Recently my windows server 2008 r2 VPS was hacked. Thus i started to do research on protecting my VPS.
I found some advise to close all ports and only leave port 80 and 443 open. And also the RDP port (use a random port number) so that i can log in.
So i checked the firewall under inbound and outbound rules for the rules that are enabled.
The opened ports in inbound rules:
Core Networking (DHCP-In) 68
Core Networking (DHCPV6-In) 546
DFS Management (DCOM-In) 135
DFS Management (SMB-In) 445
Remote Desktop (TCP-In) 3389
Remote Desktop – RemoteFX(TCP-In) 3389
I am only using that VPS to run a proprietry software that uses port 443. Am I suppose to close all those other ports by disabling them? Will my VPS stop functioning normally? I have opened another port for the remote desktop, can i disable the remote desktop 3389?
Or is there somewhere else where I am suppose to close the ports?
As this is a hosted VPS, i don't have physical access to the server, and i do not want to lock myself out of it.
Thanks for the help.
Best Answer
If you don't use or serve DHCP, the DHCP-related ports can be closed without problem.
The Netbios related ports (135, 445) are very important ones because Windows OS and programs sometime use them for loopback connections. For this reason, I would not close them totally, rather I would left it open for localhost connections only. In this manner you effectively close them for external access, without affecting localhost's loopback access.
Regarding RDP port, before to close anything on port 3389, please triple-check that you are able to RDP on the other port you selected. If you close your RDP port without being sure that you can connect to another port, you really risks to lock you out of the server. A simpler approach is to leave RDP on the default port, but using a very strong password (and maybe use a different account then the default "Administrator").