Protecting a BAF file

[ShaunWhite]

Are you saying the BA VPS cannot be hacked
Or 'Yes' it can be 'hacked' but don't worry about it ?

Anything can be hacked, why are you specifically concerned about that device in particular?

[Bobajob]

Are you saying the BA VPS cannot be hacked
Or 'Yes' it can be 'hacked' but don't worry about it ?

Anything can be hacked, why are you specifically concerned about that device in particular?

That's where the BAF files are and not protected.
That's why I don't use the BA VPS

[Derek27]

Are you saying the BA VPS cannot be hacked
Or 'Yes' it can be 'hacked' but don't worry about it ?

Anything can be hacked, why are you specifically concerned about that device in particular?

Not speaking for Bobajob but the only reason I can think of why anyone would have specific concern about VPS security is the staff at the data centre have access to your machine. I used to have that concern with cloud storage but most data centres probably don't permit access to personal data and you get zero-knowledge encryption as well.

[Derek27]

Are you saying the BA VPS cannot be hacked
Or 'Yes' it can be 'hacked' but don't worry about it ?

Anything can be hacked, why are you specifically concerned about that device in particular?

That's where the BAF files are and not protected.
That's why I don't use the BA VPS

How can your files be protected on your home desktop PC in a way that can't be protected on a VPS?

[sniffer66]

Anything can be hacked, why are you specifically concerned about that device in particular?

That's where the BAF files are and not protected.
That's why I don't use the BA VPS

How can your files be protected on your home desktop PC in a way that can't be protected on a VPS?

Sandbox it so it isn't connected to the Internet

[Michael5482]

Does anyone know if there's anyway you can add 2 step authentication to a VPS login and/or have something where only one log in at anyone time so if your logged in it's impossible for another person to log in.

I'll probably have a look next week but they would seem like logical security steps (to me anyway).

[Euler]

BA VPS's are more secure than off the shelf solutions which are just vanilla options with no enhancements. We install additional tools to make it less hackable by default. Most standard solutions just give you a base layer and nothing else, it's up to you from there.

If you have knowledge of server security then you can enhance security on a vanilla VPS as well, but most providers just give you a base VPS and that's it.

Once we hand over a VPS if you change the password, which we suggest, there is no way for us to access it. Plus we also give you instructions if you want to make it really difficult to access.

I would have thought that a standard VPS is a higher risk. But ultimately anything can be hacked and the weak link is often the holder of the password and access to an item, whether it be a computer, vault, database or VPS.

[Bobajob]

BA VPS's are more secure than off the shelf solutions which are just vanilla options with no enhancements. We install additional tools to make it less hackable by default. Most standard solutions just give you a base layer and nothing else, it's up to you from there.

If you have knowledge of server security then you can enhance security on a vanilla VPS as well, but most providers just give you a base VPS and that's it.

Once we hand over a VPS if you change the password, which we suggest, there is no way for us to access it. Plus we also give you instructions if you want to make it really difficult to access.

I would have thought that a standard VPS is a higher risk. But ultimately anything can be hacked and the weak link is often the holder of the password and access to an item, whether it be a computer, vault, database or VPS.

Thanks for that reassuring info Peter.

[foxwood]

Not speaking for Bobajob but the only reason I can think of why anyone would have specific concern about VPS security is the staff at the data centre have access to your machine. I used to have that concern with cloud storage but most data centres probably don't permit access to personal data and you get zero-knowledge encryption as well.

If it's Windows (which is needed for BA) you just need to change the Administrator user name to some complex password-like name - stops staff access and remote login attempts also are fooled since they have no idea of a login name. Also disable guest and any other users. That and changing the RDP port number reduces the hack attempts.

Amazon have a configurable firewall so you only open the ports needed.

The real blocker is to have a static IP or range that you use as the only allowed connections. Just have to be careful in setting it up that you don't lock yourself out before it's all configured properly. Non-trivial.

[ShaunWhite]

Does anyone know if there's anyway you can add 2 step authentication to a VPS login and/or have something where only one log in at anyone time so if your logged in it's impossible for another person to log in.

I'll probably have a look next week but they would seem like logical security steps (to me anyway).

It depends on the operating system you choose to run on your VPS. I run Windows Server 2016 Datacenter Edition.

The Pros:
It's oriented towards business so it's bristling with security options incl the sort of thing you mention. It's fast because it isn't full of 'user experience' bs, and you can also choose if/when you want Windows updates so that you aren't forced into that operational risk. It's the right tool for the job imo. I've never even had a sniff of an attack and it's been running 247365 for years.

The Cons:
With my provider you can choose Linux or one of 3 flavours of Windows Server for your server, regular Windows isn't an option. So it probably wouldn't be the choice for someone without experience although info isn't hard to find. When you fire up a server instance you're faced with just a clean OS install unless you create it from an image, so you have to do all the security and setup yourself.


Anyone wanting a straight forward click and go solution should definately go with the BA VPS. As Peter explained above he'll go to great lengths to make sure it's as secure as he can make it, and then lock the door behind him when it's done. My choice was more to do with the software I use not any misgivings about the BA server, so don't take any of the above as being negative about it. It's just horses for courses.

[ShaunWhite]

Just have to be careful in setting it up that you don't lock yourself out before it's all configured properly. Non-trivial.

My setup checklist has it in big red letters.... "Check I can get in on the new Admin account before disabling the default Admin account !!"

I am NOT doing that again.

[Euler]

Most of the harshest security options will completely lock you out of the server. I learnt that when configuring port forwarding for the first time, the firewall for the first time and many other blinding cock ups.

[Derek27]

I've had a lot of brushes with death, computer wise, the last of which is well documented on the rant corner. But somehow, I always managed to pull myself out of the shit. Better not push my luck.

[Bobajob]

I've had a lot of brushes with death, computer wise, the last of which is well documented on the rant corner. But somehow, I always managed to pull myself out of the shit. Better not push my luck.

A few months ago I decided to install a bigger SSD in my PC.
After installing the new drive I used Casper 10 software to clone my old hard drive onto the new one.
Everything went fine.
After a few days of everything working ok I decided to reformat the old drive and use it as a "spare" drive.
Then switched the PC off and rebooted only to get the 'Black screen of death".
Took me a week of no PC and using an old laptop to sort it out.

[Bobajob]

Most of the harshest security options will completely lock you out of the server. I learnt that when configuring port forwarding for the first time, the firewall for the first time and many other blinding cock ups.

All comments from everyone very positive.
Now sure I will use BA VPS at some point without any worries about being 'hacked'
Thanks guys