Servers

[bennyboy]

I would recommend locking down that RDP connection. RDP is notoriously insecure. What other services do you have exposed? Have you ever run an Nmap scan of your server?

Even I have SSH locked down to my home IP.

I'm not currently too worried about security, as there is not much personal information on the site.  That being said, I can see from my SQL logs that a couple times a day I'm getting a string of requests from addresses in China that don't authenticate.  So. . . that's a bit curious. Admin access to stuff is always a bit scary-- when I'm accessing stuff through cell systems, wifi, on work computers, and so on. But my biggest protection is that I'm a relatively small little company, and not much of my data is going to be worth anything except to other educational sites.

I'm about to add a bus system which includes geolocation info for actual human beings. I'd think that those people would probably want me to protect that info as strongly as possible, so I'm definitely going to have to update my knowledge of security. My first step should probably be not having a link to the .rdp on the Home screen of my phone, which is often unlocked.

The way Azure is set up has additional protections for boneheads like me. I recently had a hard time setting up my SSL certificate: the damned site just wouldn't load in https. The problem turned out that not only did I have to open the port on the Windows server, but there's also a virtual network object in the asset group that needs to be configured as well, server settings be damned. That was frustrating as hell, and very hard for me to figure out. But in the end, it provides some reassurance.

Azure is ALL ABOUT scaling security, right up to a full enterprise level. There are analysis tools and extra protections up the yin-yang that I'm pretty sure I'll never be big enough to use.

--edit--
And btw I doubt you're interested, but if you are, Azure is free for one month for developers (which includes anybody), and they give $200 credit for testing, which is enough to install whatever OS you want on a VM of sufficient power.