How to reduce Bruce Force attacks in Azure VMs

Posted by

Commonly brute force attacks target management ports like 22, 3389… as a means to gain access to Compute VMs, meaning that an attacker can take control of the VM and establish a foothold into your environment.

In order to prevent those attacks, we can configure what is called Just In Time in our VM’s.

JIT is a mechanism that allows to open ports only for a couple of hours, so ports do not need to be open at all times. JIT policies allows to determine which ports has to be protected, how long ports remain open, and approved IP addresses from where thes ports can be accessed.

Also, all the requests are logged into Azure Activity Logs, so is it possible to easily monitor and audit access.

The only thing that you will need to do is to configure the JIT in the VM easily:

JIT.png

Once configured, you can configure all the policies from Azure Security Center

JIT2.png

Just-in-Time VM Access reduces your surface area exposed to RDP/SSH brute-force attack. This feature is available in the standard pricing tier of Azure Security Center, and you can try Security Center for free for the first 60 days. Go and try it out!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s