General Server Security (Windows Server)

[lineamovil]

Hello!

A friend recently receibed an attack to his server, and got his files encripted. That really gets me thinking what is the best practice for server security. I would appreciate your tips and comments.

I have been using Windows Server 2012R2, XAMP, MySQL Server

I have the windows firewall configured.
Windows Security always updated
MySQL Ports blocked. Only allowed for internal use
Have daily backups outside my server. Stored in Dropbox

I would really appreciate if you could share your tips in security using AwareIM.

best regards.

[lineamovil]

Forgot to mention that I was recommended to only allow connection from specifi IP address, but I dont see this a good option because my IP is not static and will change at some point, an so the other users.

A VPN was an option, but also user may connect from different PCs and locations.

Maybe Im wrong here. Thats why I ask for your advice.

Best regards,

[weblike]

Forgot to mention that I was recommended to only allow connection from specifi IP address, but I dont see this a good option because my IP is not static and will change at some point, an so the other users.

A VPN was an option, but also user may connect from different PCs and locations.

Maybe Im wrong here. Thats why I ask for your advice.

Best regards,

Who suggested that?
Maybe you missunderstood. User=developers.

It's nonsense to provide a SaaS app and allow specific users....you don't know their IP's. It's impossible.

[lineamovil]

Yes, they have only 3 different access points. And usually are the same people. Thats why the suggested that. It is not open to public in general. Usually 3 branch offices.

[ACDC]

1. Make sure you always have the latest version update installed
2. There is a RDP vulnerability where some ransomware hackers have succeeded in gaining entry to windows server. make sure you make this change
CredSSP Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us ... -2018-0886
3. Change the windows server Admin user name to a secure name
3. Install endpoint protection e.g, Symantec Endpoint Protection - small business version
4. offsite- sequential daily backups site - make sure the offsite backups cannot be contaminated by a ransomware jump to the offsite

[lineamovil]

Thank you! I havent seen that no.2 before.

I will take a deeper look.

great info!

[mrbdrm]

i would like to add. use cloudflare services also