Must-Know to Protect Your VPS - Viruses, DDoS, Malware...

by Andrea Unger

Need More Help? Book Your FREE Strategy Session With Our Team Today!

We'll help you map out a plan to fix the problems in your trading and get you to the next level. Answer a few questions on our application and then choose a time that works for you.

BOOK YOUR FREE STRATEGY SESSION NOW >>

Using a cloud or a dedicated server for systematic trading avoids several common problems that can cause connection issues between our trading platform and our broker. 

When we use this kind of solution, it's essential that we take some precautions to ensure maximum data security. 

In this video, we explain in detail what to do to defend yourself against:

 - viruses and malware

 - DoS/DDoS and Brute Force attacks aimed at stealing your sensitive data or taking over your trading infrastructure

 - generic vulnerabilities (weak passwords, usernames, ports, etc.)

Find out how to keep your trading infrastructure safe, and remember, better safe than sorry!

Enjoy! 😎

Transcription

Hey everyone, and welcome to this brand new video.

Today we're going to be talking about the main threats to your trading infrastructure and the main precautions that you need to take to protect it.

In particular, we are going to be talking about cloud servers and follow up on the same topic that we saw a few weeks ago.

I'm one of the coaches of Unger Academy.

In this video, I'm going to provide you with an overview of the fundamental measures to protect your infrastructure. These measures and tips are all the product of our experience with systematic trading.  

The main dangers and threats

There are mainly three kinds of threats that can damage our trading. 

The first includes viruses and malware, which are potentially dangerous files which you can come into contact when you use your computer. Later on in this video, we'll see that in addition to using a good antivirus suite, there are other measures you can adopt to protect yourself from this kind of threat. For example, you should avoid downloading potentially harmful files or using your VPS or dedicated server for any use other than systematic trading. In this way, you'll be able to limit the risk of downloading malicious files or, in any case, files that may slow down your machine.

The second type of threat that we've identified are external attacks such as DoS attacks, where DoS stands for "Denial of Service" and DDoS attacks ("Distributed Denial of Service"), which are very similar to DoS attacks but for the fact that they are "distributed."

The third kind is the "brute force" attack, which we will see in more detail later in this video.

Finally, we'd like to give you an overview of some generic vulnerabilities that may threaten your machine, such as choosing an easy password or not changing some default settings in Windows. Doing so may be dangerous because, since these parameters are predefined, generally, they are the first targets for hackers.

Viruses and malware

But let's take a closer look at the first category. When it comes to viruses and malware, the first thing to do is identify the risks. The main risk is that hackers steal your sensitive data. For example, the sensitive information that you saved in your computer, such as your bank account or trading account credentials, passwords, etc. If you get some specific virus or malware, this information may be stolen and even sent to third parties.

Another risk is that hackers may edit, delete, or encrypt your files or even format your drives. We once had a student who had downloaded an infected file on his remote server and couldn't open software or access files because the virus (called Cryptolocker) started to encrypt all the data on the hard disks, including software applications. So, he could no longer open his trading platforms and access indicators and signals. So, it's essential to be very careful about these types of threats.

Let's move on to external attacks. There are some viruses that neither corrupt your files nor steal your sensitive data but open ports in your computer to give access to hackers so that they can then remotely access your machine, take control of it, and do as they please with your computer or infrastructure.

Fortunately, there are several solutions to protect yourself. 

The first one consists in using a good Internet Security Suite. You can simply use antivirus software, but Internet Security suites are better as they also include firewall, antispam, anti-phishing, and anti-malware functions. In short, these suites are definitely a more complete solution. However, using an antivirus can still protect you, and the Windows firewall can help prevent some types of external attacks.

As I've already mentioned before, another critical measure consists in installing and using only software that is strictly necessary for trading. This can be of great help because, in this way, you can clearly reduce the possibility of coming into contact with infected files. For example, it's advisable to download only the updated version of your trading platform, the updated plug-in of your broker, and other updates from the Microsoft website. You should also avoid using the same computer to watch movies or download emails, etc., because in doing so, there is clearly a greater chance of stumbling upon potentially dangerous or infected files. And then, of course, never download or use any pirated or non-trusted software on your computer.

Finally, don't use cloud hosting clients such as Dropbox, OneDrive, etc. because if an infected file from your home computer were to end up into OneDrive or Dropbox, this file would then be transferred to the remote server, if it hadn't been previously identified as a threat and blocked by your home computer. Consequently, it would copy the virus or the infected file on to the remote server.

Viruses and Malware: The Best Suites

As for the first point we talked about, so the best internet security suites, I recommend that you go and check out this website. It reviews Internet Security or antivirus solutions, and as you can see, almost all the main products seem to be highly reliable. They claim they are an independent website, so there may be no conflict of interest, and for this reason, I would recommend one of the software listed here. Usually, this website makes a bimonthly report in which they evaluate each of the main solutions available on the market according to different parameters. So, we can say that any of these solutions are good enough and can serve the purpose.

DoS and DDoS attacks

As for DoS and DDoS attacks, which stand for "Denial of Service" and "Distributed Denial of Service," they consist of attacks that aim to disable or make unreachable a system that provides a service to clients, such as a remote server or a data server.

These attacks consist in bombarding the target server with access requests or requests for information until this server runs out of calculation power or bandwidth to process all the requests and becomes unreachable.

The difference between DoS and DDoS attacks is that in the case of DDoS attacks, the attack doesn't come from a single source but occurs in a distributed manner. This means that the attack comes from several "attackers" that work simultaneously. This group of attackers is called a "botnet." How the botnet is created is also pretty peculiar because usually, those who plan this kind of attack first try to infect the computers that will be part of the botnet, which for this very reason will take the name of "zombies", and then these zombies will attack the target computer, the “victim”, together. 

The main risk, in this case, is server unavailability, and the simplest solution, at least in our opinion, is to opt for a cloud server provider that includes DDoS protection. OVH offers this type of protection for all its services. Aruba, too, provides these protection features on dedicated servers, but I'm not sure whether it provides it on VPSs, too, or not. By the way, it's always up to us to investigate what kind of protection a specific service provider offers against this type of attack.

This picture shows how this type of attack works. I found it on the OVH website. As you can see, there is a "master control computer" that infects other computers. Then, the infected computer attacks other computers without their knowledge in a distributed and cross-over way. The zombie computers of the botnet will eventually hit the target computer, which is the victim of the attack. As a consequence, the victim will be unreachable for a certain amount of time because receiving this attack from many computers at the same time, it will be unable to process all their requests.

Brute Force attacks

Another type of attack is the "brute force" type attack. The final goal of this attack is usually completely different from the DDoS attack. You see, brute force attacks are usually aimed at stealing passwords or data.

Most of the time, these attacks work by making repeated attempts, hence the name “brute force,” because hackers use brute force by trying tons of different combinations until they identify the password of the target computer or maybe of a mailbox or a file encryption system.

The goal of brute force attacks is clearly to get hold of your login credentials to your machine or server to use it for other purposes or to be able to steal data from it.

So, what are the main risks in this case? Well, in this case, the server's unavailability is one of the main risks since all these requests could lead to results similar to a DDoS attack, although the purposes are different. I mean, many access attempt requests for a prolonged time could cause the final machine to be unable to process all the requests. Consequently, it may become unavailable or unreachable. Another risk is that if this attack is successful, the hacker who made it could get full access to it and use it for different purposes.

In this case, the best solution we could find, and I must say I'm really extremely satisfied with it, is to use a software application to ban the IP addresses of those who try to make a certain number of authentication attempts after a certain number of these attempts fail.

For example, if I enter a wrong password three times while I'm trying to access my VPS, my IP address will be automatically banned, and the machine will no longer respond to authentication requests from that IP.

Then, after a certain number of days or months, the IP will be "unbanned," but in the meantime, the threat will have been blocked.

Here is a screen from RDPGuard, a software I'm running on my VPS. I've obviously censored the IP column here, but as you can see, my machine has been attacked several times in the last month and a half, even if I have taken other types of precautions. In this case, you can see only the latest attacks. So, this is a real threat because there are usually several attempts, and we'll later see a way to try to reduce them.

Generic vulnerabilities

The third type of vulnerability consists of some "generic" settings that make it easier for hackers to access your server. So let me show you how to change these settings to limit these types of threats as much as possible.

Choosing an access password that has a high level of complexity is certainly one of the best and most essential best practices in this case. Recently, in some newspaper articles, I read that among the most common passwords used by people there are "1 2 3 4 5 6" or the word "password" itself or "1 2 3 4 5 6 7 8". Now, using passwords such as these is absolutely useless against any attack. And I think the reason is quite simple. You see, the brute force attacks we were talking about before start from trying out a list of common passwords, and of course, it's obvious that if your password is one of the simplest, it will be within this list of passwords, and they will try to get access to your machine using these obvious passwords.

I always advise that you don't disable the password complexity requirements from the Windows settings because this setting will make you choose a secure password for your access, which is very important. Also, remember that changing your password often will help too because if someone were to steal your password, changing it would make it difficult for them to regain access to your machine.

Another measure that can be very useful is to avoid using common names for your computer accounts. For example, if you use Windows, you should avoid using common names such as Administrator, which is a prebuilt user within Windows. And this applies to your VPS as well. Some services configure VPS users with names such as Root or Guest. These usernames are dangerous because since they are already present by default in Windows, attackers tend to target Windows pre-set users hoping that people didn't change them. For this reason, changing them makes this type of attack a bit more difficult.

The same applies to standard access ports. Take Windows Remote Desktop, for example. It uses port 3389, and this port is without a doubt the port hackers attack the most because it's the default port, and many people don't change it.

However, changing this port can make a difference when it comes to defending yourself from these attacks, so let me show you how to change it quickly.

In the beginning, I didn't change the login user name on my infrastructure, and neither did I change the username and the access port, and the number of attack attempts I received was way higher than those that you have seen in the picture I showed you a couple of minutes ago. They were more or less 100-200 times higher, just to give you an idea.

However, adopting these small measures can help a lot.

As for the complexity of your password, I suggest that you look at these three websites. They can help you generate secure passwords if you don't want to choose one yourself. Also, I’ve already told you that it's always advisable to change the password quite often, for example, every few months.

As for the default users, my advice is to go to the "Users Local Groups" menu, then click on "Users," and create a new user. You can grant it the same privileges as the Administrator user if you want to, but obviously, call it with an unusual name.

At the end of this process, as you can see in the picture, you simply disable the Administrator user you used to log in at the beginning so that it will no longer be possible to use this user with the obvious name. However, don't delete it so that you can reactivate it in case you need the highest privileges that are exclusive to this Windows account.

As for the default port 3389, I recommend that you change it. To do so, you need to enter the system registry. Simply type "regedit" in the “Run” menu in Windows. Then follow this path and find this registry key called "Port Number", select the decimal format, and change the number there. You have to pick a number between 1 and 65,535, and of course, you should avoid standard Windows ports such as port 80, the Internet port, and port 21, which is reserved for the FTP. You can easily go and look at what the standard ports in Windows are. Avoid these ports and choose an unusual one within the range that I've just mentioned.

At the end of this process, open your firewall and create an exception to allow incoming connections through the new port that you have chosen. Here you can see a screen from Windows Firewall. You just need to create a rule. Select the rule type based on the port and then simply select the port with the TCP protocol and enter the port number you've chosen.

After you've done this, restart the server and then disable the previously active port (3389) from the list of rules that you see in the Windows Firewall list.

For those of you who don’t know it, to specify which port to connect to with the remote access client, you must enter the colon symbol after the IP and then the port number. So, if we take as an example an IP address such as 123.123.123.123, to specify the port 12345, we can write ":12345" after the IP.

And with that, this video is over!

We gave you an overview of the primary measures you can adopt to protect your cloud server and trading infrastructure. However, since we have only seen the main aspects, I invite you to explore this topic further, if you find it interesting, of course. We consider it of primary importance because it's related to something that we deal with every day.

I remind you that in the description of this video, we're going to leave you a link to a free webinar about how to build trading systems following the method of the only 4-time world trading champion Andrea Unger.

And if you want to share your thoughts and ideas with us, please write them down in the comments!

I will see you in our next video dedicated to the world of trading systems!

Until then, stay safe! Bye-bye!

 

Need More Help? Book Your FREE Strategy Session With Our Team Today!

We’ll help you map out a plan to fix the problems in your trading and get you to the next level. Answer a few questions on our application and then choose a time that works for you.

BOOK YOUR FREE STRATEGY SESSION NOW >>

Andrea Unger

Andrea Unger here and I help retail traders to improve their trading, scientifically. I went from being a cog in the machine in a multinational company to the only 4-Time World Trading Champion in a little more than 10 years.

I've been a professional trader since 2001 and in 2008 I became World Champion using just 4 automated trading systems. 

In 2015 I founded Unger Academy, where I teach my method of developing effecting trading strategies: a scientific, replicable and universal method, based on numbers and statistics, not hunches, which led me and my students to become Champions again and again.

Now I'm here to help you learn how to develop your own strategies, autonomously. This channel will help you improve your trading, know the markets better, and apply the scientific method to financial markets.

Becoming a trader is harder than you think, but if you have passion, will, and sufficient capital, you'll learn how to code and develop effective strategies, manage risk, and diversify a portfolio of trading systems to greatly improve your chances of becoming successful.