Just In Time Access In Azure Security Center

Azure has recently enabled this feature. what is it?

Attackers are usually targeting some management ports like, 22, 3389 and they have a change to access your environment if your Azure VM has a public IP address and all management ports are open every time. Put it this way, you have a VM and port 3389 is open all the time. Do you need it all the time? Of course not. So, this is your solution. You can lock down the ports with Just in time access and if you need to use them, Azure Security Center will enable it with a short term like an hour.

just-in-time-scenario.png

Upon user request, based on RBAC, Security Center create will grant access. When your request is approved, Security Center will create new NSG rules to allow inbound traffic to the management ports for the amount of time you specified in the settings.

In order to have this feature, you must use Security Center in Azure and you need a Standard Tier license.  As you can see below screenshot, you need to enable JIT Network Access that requires Standard tier license.

Capture

Enabling Just in Time is also really easy. Go to Security Center and if you have Standard tier license, you can see that it appears in the dashboard.

just-in-time

Below shows that it protects 5 VMs right now and you can want to add one more server to the list, go to Recommended TAB and select your server and enable JIT Network

Capture

Once it is enabled for this VM, you can configure ports and time range that will be open

Capture

Time range is 3 hours by default but you can change it. Now we have configured Just in time access and lock down the ports. Let’s look at the requesting access to a VM

In the Just in time VM Access blade, Select the Configured tab and select the VM you want to enable access and select request access button.

Capture

On the request access blade, we can configure for each Vm the ports to open along with tje source IP that the port is opened and time window.

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: