When running IaaS, exposing management ports such as RDP (port 3389) or SSH (port 22) is not a good idea. Bad actors are constantly scanning public networks in the search for exposed endpoints. If they detect such a port open, they will trigger a brute-force attack in the hope of gaining access to a service. This is usually mitigated by creating a jump box, a VM that enables us to securely connect to it before connecting to other VMs on the network.
Azure Bastion is a service that provides the ability to connect to our VMs using the browser and Azure portal. Similar to a jump box, it provides a secure way to connect to our virtual network. But unlike a jump box (which we need to maintain and update), Azure Bastion is a fully managed service. With Azure Bastion, we are able to securely access VMs over RDP/SSH from the Azure portal over TLS.
No comments:
Post a Comment