CloudatCost OpenDNS Issue

thanksajdotcom

It's a DC. It's my failover. What do I need to change?

scottalanmiller

@thanksajdotcom said:

It's a DC. It's my failover. What do I need to change?

OH! He publicly exposed a Domain Controller!!!

You have it wide open, like it is sitting on a LAN. You have DNS, DHCP, AD, etc. open to the world because your "LAN" is the Internet!!

A Former User

@thanksajdotcom said:

It's a DC. It's my failover. What do I need to change?

Change the Zone's the ports are allowed on. Only allow it on the VPN Zone. Aka Not Public.

thanksajdotcom

Just lock down DNS to internal only or what?

A Former User

I would never trust that DC again. Time to rebuild.

thanksajdotcom

@Aaron-Studer said:

I would never trust that DC again. Time to rebuild.

It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.

thanksajdotcom

@thecreativeone91 said:

@thanksajdotcom said:

It's a DC. It's my failover. What do I need to change?

Change the Zone's the ports are allowed on. Only allow it on the VPN Zone. Aka Not Public.

Ok, so in Windows Firewall?

scottalanmiller

@thanksajdotcom said:

@Aaron-Studer said:

I would never trust that DC again. Time to rebuild.

It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.

It's not like he'll have it for long anyway. He doesn't have a datacenter license for every CPU in the cloud so he can't run anything but a demo license that expires in 90 days there.

A Former User

At least you don't have any open SMB shares.

A Former User

@thecreativeone91 How do you know this? I bet he did it is a domain controller after all.

scottalanmiller

@Aaron-Studer said:

@thecreativeone91 How do you know this?

You can just attempt to connect

A Former User

I am using AJ as my DNS server now! THANKSAJ! =P

A Former User

@scottalanmiller said:

@thanksajdotcom said:

@Aaron-Studer said:

I would never trust that DC again. Time to rebuild.

It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.

It's not like he'll have it for long anyway. He doesn't have a datacenter license for every CPU in the cloud so he can't run anything but a demo license that expires in 90 days there.

Why don't you just run the Standard version. Granted Cloud@Cloud not having a infrastructure based firewall option is not really the place for something like a DC.

A Former User

DNS is working great for me.

A Former User

@thecreativeone91 Me too. Super Fast! So much better then OpenDNS!

A Former User

Your firewall should be blocking everything on your public connection except RDP.

scottalanmiller

@thecreativeone91 said:

Why don't you just run the Standard version. Granted Cloud@Cloud not having a infrastructure based firewall option is not really the place for something like a DC.

Standard isn't valid on a cloud. Because the VM moves around regularly and he can't lock it down, standard is not an option. Only DC is a valid option and only if he maintains a license for every CPU in the cloud. It's hundreds of millions of dollars to license Windows this way. While technical feasible, you can't actually run Windows on a cloud using your own licenses. You can in certain non-cloud VPS types, but not in this cloud-based VPS type. MS has special licenses that come from the provider to make this possible so that Amazon, for example, can offer it.

A Former User

@scottalanmiller said:

Standard isn't valid on a cloud. Because the VM moves around regularly and he can't lock it down, standard is not an option. Only DC is a valid option and only if he maintains a license for every CPU in the cloud. It's hundreds of millions of dollars to license Windows this way. While technical feasible, you can't actually run Windows on a cloud using your own licenses. You can in certain non-cloud VPS types, but not in this cloud-based VPS type. MS has special licenses that come from the provider to make this possible so that Amazon, for example, can offer it.

Vultr offers Windows 2012 R2 for just $15 a month.

scottalanmiller

@Aaron-Studer said:

Vultr offers Windows 2012 R2 for just $15 a month.

Yes, everyone offers Windows except CloudatCost. They do "bring your own licensing" and leave it up to you to figure out that Microsoft doesn't offer any licenses that fit that scenario.

A Former User

@scottalanmiller said:

@thecreativeone91 said:

Why don't you just run the Standard version. Granted Cloud@Cloud not having a infrastructure based firewall option is not really the place for something like a DC.

Standard isn't valid on a cloud. Because the VM moves around regularly and he can't lock it down, standard is not an option. Only DC is a valid option and only if he maintains a license for every CPU in the cloud. It's hundreds of millions of dollars to license Windows this way. While technical feasible, you can't actually run Windows on a cloud using your own licenses. You can in certain non-cloud VPS types, but not in this cloud-based VPS type. MS has special licenses that come from the provider to make this possible so that Amazon, for example, can offer it.

Yeah But isn't Cloud@Cloud Technically a VPS that doesn't move around unless re-imaged. Odd thing is you can apply for license mobility to run every MS Server application in the cloud using SA. But you can't with windows server itself.