Source - https://blogs.msdn.microsoft.com/mvpawardprogram/2018/01/09/just-in-time-access-azure-vms/
Azure Security Center is the central security management solution within the Azure landscape. It helps you to prevent, detect and respond to security breaches. There’s also one new little feature that helps to prevent security breaches: Just-in-Time Access for Azure VMs. In fact by using it, I dramatically reduced the attack surface to my Azure environment.
Azure IaaS architectural overview
Lots of Azure environments I have seen so far have one or more RDP jump hosts up and running in an Azure VNet - be it to enable remote access for support partners, or as a fall back level for management access in case the VPN connection is faulty. Those servers should be protected using Network Security Groups (NSG) so access is restricted to only a few IP addresses. NSGs are a set of firewall rules that restrict or allow access to Azure network endpoints, such as VM NICs by opening or closing ports or port ranges for any source IP or a defined set of IP addresses or IP address ranges. It’s sad to say that the restriction to only one or some IP addresses is not always implemented. Nevertheless, a typical Azure IaaS environment looks like this:
1 comments:
You have done good work by publishing this article here. I found this article too much informative, and also it is beneficial to enhance our knowledge. Grateful to you for sharing an article like this. iso certification body in uae
Post a Comment