BlueKeep and DejaBlue shined a spotlight on this issue because cloud-based VMs are the most convenient targets for these exploits. And the number of VMs in the cloud is exploding.
But how should administrators access those VMs without creating major risks? The course of least resistance is to just put those VMs out there and enable SSH/RDP access from the Internet. But that is dangerous.
The “blue” exploits are a great proof of that claim. BlueKeep and DejaBlue permit attackers to break into systems via RDP and gain root level access without any credentials. And two-factor authentication is no protection. With “blue”attacks the game is over before RDP even thinks about checking your password let alone 2FA.
Now of course you can patch (hopefully already) against those attacks but they prove that remote administration protocols are not appropriate for direct exposure to the Internet. And researchers agree there will be more such exploits. Moreover, patches don’t exist when you are targeted with a zero-day attack.
In this webinar, we will look at several different ways to more safely provide admins with SSH/RDP access to VMs in the cloud. Here are a few of the techniques we’ll consider:
Some of these techniques are circuitous and rely on your existing, on-prem remote admin access infrastructure. The techniques are more or less stronger in relation to each other and have different prerequisites. We will compare and contrast them all.
Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.