We have dedicated internet connection an our ISP has provided us with some real IP addresses.
We have several servers which we use, including a one that has a real IP on it as they enter to the server remotely from outside office and work.
Many people have suggested me that this is a bad idea as the server might be attacked and compromised given its public exposure via the real IP.
However, it is true that the IP is exposed, and maximum an attacker can do is reach the login screen and get stuck there as he does not have the password.
- What other things can go wrong while having a real IP on the server (Microsoft Server 2012)? and why usually it is a bad idea, (if it is at all)
- What are methods that I can use to enhance the security of the IP? (as low cost as possible)
You can try to "hide" your server under a firewall. That's the best solution, putting it into a DMZ, in a different LAN of your other devices.
Also, you can configure port forwarding, in a cheap router, so an attacker need to know, furthermore, your established port (60k possibilities).
In addition, you should configure methods to block DDoS and Force brute attacks (IP block?) to ensure your High Availability.
By last, check your Windows Event Viewer, to monitor all login atempts.
PD: One thing to keep in mind, it is not said "real" IP, but Public IP.
Regards.
For a small company that is looking to have a server publicly accessible, it is often not easy to make sure that it is entirely safe.
Your first order of business is probably to make sure that if the server is compromised, you limit the amount of risk.
As for hardening the server yourself. If you're a small company with budget constraints, there is a windows wizard available for basic hardening.
The Security Configuration Wizard will do some basic hardening on your server.
Keep in mind though, it is an automated process, so make sure you backup before implementing it, and test thoroughly afterwards.