Why Use a VPS for Security Research

Why Use a VPS for Security Research

The term VPS stands for Virtual Private Server. I.T. Professionals pioneered the use of VPS mostly for running corporate applications. Basically, a VPS requires one server. You install a virtual manager application on this server and begin creating one or more VPS in it. You can create as many VPS servers as you wish, but it all depends on the resources from the physical server.

A good example in the corporate world is when running an application installed in a VPS. You can increase the resources based on the number of users that will be accessing this VPS. For example, if for any reason your number of users increased and the VPS requires more memory, then instead of purchasing physical memory, you just go to the VPS settings and increase the amount of Gb that the VPS requires, without spending a cent. You can also increase the amount of CPU this VPS requires the same way you do with the memory.

As the use of a VPS became more popular, businesses started to emerge and provide what today is known as cloud services. The fact that within one physical server you can manage multiple virtual servers means that businesses can now offer hosting services to companies and individuals who are looking to host applications and services in the cloud.

The most popular service being hosted in the world today are websites.

There are several different applications that can be used to create a VPS, but the one I used during my time as a Manager and still use in my cybersecurity labs is VMware. The beauty of using VMware is that it is scalable! It means that you can increase the resources a particular VPS requires according to your demand for using this VPS as each VPS is assigned a number of CPUs and memory size.

Hosted VPS

There are companies that specialize in hosting servers by providing you a hosted VPS in exchange for a monthly fee. The amount of the fee depends on the number and capacity of the resources that you will require to run in the VPS.

For example, if you need to run a website, you can have it hosted as most people and companies do and pay a fee for the hosting services.

Hosting services

Most hosting companies use three main types of hosting services. One service is known as shared hosting, the second service is known as VPS hosting and the third is known as dedicated hosting.

Shared hosted service

Shared hosted service is the one that I recommend for those of you looking to start a website or to practice around with some content or development. It is good for starting a website because you have no web traffic yet and it can handle monthly pageviews for up to 5k to 10k, depending on how the hosting company configured this service. Also, because this is the cheapest option to start a website.

This is also good for those like me who like to have a website to practice some bug bounty skills or to create some on-demand page to practice social engineering or pentesting methods.

The difference between a shared hosting and a VPS hosting is that with a shared hosting you are literally sharing your resources with other website owners on the same server. On a VPS hosted website your resources are all yours. There are no sharing resources with other VPS owners, even if they are on the same physical server.

On a shared hosted service if suddenly your website has a spike of users accessing your website and because you are sharing your resources with other website owners, the system is designed to give priority of resources to those who need it the most, which in this example is you. By allocating the resources to you the other website owners could notice a slowdown in the speed when accessing their website, in part because of this.

This is why I recommend this option only for temporary or short-term projects, such as carrying out cybersecurity investigations, as I do.

Again, this could only happen when there is traffic already coming to a website, which is why this option of shared hosting is good only when starting a website or for development purposes, but not when you already are generating traffic of over 30k monthly pageviews.

VPS hosted website

After your website starts growing in traffic and your number of monthly pageviews starts to go above 10k, then is time to consider moving to a VPS hosted server. The fact that a VPS server is scalable, means that you can keep upgrading your VPS by allocating more memory or CPU power accordingly. This is something that you can handle via customer service. They can take care of doing the updates for you if you select the managed service. I’ll explain later.

You don’t need to worry about updating your VPS server if you think you can’t do this on your own. This is when you need to consider a managed versus an unmanaged VPS hosting service. A managed service is when the hosting company basically takes care of the server for you. You only take care of your website, and they take care of the server.

An unmanaged VPS server is where you do all the work from updating your server, Operating System updates, backups and your website or any service you are running on your VPS server. You own the root account.

Technically, you can start your brand new website with a hosted VPS server, but you need to consider the cost versus a shared hosted. You never know when your website can pick up the traffic to justify having a VPS hosted server from the very beginning, for which you could be paying more for nothing. That’s why I recommend starting with a shared hosting service.

For a website, a VPS hosted server usually can manage up to 100k monthly pageviews.

Dedicated hosting

This is the most expensive of all three of hosting services and there is a reason for that. It is recommended for those that require a system with a high capacity and a maximum of resources for your hosted services, such as a website with a high traffic. If your website receives a traffic of over 100k monthly pageviews, then it is time to consider moving to a dedicated hosting.

The reason it is dedicated is that there is no virtual environment involved. The dedicated server is a 100% physical server dedicated to you only. Again, you have the option of choosing a managed or an unmanaged service. Of course, if you are hosting a dedicated server, then it makes more sense to pay for a managed service unless you want to physically travel to the site to perform the maintenance the server requires.

The hosting company I prefer and currently use is a2hosting. They offer what they call WordPress optimized system for your website on their packages. Different from other hosting companies, a2hosting offers a semi-customized WordPress application which is optimized with the speed and basic settings your server requires to avoid any speed issues with your website and is included in the shared hosted package. It also means that you don’t have to worry about the installation details of installing WordPress into your server, because with just a couple of clicks you can install your website and have it up and running within minutes!

Summary of hosting services for websites

Type of ServiceRecommended Monthly Pageviews
Shared hosted< or = 10k
VPS hosted10k – 100k
Dedicated hosted> than 100k

by Edgar Vera, MS Cybersecurity

No Comments, Be The First!

Your email address will not be published.