Shulou(Shulou.com)06/02 Report--

1. Learn about JIT

Azure Security Center provides an advanced cloud security defense solution-real-time (JIT) VM access. Real-time (JIT) virtual machine access can be used to lock inbound traffic destined for Azure VM, reduce the possibility of being subjected to * *, and easily connect to the VM when needed. Real-time VM access can lock down VM at the network level by blocking inbound traffic to specific ports. With this feature, you can control access to VM and reduce access to it by allowing access based only on specific needs. Brute force * * usually uses * * management port as a means to obtain access to VM. If successful, the person can gain control of VM and establish a stronghold to your environment. One way to reduce the likelihood of being subjected to violence is to limit the amount of time a port can be open. The management port does not need to be open all the time. They only need to be turned on at specific times, such as when you connect to VM to perform administrative or maintenance tasks. If the real-time feature is enabled, the Security Center uses Network Security Group (NSG) rules that restrict access to the management port so that it does not become a target.

So how does JIT access work? Enable JIT, and the Security Center locks inbound traffic to Azure VM by creating NSG rules. You can select the port on the VM on which you want to lock inbound traffic. These ports are controlled by real-time solutions. When a user requests access to the VM, the Security Center checks whether the user has role-based access control (RBAC) permissions that allow them to successfully request access to the VM. If the request is approved, the Security Center automatically configures the Network Security Group (NSG) to allow the selected port and the requested source IP address or range of inbound traffic to reach the specified time. After the time has elapsed, the Security Center restores the NSG to its previous state. However, those connections that have been established will not be interrupted.

two。 Enable JIT for Azure VM

So let's take a look at how to turn on JIT for VM.

1) in the Azure portal, select Virtual Machine.

2) Click the virtual machine for which you want to impose real-time access restrictions.

3) in the menu, click configure.

4) under Real time access, click enable Real time Policy.

The figure below is as follows

After enabling real-time access, you can click Open Azure Security Center to further edit or disable the policy.

Select a virtual machine to set the request for access

In the request access window, select the port to open, click Open, IP range, fill in the IP range, and then click to open the window.

In the Azure portal, when you try to connect to a VM, Azure checks to see if a real-time access policy is configured on that VM. If the JIT policy is configured on VM, you can click request access to access based on the JIT policy set of VM.

Azure will check the access policy, and if you allow access, you will receive a prompt from figure 1 below, and then you can continue with subsequent connection access.

3. Audit JIT access activity

You can use log search to learn more about VM activities. To view the log:

1) under Real-time VM access, select the configured tab.

2) under "VM", select the VM whose information you want to view by clicking the three points in the row corresponding to VM. This will open a menu.

3) choose activity Log from the menu. This opens the activity Log.

The activity Log provides a filtered view of the previous actions of the VM, as well as the time, date, and subscription. You can download log information by selecting Click here to download all items as CSV. Modify the filter and select apply to create the search and log.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.