Reduce your exposure to attacks using JIT Access in Azure
Cyber security, now a days is a major challenge for Enterprises and Corporates where they are running mission critical workloads and are exposed to ever grown new hacks. Knowing the fact that back-up, disaster recover and other preventive measures are mostly sufficient to make any environment capable to deal with major disaster and attack.
In our scenario we are talking about Cloud specifically Microsoft Azure which comes with power of managed security offerings. When we talk about security, there are two modes we usually discuss. Preventive security & Detective security in other words it could be pro-active and reactive. If we consider an example of an attack. Measures we take before that attack happens to stop that particular attack would be called “Pro-Active” security to ensure that very thread is managed accordingly. This article would talk about pro-active security offering i.e. JIT Access which comes as part of Microsoft Azure VMs now.
Microsoft Azure offers managed security services which includes Azure Security Center, Log Analytics offerings, Azure WAF & many others. Out of Azure Security Center, there was a feature know as “Just In Time Access” which is also known as JIT Access. If we go deep into what this offering actually is,
Just in time virtual machine (VM) access is used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

While now we get to know what actually JIT Access is meant for, now lets dig in how it work and what’s new in it. JIT Access works in a way that we normally are exposed to threats via ports. If we have a look at ports which are usually exposed to threats are SSH,RDP and others and the reason is that owners, administrators and development teams need to access the environment. Microsoft has a concept of RBAC (Role Based Access Control) which ensures that Azure users are working as per provided and required access. But how does it related to JIT Access and Ports? Well JIT Access allows your users to request access on ports for your decided time. E.g. If you have limited access to 3 hours, particular user would request access using his/her associated account which has a role assigned. If that role is allowed to write on VM then he/she would be able to open the access to IP currently in his/her use. But once 3 hours or the time that you have mentioned under configurations expires change to NSG (Network Security Group which manages all network rules) would happen and will remove very IP from NSG and revoke access to the VM. Like this you need not to open ports every time and then remove access whereas this automation would help your users access the environment for desired time of work whereas it’s never exposed to anyone else nor it has any manual effort involved.
So while it was already there under Azure Security Center, what new has happened? Previously JIT Access was managed via Azure Security Center.

But to make it more useable and to provide users better experience. It is now available under each VM’s blade under configurations. So now for each VM you can apply JIT Access from right there.

While setting Just-in-Time VM Access is already available as a feature in Azure Security Center, this feature added it to the virtual machine experience is to make it easier for you to protect your management ports from attacks while you are configuring other settings in the virtual machine blade.

So next time you have a challenge of providing access to your users and revoking it every time. You now have better accessible feature under your VM blade to help you and to reduce the chances of cyber attacks via open ports. This is one of the preventive measure that can prevent you from getting your environment compromised.

