Skip to main content
JIT VM Access - One way to reduce VM attack surface area

When a cloud resource is publicly accessible, it means it also ready for attack.

In this post, we will see how JIT helps azure virtual machine with public IP enabled securing briely.

Organizations need a VM with public IP sometimes. In this kind of scenario, we need secure the VM from attacker.

Just-In-Time (JIT) is one of the way to secure the VM in following ways.

  • It can block RDP (3389) and SSH (22) ports.
  • It allows to set specific port can be opened for a specific time for specific IP ranges.
  • It can work with VMs only have private IP as well.
  • Azure Bastion can be used to block traffic for a private IP VM until JIT access is enabled.

To enable JIT VM access, Go to configuration and enable it.

Comments

Post a Comment

Popular posts from this blog

Azure Static Web Apps - Plan Comparison #cloud #azure Hi All! Azure Static web app is a good service when we have static web apps like javacript frameworks and libraries applictions (Ex: Angular, React, Svelte, Vue, Blazor). It also supports Python 3.10 based static web app as well as per the latest azure news. Other advantage of it is coupled with your Azure AD. so that your code can be directly pushed to azure static web app via either Azure DevOps or Github whenever code push occurs. At the time of azure static web app creation, it asks for deployment source as any one of the below. Based on the selection, it allows you to select the organization, project and repositories from the source. Azure DevOps - Azure AD connected Devops organizations will be listed out Github Other - For ex: If you want to deploy code from other organization. Below table will be helpful to choose the best pricing plan for your workload. Plan/Feature Free Standard ...
1 comment
Read more
Azure - Change custom lookback period for Azure Advisor VM/VMSS right-sizing recommendations #cloud #azure Hi All! Azure Advisor advises/recommeds us to optimize our cloud resources in various places like scaling, security, sizing, performace, cost etc., Now azure releases a new feature that changing lookback period for azure VM/VMSS to get right sizing. Let's consider a scenario that a company is running business and it has some workloads in either azure VM or VMSS. Some of the times VM's usage like CPU or memory is high. Due to this, application performace may be slower adnd user feels some bad experience. Company asks its azure admin to investigate it and when he/she viewd at azure advisor first, it recommends some solution based on last 7 days usage of VM. Here, Company needs the VM usage details biweekly or in someother pattern, not with the default 7 days. Here the new custom lookback period helps to achieve what the company wants. By this featur...
Post a Comment
Read more
Glimpse - Azure function migration from .net6 in-process to .net8 isolated Microsoft/Azure periodically announces the end of support for some services and ask us to migrate to a new version/release when they come up with a robust solution than the deprecated. In this post we are going to see a glimpse/UI configuration change of azure function 𝗺𝗶𝗴𝗿𝗮𝘁𝗶𝗼𝗻 𝗳𝗿𝗼𝗺 .𝗻𝗲𝘁𝟲 𝗶𝗻-𝗽𝗿𝗼𝗰𝗲𝘀𝘀 𝗺𝗼𝗱𝗲𝗹 𝘁𝗼 .𝗻𝗲𝘁𝟴 𝗶𝘀𝗼𝗹𝗮𝘁𝗲𝗱. Here, I'm not going to deep dive about the migration whereas going to see the illustration of changing .net version from UI. For learning, GUI is the best place to start. So, as a dev guy we would prefer azure portal mostly. Consider a scenario that, you're requested to migrate your existing .net6 function app to be migrated .net8 isolated, you would go to settings panel and try to change the version in configuration, but the option would be disabled, it was disabled for me initially. Shocking and Afraid! After some point of ...
Post a Comment
Read more