Monday, April 9, 2018

Harden Your Azure Infrastructure Using Azure Security Center Just-In-Time VM Access

Source - https://blogs.msdn.microsoft.com/mvpawardprogram/2018/01/09/just-in-time-access-azure-vms/


Azure Security Center is the central security management solution within the Azure landscape. It helps you to prevent, detect and respond to security breaches. There’s also one new little feature that helps to prevent security breaches: Just-in-Time Access for Azure VMs. In fact by using it, I dramatically reduced the attack surface to my Azure environment.

Azure IaaS architectural overview

Lots of Azure environments I have seen so far have one or more RDP jump hosts up and running in an Azure VNet - be it to enable remote access for support partners, or as a fall back level for management access in case the VPN connection is faulty. Those servers should be protected using Network Security Groups (NSG) so access is restricted to only a few IP addresses. NSGs are a set of firewall rules that restrict or allow access to Azure network endpoints, such as VM NICs by opening or closing ports or port ranges for any source IP or a defined set of IP addresses or IP address ranges. It’s sad to say that the restriction to only one or some IP addresses is not always implemented.  Nevertheless, a typical Azure IaaS environment looks like this:

Read more at Source - https://blogs.msdn.microsoft.com/mvpawardprogram/2018/01/09/just-in-time-access-azure-vms/



0 comments:

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More