dediserve news

Securing Your Windows Cloud Server

As revolutionary and Cost effective as Cloud Hosting now is, the fundamentals of server management remain very much the same, meaning security is still a hugely important part of managing your server.

In this post we can going to look at some simple security steps that we recommend to all customers who deploy windows machines on our cloud platforms.

1) Install a good Antivirus, e.g. ESET NOD32, AVG, Kaspersky, AVAST.

2) Configure your firewall to only what you need, e.g. Disable all un-needed Incoming Rules

3) Lock down certain Services to YOUR IP. Within your advanced firewall settings, doubleclick your inbound rule for RDP (port 3389), click scope and add your IP address into the “Remote IP Address” section.

4) Turn off Auto-Update. Update manually regularly, and be sure that hotfixes/security patches will work with the software you are running

5) Take regular backups before running the lastest update, so you can easily roll back if it breaks something..

Feel free to add your own suggestions in the comments below and i will add to the list.

VPS Security Made Easy

Here at dediserve, we understand the massive importance security plays in the day to day management of the data on your server, in a recent blog post we went through a short tutorial on setting up IPTables on your Virtual Server.

As a follow up to that blog post we will now look at an additional peice of opensource software that will enhance the use of IPtables whilst reducing the amount of work needed in terms of administration on your server.

This is done by installing and setting up the opensource Fail2ban software on your linux virtual machine – Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules dynamically to reject the IP address.

For this installation i will be using Ubuntu 8.04:

Read more

Configuring iptables on your VPS

iptables-network-security

After just installing iptables, it will have no rules on the INPUT, OUTPUT or FORWARD chains:

# iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

And the default policy on each chain is “ACCEPT”, which means there are no restrictions: any incoming and any outgoing packets are allowed.

Read more

Installing Iptables on your VPS machine

One of most useful things with regards running xen on your VPS server  , apart from the guaranteed RAM, and the ability to hard reboot your machine is also the ability to configure IPtables on your Machine.

Some of the main features functions available with Iptables is the following:

•    Build internet firewalls based on stateless and stateful packet filtering
•    Use NAT and masquerading for sharing internet access if you don’t have enough public IP addresses
•    Use NAT to implement transparent proxies
•    Aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
•    Do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header

In most Linux installs iptables has become a standard option, especially centos. There is a very good chance that iptables is already installed on your machine. Check by:

1.    Opening a terminal window (making sure to be logged in as root).
2.    Typing: # iptables
4.    If iptables is installed, you should get the following message: iptables v1.2.8: no command specified Try ‘iptables -h’ or             ‘iptables –help’ for more information
5.    If this message does not appear, then follow the directions below to install iptables.

Read more