Securing my shiny new vps - help needed

[tango]

I signed up for a VPS Hosting account yesterday, having only used shared hosting before. I'm familiar with using Windows 2003, but not in an internet facing way. So I'm keen to get my Dedicated Server locked down as much as possible (if it isn't already) to minimise any risks with it being on the 'net.

I ran the 'ShieldsUP!' scanner (**Home of Gibson Research Corporation**), and it reported that the following ports are open:

21 (ftp)
53
80
135
139
1026
1027

Should I close any of these ports? I know that some of them are required, (21, 80) but can any be closed?

Also, Windows Firewall is not turned on on the VPS Hosting - should I switch that on right away?

Thanks.

[flesso]

Hi,

I highly suggest that you turn the Windows firwall on ASAP, since without it hackers will be able to get into your Windows VPS Hosting more easily. I suggest that you leave the following ports open as to ensure that you are able to use your VPS Hosting effectively, but at the same time ensure that it is secure:

21 - FTP
25 - SMTP
53 - DNS
80 - HTTP
110 - POP3
143 - IMAP
443 - HTTPS (not needed if you aren't running a website hosting using a security certificate)
8443 - this is only needed if you are running the Plesk control panel on your Windows VPS Hosting

RDP Protocol - you will need to set this up as a service, and can easily be done via the firewall management interface, I suggest that you also limit the IPs allowed to access your VPS Hosting via the RDP protocol to your personal IP and the eUKhost one; you can find your IP at whatismyip.com and the eUK IP address can be obtained from support.

You can also open any other ports that you feel might be needed to ensure that your VPS Hosting is able to function correctly.

I would also suggest some sort of anti-virus for your VPS Hosting to ensure that it is even more secure, one i would highly suggest is ClamAV (Clam AntiVirus).

If you feel that you are unable to carry out any of these actions yourself, then support will happily do it for you if you open a support ticket with them either from the support desk (support.eukhost.com), or with 'windows [at] eukhost.com'.

[tango]

That is very helpful, thank you.

I can do some of the stuff you mention (windows firewall is now on!) but I think I'll open a ticket for the rest.

Edit: I've just run shields up again with windows firewall turned on, and all ports are now stealthed - much better.

One thing - shields up reports that my Dedicated Server is responding to ping requests from anywhere on the internet - can I block this with Windows Firewall? Should I?

[flesso]

Quote:

Originally Posted by tango

That is very helpful, thank you.

I can do some of the stuff you mention (windows firewall is now on!) but I think I'll open a ticket for the rest.

Edit: I've just run shields up again with windows firewall turned on, and all ports are now stealthed - much better.

One thing - shields up reports that my Dedicated Server is responding to ping requests from anywhere on the internet - can I block this with Windows Firewall? Should I?

In my opinion, I wouldn't block ping requests since it is the one method that you can use to check whether or not your server is down completely if you are unable to access it via Remote Desktop or other services, especially if you are unable to access the Virtuozzo power panel.

However, if you still want to block ping requets completely of if you want to limit them to come from your IP and eUK's IP only, then you should be able to set this rule with the Windows Firewall. According to the IANA list of port numbers, the Ping Discovery Service operates on port 9595, both TCP and UDP.

[tango]

Once again - thank you, it's much appreciated.

Support are now configuring Windows Firewall for me (after I spotted that someone was attempting to compromise my VPS Hosting!) so I will see about locking down ping and rdp to my ip address after they are finished.

Not sure why Windows Firewall isn't turned on by default?

[flesso]

Quote:

Originally Posted by tango

Once again - thank you, it's much appreciated.

Support are now configuring Windows Firewall for me (after I spotted that someone was attempting to compromise my VPS Hosting!) so I will see about locking down ping and rdp to my ip address after they are finished.

Not sure why Windows Firewall isn't turned on by default?

You are most welcome.

I'm not sure either as to why the firewall isn't implemented as default on a new VPS Hosting, or server for that matter. When I've done personal Windows Server installs in the past, I have noticed myself that the firewall wasn't enabled by default - I suppose it must be the same with any new Windows Server install.

If you need any more help then please don't hesitate to post here, at the end of the day we're all here to help.