Default Windows Configuration for VPS Servers

Welcome to your new VPS or Dedicated Server. Please find below some default network configurations applied to your Server during the deployment process. We have also included some security tips to help you secure access to your Server.

Default network configuration

Your server is configured with at least one public, static IP address or 5 if you have a dedicated server. Please do not attempt to remove or change these IP addresses, as it will result in access to your server being lost. Should this occur, Web Africa will unfortunately have to bill you (on an ad hoc basis) for the staff intervention required to resolve.

Your Server is preconfigured to use a provided set of DNS resolvers. These DNS resolvers, or name servers, are only used to resolve your hostname lookups and will not be able to serve as name servers for any of your domains. Please see the IP addresses for these resolvers below:

Your server’s time should already have sensible defaults with the time zone set to GMT+2. However, if you wish to customise it, we have an Internet Time Server (NTP server) available. You can configure your NTP service with the following server details:

In order to ensure we provide you with the best uptime possible for your dedicated or VPS server, we have a monitoring system in place (monitoring ICMP requests to your server). Should you wish to block ICMP but would like us to continue monitoring your server, please add exceptions to the below IP addresses:

For your Windows VPS or Dedicated Server, you would want to start with securing your RDP/Remote Desktop connection to the server and then move on to securing any applications or websites you plan on running.

 

  • Use a strong password on all accounts: Passwords that contain only alphanumeric characters are easily compromised by using publicly available tools. To prevent this, passwords should contain additional unconventional characters.
  • For newer versions of Windows operating systems (Server 2008 and 2012), administrators can enable network-level authentication (NLA) as an additional layer of authentication before establishing a connection to the RDP host server. This can also help by reducing potential denial-of-service (DoS) attacks or brute-force attempts.
  • By default, the RDP host system listens on port 3389 for connections from RDP clients. It is possible to change the port away from the default, which will help increase security. It is noteworthy that this may lead to errors and possible oversight, where applications may be hardcoded with this port, or users are not made aware of the port change.
  • Use Windows Firewall (or a third-party firewall) to filter incoming requests to block or allow access based on parameters you specify. The parameters can be based on specific users added to the server, being allowed access, or specific source IP addresses where connection requests would be made from, being allowed access.
  • Set a lockout policy to stop hackers from trying to brute force their way into a server.
  • You can also make use of third-party applications to assist in securing your server. Most of these applications can address a multitude of services, including SQL and more:

Bfguard – http://www.bfguard.com/

Ipban – https://github.com/jjxtra/Windows-IP-Ban-Service (aimed at the more advanced System Administrators)

  • Limit users who can log in using Remote Desktop, by default all Administrators can log in to Remote Desktop. If you have multiple Administrator accounts on your computer, you should limit remote access only to those accounts that need it.

Keep your systems updated with the latest patches.

Was this article helpful?

Related Articles