Loading…

READY TO ROCK?

Quick Tip: Just In Time access to Azure VM

You can not always prevent Public IP addresses on Virtual Machines. Brute force attacks commonly target management ports 22 for SSH and 3389 for RDP as a means to gain access to virtual Machines. Attackers keep scanning Public Ip addresses and open ports to attack vulnerabilities to gain access. If the virtual machine is not fully patched or if it has a weak or predictable password the attack will be easily successful in a few attempts. If successful, an attacker can take control over the Virtual Machine and establish a presence into your environment. If you have a Managed Identity for the Virtual Machine, the attacker will get access to other resources without any issues.

JIT access to a virtual machine enables us to further secure Azure VMs and enable on-demand access to the machines.

What is JIT access?
Azure Security Center provides several threat prevention mechanisms to help reduce attack surface areas on a Virtual Machine. One of those mechanisms is Just-in-Time (JIT) Access. Management ports do not need to be open at all times. They only need to be open while you are connected to the VM, for example to perform management or maintenance tasks. When you enable JIT for your VMs, you can create a policy that determines the ports to be protected, how long ports remain open, and approved IP addresses from where these ports can be accessed. The policy helps you stay in control of what users can do when they request access. Requests are logged in the Azure Activity Log, so you can easily monitor and audit access.

For more details refer the following link. There is a small video you might want to look at
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-asc