Azure Shots: Just in Time Access
Hackers are always looking for open ports on the Internet such to RDP and SSH into your machines. If you keep your public ports open, you can be the target of attack. Once a virtual machine is hacked on your network, one can use it as an entry point to attack servers and other resources in your environment.
Just in time access to virtual machines reduces the area of the attack surface, opens the port only when necessary, and closes automatically after a specified time.
So how to enable just in time access to virtual machines. Well, here are two ways, you can enable it automatically from a virtual machine or Azure Security Center.
Navigate to this virtual machine and then go to the “Networking” blade. Now, let’s navigate to the “Connect” blade and notice the message that we have here — To improve security enable just-in-time access on this VM. Now, enable JIT VM access.
What it does is that it creates a rule to block the incoming traffic to SSH/RDP port depending on the Virtual Machine. So at this moment if you try to make a connection to the machine it would fail.
So how do we connect to machine. One is from the “Connect” tab, navigate to Connect tab and here you have this button — Request Access. Or it can be done from Azure Security Center, the link to for Azure Security Center is in the “Configuration” tab of the VM blade.
To request access, click this button — Request Access. Here is the interesting bit, you are basically requesting a given port 3389 or 22 to be opened for RDP communication. It even asks for the source IP address, by default it takes the IP address of the machine from where the Azure Portal is opened or you can specify the IP range and the duration for how long you want this port to be open.
In the hindsight, it creates another inbound rule to allow connection to the machine, and after the specified duration the rule gets deleted.
