![]() This is from another unrelated experiment within the same subscription. I provide an address space of 10.1.0.0/16 for a sufficient range of IP addresses: Give it a nice name and resource group:Ī virtual network spans a certain range of (private) IP addresses. We start with setting up a virtual network in Azure. your security officer, company policies, penetration testers, or your mom □ Set up a VNET Note: although the solution is known to be secure, please check everything with e.g. This results in a VM that is only accessible for those having access to the Azure subscription: Later on, we look at securing connections to the next device. Let’s set up a jump box in Azure in a number of blog posts. Azure Bastion only works while using the Azure portal. Using Azure Bastion, only people having access to the Azure portal can make use of that service to access other specific Azure resources (living in the same virtual network, on one or more subnets). Last year, I wrote this blog post about Azure Bastion already because it is a service that we can use for exactly this: The jump box should be made accessible using other credentials apart from the other connection.Įven better, if these credentials are put in AAD so the login credentials are related to the user logging in, access can be revoked once people are not part of that trusted group of users anymore (e.g. The trick with a jump box is to work with multiple layers of security.įirst, you have to log in to one device. ![]() ![]() Still, credentials once remembered by a user, are hard to forget. Think about an RDP session or using an SSH connection. Yes, you can probably access devices in some sort of secure way already using device-specific credentials. This is a device in your network that supports access to other devices in a secure way. When you work with Azure and Azure IoT, at some point you have to think about a jump box (aka jump server).
0 Comments
Leave a Reply. |