Home Cloud Serevrs Secure Your VPS: Best Practices for Windows & Linux

Secure Your VPS: Best Practices for Windows & Linux

Last updated on Feb 13, 2025

Securing your VPS is essential to prevent unauthorized access, data breaches, and malicious attacks. This guide will walk you through essential security measures to protect your Windows and Linux VPS.

1️⃣ Change the Default Administrator or Root Password

When you first deploy your VPS, change the default password to a strong one.

For Windows VPS:

  1. Log in via Remote Desktop (RDP).

  2. Press Ctrl + Alt + Del and click Change a password.

  3. Enter your old password, then type and confirm your new strong password.

  4. Click OK.

For Linux VPS:

  1. Log in via SSH.

  2. Run the following command:

    passwd

  3. Enter and confirm your new strong password.

Use a password manager to store your new credentials.

2️⃣ Update Your VPS Regularly

Keeping your system and software updated prevents security vulnerabilities.

For Windows VPS:

  1. Open Settings > Update & Security.

  2. Click Check for updates and install any available updates.

  3. Restart your VPS if needed.

For Linux VPS:

  1. Run the following command based on your distribution:

    For Ubuntu/Debian:

    bash

    CopyEdit

    sudo apt update && sudo apt upgrade -y

    For CentOS/RHEL:

    sudo yum update -y

    For Fedora:

    sudo dnf update -y

  2. Restart your VPS if necessary:

    sudo reboot

3️⃣ Disable Root or Administrator Login (Use a New User)

By default, the Administrator (Windows) or root (Linux) account is a prime target for attackers.

For Windows VPS:

  1. Open Computer Management (compmgmt.msc).

  2. Go to Local Users and Groups > Users.

  3. Right-click Administrator, choose Properties, and check Account is disabled.

  4. Create a new admin user:

    • Click New User.

    • Set a strong password and add the user to the Administrators group.

For Linux VPS:

  1. Create a new user:

    sudo adduser newuser

  2. Give it admin privileges:

    sudo usermod -aG sudo newuser

  3. Disable root login:

    sudo nano /etc/ssh/sshd_config

    Find PermitRootLogin yes and change it to:

    PermitRootLogin no

  4. Save the file and restart SSH:

    sudo systemctl restart sshd

Now use the new user for SSH connections.

4️⃣ Enable a Firewall

A firewall helps block unauthorized traffic to your VPS.

For Windows VPS (Windows Defender Firewall):

  1. Open Windows Defender Firewall.

  2. Click Advanced settings > Inbound Rules.

  3. Block unused ports and allow only required services.

For Linux VPS (UFW or Firewalld):

  1. For Ubuntu/Debian (UFW):

    sudo ufw allow ssh sudo ufw enable

  2. For CentOS/RHEL (Firewalld):

    sudo firewall-cmd --permanent --add-service=ssh sudo firewall-cmd --reload

Only open necessary ports (e.g., RDP, SSH, HTTP, HTTPS).

5️⃣ Use SSH Keys Instead of Passwords (Linux VPS)

SSH keys provide stronger security than passwords.

Step 1: Generate an SSH Key on Your Local Computer

Run this command on your local machine:

ssh-keygen -t rsa -b 4096

  • Save the key in ~/.ssh/

  • Leave the passphrase blank (optional).

Step 2: Copy the Public Key to Your VPS

ssh-copy-id newuser@your-vps-ip

If ssh-copy-id is unavailable, manually copy the key:

cat ~/.ssh/id_rsa.pub | ssh newuser@your-vps-ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Step 3: Disable Password Authentication

Edit the SSH config:

sudo nano /etc/ssh/sshd_config

Find and set:

PasswordAuthentication no

Restart SSH:

sudo systemctl restart sshd

Now, SSH logins will only work with your private key.

6️⃣ Enable Two-Factor Authentication (2FA)

Adding 2FA significantly improves security.

For Windows VPS:

  1. Install Duo Security or Google Authenticator for Windows logins.

  2. Configure it to require a second authentication factor.

For Linux VPS (Google Authenticator 2FA):

  1. Install Google Authenticator:

    sudo apt install libpam-google-authenticator -y

  2. Run:

    google-authenticator

    • Scan the QR code with Google Authenticator on your phone.

    • Answer yes to time-based tokens.

  3. Edit the SSH configuration:

    sudo nano /etc/pam.d/sshd

    Add:

    auth required pam_google_authenticator.so

  4. Restart SSH:

    sudo systemctl restart sshd

Now, SSH logins will require both your password and a 2FA code.

7️⃣ Regularly Back Up Your VPS

To prevent data loss, create regular backups.

For Windows VPS:

Use the Windows Backup Tool:

  1. Open Control Panel > Backup and Restore.

  2. Set up a backup schedule to an external or cloud location.

For Linux VPS:

Use rsync or tar:

rsync -avz /important_data user@backup-server:/backup/

Or create a compressed backup:

tar -czvf backup.tar.gz /important_data

Store backups offsite to protect against failures.

8️⃣ Monitor Your VPS for Suspicious Activity

Regular monitoring helps detect threats early.

For Windows VPS:

  1. Open Event Viewer (eventvwr.msc).

  2. Check Windows Logs > Security for failed login attempts.

For Linux VPS:

Monitor SSH login attempts:

sudo cat /var/log/auth.log | grep "Failed password"

Install Fail2Ban to block repeated login failures:

sudo apt install fail2ban -y sudo systemctl enable --now fail2ban

Set up alerts for suspicious login attempts.

Final Thoughts

By following these security best practices, you significantly reduce the risk of unauthorized access to your Windows or Linux VPS. If you need further assistance, VolticHost Support is always here to help. 🚀🔒