attack.
  3. Backdoor. To gain access, usually hackers are using hidden codes which are installed in a VPS. Or, could be also in the Windows system file that has been infiltrated. This type of access is commonly called by the name of backdooring.
  4. Injection (remote or local file processing attack). Similar to backdooring.
  5. Exploit (vulnerability insertion)

What is Encryption?
Encryption is the process of files/data encoding (scrambling) in such way, where afterwards they are not directly accessible.

The purpose of file encryption:
Protection of illegal access of some data in a hard drive or in some sort of media storage.
At this time, we are going to use a free program / software from TRUECRYPT (https://www.truecrypt.org) to help us in encrypting files in a VPS.

What TrueCrypt can do:
Protect and limit access by using a password, on a folder and/or file. TrueCrypt has to be accessed/run first, by entering a password, which then the MT4 or file can be run. So in a state of the VPS being rebooted (or just started), all files are in the condition of inaccessible or unreadable.

What TrueCrypt can’t do:
If accessing a VPS can be done while the VPS/computer is actively running (cracking) or without turning it off (turn off/reboot), or in a condition when TrueCrypt has been mounting (already being activated), then the files or folder are accessible (possible to be accessed by other parties)

TrueCrypt’s file encryption methods:
Creating an encrypted partition, utilizing passphrase (password) with AES algorithm (super complex with an intrusion probability = zero percent).

  1. Mounting a particular partition (to become a folder), by entering a password which has been created earlier by the user.
  2. Formatting the partition (folder) which has already been encrypted.
  3. Putting files in the partition (folder) which has been encrypted.
  4. Running MT4 or other programs that have been placed in the particular partition.

Step-by-step on using TrueCrypt:
Follow all of the instructions (including the final step)
http://truecrypt.sourceforge.net/

  • 3 Users Found This Useful
Was this answer helpful?

Related Articles

Guide to Console (VNC) Your VPS

In case of you cannot connect to your VPS with Remote Desktop connection or SSH Client, you might...

How To Enable Remote Desktop Connections In Windows

Windows Remote Desktop Connection allows you to connect to a Windows-based computer via the...

How To RDP in Android and Ios?

In purpose to access your vps through android device, you need to install Remote Desktop App, you...