i'm not a programmer but i'm looking for help to secure a physical server i have.

brthmrkmn

New Member
people at windowsforum,


regards to all. i hope you are all doing good.


i need help to secure a physical server i rent in europe and have no idea how i could get started about this. i live in a region where power and internet service outages can be all too frequent. over time these utility failures have become so significant that i did some research and found out that a physical server in europe could be reasonably affordable and would save me a lot of trouble as the up-time guarantees are practically 100%. so i have been renting a server in europe that i use for very basic tasks like storing some files and downloading economic data whenever there are any releases.

i already use a vpn on my laptop and smartphone and always connect to my server using the vpn as an intermediary.

however, i would greatly appreciate if anyone could suggest any free and easy to use software that i could use to secure my server as much as possible and also to keep a log of all the internet addresses that have tried to connect to it. i have done some internet searches on how to secure a server but most of the discussions were very advanced and focused on things like group policies and other settings that i don't have access to.


the worst part was some months ago when i received these emails below from my hosting provider. they just informed me that apparently my server had been subject to some attacks and suggested that i secured it. but i'm not a programmer and don't have the slightest idea of how i could do that, if i knew i would have already secured my server since i first started renting it.



Dear Mr ,

We have received a security alert from the German Federal Office for Information Security (BSI).
Please see the original report included below for details.

Please investigate and solve the reported issue.
It is not required that you reply to either us or the BSI.
If the issue has been fixed successfully, you should not receive any further notifications.

Additional information is provided with the HOWTOs referenced in the report.
In case of further questions, please contact [email protected] and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to <[email protected]-bund.de> as this is just the sender address for the reports and messages sent to this address will not be read.

Kind regards

Abuse Team

Online GmbH



For the purposes of this communication, we may save some
of your personal data. For information on our data privacy
policy, please see: www..com/datenschutzhinweis

On 04 Jul 11:13, [email protected]-bund.de wrote:
> Dear Sir or Madam,
>
> Remote Desktop Protocol (RDP) developed by Microsoft is a proprietary
> network protocol for remote administration of Windows systems.
> The RDP service is using port 3389/tcp by default.
>
> Malicious actors take advantage of RDP services openly accessible from
> anywhere on the Internet for gaining unauthorized access to the
> victims' systems by performing brute-force attacks on weak passwords
> or abusing stolen login credentials. On the dark market, thousands of
> stolen login credentials for RDP services all over the world are sold.
> Those credentials usually have been harvested by malware on the hosts
> used for remote administation of the affected systems.
>
> In the past months, malicious actors more often installed ransomware
> on the compromised systems to encrypt data and subsequently demand
> ransom from the owners of the systems for the decryption of the data.
>
> To protect against such kind of attacks, CERT-Bund recommends
> restricting access to RDP services to trusted source IPs or using a
> secure VPN connection for accessing the RDP service.
>
> Affected systems on your network:
>
> Format: ASN | IP | Timestamp (UTC) | Subject common name
> 24940 | | 2019-07-03 13:51:49 |
>
> We would like to ask you to look into this matter or notify your
> customers accordingly.
>
> This message is digitally signed using PGP.
> Information on the signature key is available at:
> <BSI - CERT-Bund Reports>
>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <[email protected]-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <[email protected]> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
>
>
>
> Mit freundlichen Gren / Kind regards
> Team CERT-Bund
>
> Bundesamt fr Sicherheit in der Informationstechnik
> Federal Office for Information Security (BSI)
> Referat OC23 - CERT-Bund
> Godesberger Allee 185-189, 53175 Bonn, Germany




very well, i hope the windows server experts in this forum can share a little of their knowledge. thanks, all the best, regards.
 
A few things :

You do not need to be a programmer to use/ configure server hardware or software .

With regard to hiring a physical server , I dont really understand - do you mean virtual servers - or on premise? For on premise physical servers Personally I just re-purpose old workstation computers. I cant really advise with 'Cloud/ VIrtual' servers as I dont have experience with them .
Though for physical on premise you can get dedicated servers such as HP microservers for cheap , around 300 euro on ebay .

With regards to power outage ( if on premise ) , you can invest in a UPS . Which version of Server are you using ? Latest Windows server has Anti Virus built in .
 
If you don't know what you're doing I'd strongly suggest hiring someone to secure the system. It's close to a doctor trying to walk a patience through surgery . There are just too many variables that won't be conveyed.

The "easiest" solution (for someone with technical knowledge) would be to put a decent dedicated firewall in front of the server and do not allow any direct access to the server. On the firewall you'd want to configure a VPN and only allow VPN connected users to the server.
This is only one step to protect the system most dedicated security teams will implement multiple layered defensive measures to protect company assets. On top of the logging and monitoring all activity is preferred as well as keeping up with security trends as it's often a cat and mouse game between defenders and threat actors as the bad guys will keep changing their tactics and finding different avenues to exploit.
 
90Ninety,



thanks.



yes, you are right about it not being a prerequisite to be a programmer to manage a server, i just mention it because i can have a hard time with some complex and advanced tasks that are a breeze for the it experts.



i'm renting a remote physical server in europe, it runs windows server 2016. it has been a very good solution for me so far, i can store, upload and download large database files with ease and at speeds that would never be possible with the services that the internet providers make available where i live. during the months i have been renting this server there have been zero failures of any kind and my file transfers work beautifully, so i'm quite satisfied with this solution.


the thing is that i use windows's remote desktop protocol to connect to my server and i understand that this method can be very vulnerable to hackers who try to gain control of other people's devices to exploit them. if there exist any easy to use and free programs that i could use to make sure that i'm the only one who has access to my server that is what i have in mind (i don't have a broadband internet connection at home and my ip address is not fixed, i also use vpn's all the time, so i'm afraid that ip based solutions will not be useful in my case).


as i mentioned, i have already searched the internet for possible solutions but i wasn't able to find any that i could easily understand and apply, so a little guidance from experienced server managers would be invaluable to me.


that is the situation, thanks to everyone, regards.
 
Having RDP open to the internet is not a good idea, there are several known exploits for gaining full access to a system through RDP as well as brute force attacks. The other item I'd recommend which is easy to do is to enable auto updates and make sure it's up-to-date on patching and have a complex password (lower and upper case, digits and special characters) that is at least 20 characters in length.
 
If you don't know what you're doing I'd strongly suggest hiring someone to secure the system. It's close to a doctor trying to walk a patience through surgery . There are just too many variables that won't be conveyed.

The "easiest" solution (for someone with technical knowledge) would be to put a decent dedicated firewall in front of the server and do not allow any direct access to the server. On the firewall you'd want to configure a VPN and only allow VPN connected users to the server.
This is only one step to protect the system most dedicated security teams will implement multiple layered defensive measures to protect company assets. On top of the logging and monitoring all activity is preferred as well as keeping up with security trends as it's often a cat and mouse game between defenders and threat actors as the bad guys will keep changing their tactics and finding different avenues to exploit.


Neemobeer,


thanks.


i appreciate your comments.


your message captures the same impression i get from the guides and manuals that i have read, namely that it security can be a complicated matter and in constant evolution. it seems like ready made solutions that would work for a home setting like free antivirus and antispyware programs do not exist to secure access to a remote server.


i will definitely do some research to hire an expert to secure my server. i don't use this server to handle internet traffic, it only connects to some data providers and that's it. however, it is indeed a very vulnerable target because of the complete lack of protections and the emails that i received mention that it has already been attacked. i will not be so stupid as to not do anything about this.


very well, thanks to all, regards.
 
1 thing mate, a server in europe comes under their laws... your vpn laptop is likly to be what is setting off red flags
2 secure my server has two meaning;
that you stop people getting into the files without your permission
that you can recover those files when some disaster kills the server
3 what you need to set up a server is a network person not a programmer

making backups is pretty easy so I assume you want to encrypt the data flows between you and this server... bottom line is that is not possible to be 100% sure of working... a physical server means its hardware based [not virtual like most internet farms] and the point of having a physical server is that it can be customised

be aware that privacy laws in europe are very different to the US where everyone is assumed to be steeling your personal data... in europe they expect you to follow the law and will enforce it so your best bet is to get help from the people you rent this server from {they should have someone that understands what you need as well as what you want}
 
FWIW , if you have your own physical server ( just use an old PC/ Workstation ) you can have much more control over security . Much cheaper too over long run - you can get suitable workstation for around 100-200 euro , even server computer for 200 euro . Then just configure a firewall with VPN .
 
Back
Top