BlueKeep and DejaBlue shined a spotlight on this issue because cloud-based VMs are the most convenient targets for these exploits. And the number of VMs in the cloud is exploding.
But how should administrators access those VMs without creating major risks? The course of least resistance is to just put those VMs out there and enable SSH/RDP access from the Internet. But that is dangerous.
The “blue” exploits are a great proof of that claim. BlueKeep and DejaBlue permit attackers to break into systems via RDP and gain root level access without any credentials. And two-factor authentication is no protection. With “blue”attacks the game is over before RDP even thinks about checking your password let alone 2FA.
Now of course you can patch (hopefully already) against those attacks but they prove that remote administration protocols are not appropriate for direct exposure to the Internet. And researchers agree there will be more such exploits. Moreover, patches don’t exist when you are targeted with a zero-day attack.
In this webinar, we will look at several different ways to more safely provide admins with SSH/RDP access to VMs in the cloud. Here are a few of the techniques we’ll consider:
- Dedicated connections like Express Route in Azure
- Site-to-Site VPNs
- Remote access VPNs hosted in the cloud
- IP Security Policies
- Source network restrictions
- Terminal Services Gateway
- Privileged Session Management solutions designed for the cloud
Some of these techniques are circuitous and rely on your existing, on-prem remote admin access infrastructure. The techniques are more or less stronger in relation to each other and have different prerequisites. We will compare and contrast them all.