BlueKeep and DejaBlue shined a spotlight on this issue because cloud-based VMs are the most convenient targets for these exploits. And the number of VMs in the cloud is exploding.
But how should administrators access those VMs without creating major risks? The course of least resistance is to just put those VMs out there and enable SSH/RDP access from the Internet. But that is dangerous.
The “blue” exploits are a great proof of that claim. BlueKeep and DejaBlue permit attackers to break into systems via RDP and gain root level access without any credentials. And two-factor authentication is no protection. With “blue”attacks the game is over before RDP even thinks about checking your password let alone 2FA.
Now of course you can patch (hopefully already) against those attacks but they prove that remote administration protocols are not appropriate for direct exposure to the Internet. And researchers agree there will be more such exploits. Moreover, patches don’t exist when you are targeted with a zero-day attack.
In this webinar, we will look at several different ways to more safely provide admins with SSH/RDP access to VMs in the cloud. Here are a few of the techniques we’ll consider:
- Dedicated connections like Express Route in Azure
- Site-to-Site VPNs
- Remote access VPNs hosted in the cloud
- IP Security Policies
- Source network restrictions
- Terminal Services Gateway
- Privileged Session Management solutions designed for the cloud
Some of these techniques are circuitous and rely on your existing, on-prem remote admin access infrastructure. The techniques are more or less stronger in relation to each other and have different prerequisites. We will compare and contrast them all.
Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.
Randy Franklin Smith began his career in information technology in the 1980s developing software for a variety of companies. During the early 1990s, he led a business process re-engineering effort for a multi-national organization and designed several mission critical, object-oriented, client/server systems. As the Internet and Windows NT took off, Randy focused on security and led his employer's information security planning team. In 1997, he formed Monterey Technology Group, Inc. where he serves as President.
- Certified Information Systems Auditor (CISA)
- Microsoft Security Most Valuable Professional (MVP)
- Systems Security Certified Professional (SSCP)
- Information Systems Security Association (ISSA)
- Information Systems Audit and Control Association (ISACA)
- Center for Internet Security (CIS)