Getting Started: Answers and Solutions to Our Most Popular Dedicated Server Question

Getting Started: Answers to Our Most Popular Dedicated Server Questions
How to Administer a Dedicated or Virtual Private Server
 
For guidance on how to remote into your Dedicated or Virtual Private Server see:
 
 
 
Protecting Your Dedicated or Virtual Private Server
 
 
 
There are two key factors in protecting a dedicated server: firewall and antivirus protection. It used to be that a server on the Internet was only vulnerable to malicious attacks that were intended specifically for one destination. That is not the case any longer. Hundreds, if not thousands, of servers today are under the control of hackers or other negative influences. These servers are randomly scanning the internet for vulnerabilities on weak servers and computers. They are using methods like port scanning, Windows and other software loopholes and vulnerabilities.

Firewall
Firewall protection gives you the ability to set open and closed ports to incoming traffic on your server. There are two options for a firewall at CrystalTech, and it is recommended that at least one of them should be used. These two options do not include third party firewall and security programs that could be purchased and used on the server instead.

The first option for Windows 2003 Dedicated Plans is included with Windows 2003 Service Pack 1 and will protect against most random port scans. This can be turned on by going to the Control Panel and opening up the Windows Firewall settings and clicking on the ON option button. For Windows 2008 Dedicated or Virtual Private Servers, go to the Control Panel and open Windows Firewall then click Change Settings. This will bring up the Windows Firewall settings, then click the ON option button. The next step is very important, as you will need to click on the Exceptions tab and check the Remote Desktop option. Click on the OK button. This will enable the remote desktop connection to work through the firewall. Without this option, you may not be able to connect to the server. There may be other programs that need to be unblocked that cease to work with the firewall setting turned on. If this is the case, from the Exceptions tab, click on the Programs button at the bottom and select the corresponding program.

The second option for all Dedicated Plans is the hardware firewall solution. This is an enterprise level solution that will protect against port vulnerabilities without using resources on your server. The hardware firewall is a backbone grade shared firewall that can hold settings for all servers on the network. This option requires setting requests through the support team and has a monthly cost associated with it. Costs can be seen under High Value Options here for Windows/Linux Dedicated Server Plans and here for Cloud Virtual Private Server (VPS) Windows/Linux Server Plans.

Antivirus
There are many ways in which viruses can be spread, two of which are most common.

In some cases, viruses are spread from a colleague’s infected computer to yours. What happens when a computer becomes infected is that the virus will send itself in an email message attachment to everyone in the infected computer’s address book, so it looks like it was sent by the recipient when in reality, the recipient had no idea that it was sent. 

In other cases, viruses are spread from an infected server that is faking or spoofing email addresses. These viruses look like they come from a colleague’s email address but did not originate from the recipient or recipient’s email service. You can view the actual originating server’s IP address and other information by looking at the header of the message. You can view the header of the message in Outlook by opening up OPTIONS in the reading window. This can be useful in case a server block needs to be used in content filtering. 

For these reasons, viruses can be very easily spread to your server. Therefore, it should be protected at all costs.

There is software available that provide antivirus solutions for servers that use SmarterMail. Recommendations can be found in the following SmarterTools link: 
http://www.smartertools.com/Products/SmarterMail/AntiVirus.aspx

An antivirus solution that works with your email software and utilizes real time protection and scheduled scanning is very highly recommended. Real time protection is a necessity if you are going to browse the Internet from the server itself. A separate and additional schedule that provides a daily antivirus scan is also an effective method to protect your server. 

Another option for the Windows Dedicated or Virtual Private Server Plans is the McAfee/Diskeeper Bundle solution. This option will provide you with an Enterprise level Anti-virus solution that comes with Real-time virus protection, Email protection and other protections against malicious threats. This option has a monthly cost associated with it and can be seen here for Windows Dedicated Plans.
 
 
How to Set Up and Utilize DNS on My Dedicated Server
 
Getting the most out of DNS on a dedicated or virtual private server: a tutorial
 
 
Each dedicated server is also a Domain Name Server and as such, holds the records for all domains names on the server. This is made possible by the Windows DNS tool included with Microsoft Windows Server 2003.

Chapter 1:
Getting Started

Chapter 2:
DNS Setup (required)

Chapter 3:
Updating the SOA Records and Adding the Wild Card Record (advanced)

Chapter 4:
Reverse DNS Additions (used for email server verification)
 
 
Creating a Default Website Within IIS
 
1. Log in to your dedicated server using Microsoft Terminal Services.

2. Go to “Start --> Settings --> Control Panel --> Administrative Tools”

3. Double click on “Internet Services Manager” to bring up the IIS Management Console.

4. Right click on 'Web Sites", then go to  “New --> Web Site”

5. You will then start the Web Site Creation Wizard where you will configure your site name, select the IP address used for the site, set the TCP port used (which defaults to port 80) for the site, let IIS know whether you want to use host headers for the site, set the default path to the home directory (generally c:\inetpub\domain_folder”), etc. 

When you click “Finish”, the Default Website is added to your server and is ready to use. 

You will then want to log in to your DNS management tool and add the site to your Domain Name Server utility so that it is available from the Internet. To see how to do this, please refer to Knowledge Base article 765.
 
Windows Firewall on Dedicated/Virtual Private Server
 
When choosing to utilize the Windows firewall built into the Windows 2003/2008 operating system, the following steps explain how Newtek recommends how you should setup the firewall.

1. Make sure that the Remote Desktop is checked in the exceptions list. If this is not checked, you will lock your self out of remote desktop connections as soon as you click OK. The exception list is found by clicking the Settings button in the Local Area Connection Properties Advanced tab (note: this is also where you turn on\off the firewall).

2. Newtek monitors each dedicated server by using a ICMP monitor. Because of this, ICMP echo requests need to be allowed. ICMP can be turned on by clicking the settings button from the advanced tab in the Windows Firewall settings (note: you will only need to check Allow Incoming Echo request). 

3. Should you choose to use your server as a name server, you will need to create two exceptions for this traffic. From the Exceptions tab in the Windows Firewall settings, you will need to click Add Port and add as follows

Name: DNSTCP
Port Number: 53
TCP

Name: DNSUDP
Port Number: 53
UDP

4. If your dedicated server is going to be a web server hosting websites on port 80 for http traffic and https on 443, you will need to allow these services. To do this, go to the Settings button found on the Advanced tab in the Windows Firewall. From the Services tab, check Secure Web Server and Web Server.

5. Should you also choose to use your server as a mail server, you will also need to check the Internet Mail Server (SMTP) and the Post-Office Protocol Version 3 (POP3)

6. If you choose to use FTP, you will also need to check FTP server.

7. Two additional ports are required on dedicated servers for Newtek services which are TCP 743 and TCP 52155. Exceptions need to be created for these ports for your dedicated server to function correctly with Crystaltech's interface.

8. Any additional programs or services that require specialized ports to connect to the server (ie. SQL server port TCP 1433 and UDP 1434) will need to have exceptions created to allow connections.
 
How do I Use the Site User Admin Tool?
 
How do I use the Site User Admin Tool?
 
You can view or modify your Username and Password with the Site User Admin feature in Control Center. If you have not already done so, login with your customer ID and password. 
Then, access the Site User Admin tool. For shared plans, it is in the Site section of the Control Center. For dedicated plans, it is under Server.

View/Change Password
Click on the 'Show Password' link to view your current password. If you need to change it, you will need to contact a customer support agent for assistance. Please have your account information ready to verify.

Add Additional Username and Password
Click on the green 'Add' icon to add another Username. You will need to enter the username, password and verify it. Click on 'Save' when finished. If you want to make a Site Username the Primary (only one user can be used as a domain level login) please submit a Verified Ticket or Contact Us to have that changed. 

Add Feedback