Skip to main content
JIT VM Access - One way to reduce VM attack surface area

When a cloud resource is publicly accessible, it means it also ready for attack.

In this post, we will see how JIT helps azure virtual machine with public IP enabled securing briely.

Organizations need a VM with public IP sometimes. In this kind of scenario, we need secure the VM from attacker.

Just-In-Time (JIT) is one of the way to secure the VM in following ways.

  • It can block RDP (3389) and SSH (22) ports.
  • It allows to set specific port can be opened for a specific time for specific IP ranges.
  • It can work with VMs only have private IP as well.
  • Azure Bastion can be used to block traffic for a private IP VM until JIT access is enabled.

To enable JIT VM access, Go to configuration and enable it.

Comments

Post a Comment

Popular posts from this blog

Glimpse - Key Vault Vs App Configuration for App service In this post, we are jsut going to see glimpse of comparison between Keyvaukt and App Configuration for App services references. Why we are comparing these two? Recently App Configuration references on App Service become Generally Available and it can complements Keyvault. Let us consider a scenario that we need to have client-id and secret which will be used in an API call for authentication from Azure function app/ App service / Logic App standard, in a secure place. So, Here we come to know 2 azure native services are as follows Azure Keyvault Azure App Configuration Azure people(we) typically use keyvault to handle secrets in secure way whereas App Configuration also complements Azure Keyvault then which is better or in which scenario we can pick either of the one. According to me, We can go for keyvault when we need to handle secrets environment specific. Here, enviro...
Post a Comment
Read more
Glimpse - Azure function migration from .net6 in-process to .net8 isolated Microsoft/Azure periodically announces the end of support for some services and ask us to migrate to a new version/release when they come up with a robust solution than the deprecated. In this post we are going to see a glimpse/UI configuration change of azure function 𝗺𝗶𝗴𝗿𝗮𝘁𝗶𝗼𝗻 𝗳𝗿𝗼𝗺 .𝗻𝗲𝘁𝟲 𝗶𝗻-𝗽𝗿𝗼𝗰𝗲𝘀𝘀 𝗺𝗼𝗱𝗲𝗹 𝘁𝗼 .𝗻𝗲𝘁𝟴 𝗶𝘀𝗼𝗹𝗮𝘁𝗲𝗱. Here, I'm not going to deep dive about the migration whereas going to see the illustration of changing .net version from UI. For learning, GUI is the best place to start. So, as a dev guy we would prefer azure portal mostly. Consider a scenario that, you're requested to migrate your existing .net6 function app to be migrated .net8 isolated, you would go to settings panel and try to change the version in configuration, but the option would be disabled, it was disabled for me initially. Shocking and Afraid! After some point of ...
Post a Comment
Read more
𝗚𝗹𝗶𝗺𝗽𝘀𝗲 - 𝗔𝘇𝘂𝗿𝗲 𝗱𝗶𝘀𝗸 𝘂𝘀𝗲 𝗰𝗮𝘀𝗲𝘀 Hi Present days, Container based services/applications are growing than applications running from virtual machines. Even though container services evolving IT apps landscape, we could not boycott VM usage. Azure VM also requires and plays vital role for some scenarios. In this post, we are going to see just glimpse of azure disks of VM. This post is not about standard vs premium disk use case FYI. Azure VM can run with OS disk but it is not good practice. There are three types of disks. OS disk Data disk Ephemeral disk We need to know when to use what then only we can avoid performance bottleneck. 𝗗𝗮𝘁𝗮 𝗗𝗶𝘀𝗸 - If we install applications as well in OS disk, we could face performance issue. It is best to use OS disk to have OS infos and booting. The benefilt of Data disk is Easy maintanence Backup and disaster recovery Performance isolation (as it is far from OS acti...
Post a Comment
Read more