New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How secure is a Windows 7 desktop on a VPS?
I am thinking about putting a Windows 7 desktop on a VPS so I will always have everything I need in one place and can work from anywhere I have an internet connection via RDP. The thing that worries me is that it may not be secure enough to keep sensitive data on. Is a Wndows firewall enough to keep the bad guys out? I know given enough time and determination anything can be hacked, but I don't want to put server logins and financial info on a VPS that a script kiddy can easily hack.
Comments
I put all of my Windows 7 VPSs behind a ClearOS gateway and only use NAT as a precaution. I trust my software firewalls but I still feel better with the NAT between my VPS and the internet.
This is why the server editions of Windows were created
You should be fine, but remember to use commonsense.
I guess it's as secure as running it on your home PC, maybe less secure because I think the host can view everything on the harddrive.
My home PC is behind a router with a firewall. I have my own dedicated server that I installed Proxmox on.
If you are running it on your own server then setup a gateway and use NAT to be safe. I run ClearOS as a small VPS on ESXi and make my Windows 7 VPSs connect to the ClearOS gateway on the same hardware and do port forwarding only for specific ports.
This AND make sure you forward a weird port to the rdp port in windows. Like 19999 TCP. This will prevent bruteforcing in most cases. You will need to setup the client to use that port as well, in all clients for RDP that i tried, including MS one in android it is possible to use custom ports.
PRO TIP:
Since we are talking about Desktop OS behind a router/gateway; forward outside port 19999 (or whatever port you want) to inside 3389.
No config needed on the windows machine.
When possible, I always have some sort of gateway/router/firewall between my servers and the Internet.
I like that extra "security" that NAT brings.
Hello,
I would not do that if i were you put everything at the same place is not a good idea if there is a failure of any kind you'll loose everything.
If you still want to do that there a lot of things you can do to secure your seven.
You can set your seven to be accessed in RDP by a specific account and only one.
If it is a vps and does not require to be online h/24 you can pause/shut down vps while you're not working.
NAT is a very good idea.
You can also add firewall rule to authorize only your ip (might look pretty obvious but i am trying to thing about everything).
If you want ot keep peace of mind you can also set up monitoring tools.
That is exactly what I said, but the client does need config.
If the port forwading is done properly, The only config the client needs is to set which accounts have access to the remote desktop.
Nope, I mean the client, not the server.
Windows by definition is not secure.
You will never know what Microsoft has hidden in Windows, because it is not open source and never will be.
He meant the client that initiate rdp connection to the desktop OS VPS
Never say never.
My Windows server 2008 R2 still OK in the last five years.
I just changed the remote desktop port, no NAT between the server and router
Yes, as others have said: use NAT, change RDP port and you can use a free two-factor authentication (like DuoMobile from DuoSecurity) - which works for RDP!
With two client OS it's easy to misunderstand.
And I say that this is the Sysadmins fault in that case for not securing the services that is running on the server.
This goes for both Windows and Linux Sysadmins.
Remember these words: "Computers are stupid, they do not do what you want them to do. They do exactly what you tell them to do."
I tried to translate this word by word from Swedish so it sounds a bit weird in english.
I tell my computer everyday: "code it for me, code it for me". But never get anything from him ~.~
"him"
Anyway, wait 10 years.
Wilbo asked about Windows 7 on a VPS. Here is my response:
It would be as safe as the Windows 7 computers owned by many consumers who connect them directly to the Internet. Hopefully Microsoft has learned enough to enable users to safely connect them this way. Microsoft recommends that you keep it fully patched when updates are released. I note that many consumer's computers have been hacked or are otherwise infected, and I would not be surprised to learn that the "direct connects" are disproportionately represented in that group. That's because they do not use the Windows firewall, fail to keep their computers patched, fail to separate admin and user accounts, etc. Being directly connected also exposes the Windows 7 systems to remote execution attacks that are newly discovered and not yet patched by Microsoft.
As suggested above, putting your Windows 7 system behind a NAT offers significant protections against attacks that are aimed at your computer's IP address directly from the Internet. Obviously it won't stop your computer from being infected if you open a malware attachment in email. See my question below about how to configure a NAT on a VPS.
Remember that you have Window 7 licensing issues, too. I am not sure whether Windows 7 retail licenses are still available, which is what you need. An OEM license may not install. That was my experience with buying a Windows Server OEM license from Amazon, only to find that it would not install on a virtual machine, so I had to buy a retail license instead.
You will need to sign up for the right type of VPS - either KVM or Xen HVM. I do not think it is possible to run Windows 7 inside a virtual machine hosted on an OpenVZ Linux machine. Furthermore, the VPS will need to be provisioned with a lot of RAM in particular, especially if it is to run a NAT/router and Windows 7.
You must get your VPS provider to make the Windows 7 installer .iso available, too.
QUESTION FOR THE OTHER PEOPLE WHO RESPONDED:
How do you propose to configure the VPS (assume KVM or Xen HVM) so that it has a NAT with a Windows 7 system behind it?
(Someone suggested installing ESXi - but do VPS providers have a .iso for it or another hypervisor? Do they allow hypervisors with multiple VMs running on a VPS? - it sounds like a resource hog to me.)
Buy a dedicated to create as many VM as you need.
On a VPS, I don't really know... perhaps virtualbox?