Best Practices - Securing your Windows Server 2016 VM on Vultr
-
With ZT, you can use the AD on the RDS server to provide AD to the end points as well.
-
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
Or you could use the Vultr firewall to block everything and use something like ZeroTier as the VPN component.
Yup, any VPN will work, but ZT has a lot of cool flexibility.
Sure, but brings long DNS issues, that Pertino had to solve with an AD client "fix."
-
@Dashrender said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
Or you could use the Vultr firewall to block everything and use something like ZeroTier as the VPN component.
Yup, any VPN will work, but ZT has a lot of cool flexibility.
Sure, but brings long DNS issues, that Pertino had to solve with an AD client "fix."
If it's juts one server, you don't need the DNS bits. Just point everybody at the IP address.
Edit: Or use a HOSTS file.
-
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@Dashrender said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
Or you could use the Vultr firewall to block everything and use something like ZeroTier as the VPN component.
Yup, any VPN will work, but ZT has a lot of cool flexibility.
Sure, but brings long DNS issues, that Pertino had to solve with an AD client "fix."
If it's juts one server, you don't need the DNS bits. Just point everybody at the IP address.
Edit: Or use a HOSTS file.
With AD, you'll need DNS to find specific record types. It's true that a hosts file might solve most of the issues though.
-
In regards to ZT it might work, reminds me a lot of Himachi.
Since the remote client wouldn't be part of the domain DNS wouldn't be a concern. It would be less exposure to risk than RDPGuard (which I am still gonna try first).
-
ZT is really nice.
-
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
ZT is really nice.
And did we mention free for up to 100 devices?
-
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
ZT is really nice.
And did we mention free for up to 100 devices?
On the hosted version, and free unlimited if you host yourself (which isn't cost effective as the cost of a VM is as high as the cost of the service.)
-
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
ZT is really nice.
And did we mention free for up to 100 devices?
On the hosted version, and free unlimited if you host yourself (which isn't cost effective as the cost of a VM is as high as the cost of the service.)
Price went up to $29 / month if you're hitting > 100 devices (unless you are grandfathered in on their $4 / month payments). But their web interface and management tools make it worth it to me. Managing a controller is a bit of a hassle without their web front end.
-
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
ZT is really nice.
And did we mention free for up to 100 devices?
On the hosted version, and free unlimited if you host yourself (which isn't cost effective as the cost of a VM is as high as the cost of the service.)
Price went up to $29 / month if you're hitting > 100 devices (unless you are grandfathered in on their $4 / month payments). But their web interface and management tools make it worth it to me. Managing a controller is a bit of a hassle without their web front end.
A hassle compared to the web front end? hard to believe, that thing is a huge hassle.
-
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
ZT is really nice.
And did we mention free for up to 100 devices?
On the hosted version, and free unlimited if you host yourself (which isn't cost effective as the cost of a VM is as high as the cost of the service.)
Price went up to $29 / month if you're hitting > 100 devices (unless you are grandfathered in on their $4 / month payments). But their web interface and management tools make it worth it to me. Managing a controller is a bit of a hassle without their web front end.
A hassle compared to the web front end? hard to believe, that thing is a huge hassle.
Really? I find it rather easy, although they keep changing stuff, lol.
-
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
ZT is really nice.
And did we mention free for up to 100 devices?
On the hosted version, and free unlimited if you host yourself (which isn't cost effective as the cost of a VM is as high as the cost of the service.)
Price went up to $29 / month if you're hitting > 100 devices (unless you are grandfathered in on their $4 / month payments). But their web interface and management tools make it worth it to me. Managing a controller is a bit of a hassle without their web front end.
A hassle compared to the web front end? hard to believe, that thing is a huge hassle.
Really? I find it rather easy, although they keep changing stuff, lol.
A good CLI would be dramatically easier.
-
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
ZT is really nice.
And did we mention free for up to 100 devices?
On the hosted version, and free unlimited if you host yourself (which isn't cost effective as the cost of a VM is as high as the cost of the service.)
Price went up to $29 / month if you're hitting > 100 devices (unless you are grandfathered in on their $4 / month payments). But their web interface and management tools make it worth it to me. Managing a controller is a bit of a hassle without their web front end.
A hassle compared to the web front end? hard to believe, that thing is a huge hassle.
Really? I find it rather easy, although they keep changing stuff, lol.
A good CLI would be dramatically easier.
+100000000!
-
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
ZT is really nice.
And did we mention free for up to 100 devices?
On the hosted version, and free unlimited if you host yourself (which isn't cost effective as the cost of a VM is as high as the cost of the service.)
Price went up to $29 / month if you're hitting > 100 devices (unless you are grandfathered in on their $4 / month payments). But their web interface and management tools make it worth it to me. Managing a controller is a bit of a hassle without their web front end.
A hassle compared to the web front end? hard to believe, that thing is a huge hassle.
Really? I find it rather easy, although they keep changing stuff, lol.
A good CLI would be dramatically easier.
+100000000!
If the build your own controller doesn't have one, might be easy to make.
-
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@dafyre said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
@scottalanmiller said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
ZT is really nice.
And did we mention free for up to 100 devices?
On the hosted version, and free unlimited if you host yourself (which isn't cost effective as the cost of a VM is as high as the cost of the service.)
Price went up to $29 / month if you're hitting > 100 devices (unless you are grandfathered in on their $4 / month payments). But their web interface and management tools make it worth it to me. Managing a controller is a bit of a hassle without their web front end.
A hassle compared to the web front end? hard to believe, that thing is a huge hassle.
Really? I find it rather easy, although they keep changing stuff, lol.
A good CLI would be dramatically easier.
+100000000!
If the build your own controller doesn't have one, might be easy to make.
I tried at one point. It was... more trouble than it's worth to me. I'd happily help somebody else though.
-
@bigbear said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
This https://rdpguard.com/ @scottalanmiller posted looks like something worth trying out first. Also appears to be actively developed. Anyone else using it?
I'm using rdpguard for a few clients. It seems to work well.
-
@Mike-Davis it seems like RDP guard would be simpler than a VPN for the purpose of allowing users to access the system "wherever" they are, mobile devices etc included.
However I wonder if Vultr ip ranges are scanned more frequently than Azure. I setup a couple honey potts and the attacks are 10 to 2 Vultr vs Amazon thus far.
-
@bigbear - I use https://cyberarms.net as a fail2ban for Windows equivalent. They used to charge a fee for licensing but now it is completely free. Very quick and easy to setup.
-
@bigbear said in Best Practices - Securing your Windows Server 2016 VM on Vultr:
However I wonder if Vultr ip ranges are scanned more frequently than Azure. I setup a couple honey potts and the attacks are 10 to 2 Vultr vs Amazon thus far.
I would have to wonder if it's also a matter of a weakness detected in the range once so now the robots keep pounding that IP or range. I say this because I had a server that had a vulnerability that went unpatched. After I patched it, the bad guys kept pounding the site. I even went as far as to move the site to a new server with a new IP and they kept looking for the vulnerable URLs for more than a week with thousands of requests coming in each hour.
-
can we get fail2ban added a tag on this thread?