Why developers should enable Azure Security Center’s Just-in-Time VM Access
We are seeing more developers building and running their applications in the public cloud. In fact, companies are using multiple public clouds to run their applications. Our customers tell us that they choose to build applications in Azure because it’s easy to get started and that they have peace of mind knowing the services that their applications rely on will be available, reliable, and secure. Today, we are going to discuss how Azure Security Center’s Just-in-Time VM Access can help you secure virtual machines that are running your applications and code.
Successful attacks on your virtual machines can create serious challenges for development. If a server is compromised, your source code could potentially be exposed, along with the proprietary algorithms or internal knowledge about the application. The pace of development can slow down because your team is focused on recovering from the attack instead of writing and reviewing code. Most importantly, an attack can affect your customers’ abilities to access your applications, impacting your brand and your business. Just-in-Time VM Access can help you reduce your exposure to attacks by limiting the amount of time management ports are open on the virtual machines running your code.
Just-in-Time VM Access can be found under Security Center’s advanced cloud defense features.
When you click on Just-in-Time VM Access, Security Center will automatically discover which virtual machines have Just-in-Time VM Access enabled. By default, it’s going to recommend that you block access to management ports, as those are most commonly attacked, but you can specify access to any port that you want to grant access to, the protocol for connecting, where you can connect from, and for how long.
To request access to a port on a virtual machine that has Just-in-Time VM Access enabled, you can visit the Configured tab of Just-in-Time VM Access or execute a PowerShell cmdlet. You can set permissions for certain users in your organization to only be able to do certain tasks. Even once access has been requested and granted, you can limit the amount of time this user can spend with the virtual machine.
Based on the rules set, you specify what port you need to access, where the request is going to come from, and the time range. The request cannot exceed the maximum time set. If the request complies with the rules set, you receive access to the virtual machine. Just-in-Time VM Access keeps the ports on VMs open for the bare minimum of time needed to complete a task and then it’s automatically closed, drastically reducing your available surface area for attack.
1Rightscale: Cloud Computing Trends 2017