Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • How to Secure Privileged Session Access to Cloud-based VMs; Hint: Don’t Expose SSH/RDP to the Internet current page
Link copied

How to Secure Privileged Session Access to Cloud-based VMs; Hint: Don’t Expose SSH/RDP to the Internet

Resource default
How to Secure Privileged Session Access to Cloud-based VMs; Hint: Don’t Expose SSH/RDP to the Internet

Get Instant Access to this Content

Learn more about how to secure your business from threats in places you didn't even know existed.

BlueKeep and DejaBlue shined a spotlight on this issue because cloud-based VMs are the most convenient targets for these exploits. And the number of VMs in the cloud is exploding.

But how should administrators access those VMs without creating major risks? The course of least resistance is to just put those VMs out there and enable SSH/RDP access from the Internet. But that is dangerous.

The “blue” exploits are a great proof of that claim. BlueKeep and DejaBlue permit attackers to break into systems via RDP and gain root level access without any credentials. And two-factor authentication is no protection. With “blue”attacks the game is over before RDP even thinks about checking your password let alone 2FA.

Now of course you can patch (hopefully already) against those attacks but they prove that remote administration protocols are not appropriate for direct exposure to the Internet. And researchers agree there will be more such exploits. Moreover, patches don’t exist when you are targeted with a zero-day attack.

In this webinar, we will look at several different ways to more safely provide admins with SSH/RDP access to VMs in the cloud. Here are a few of the techniques we’ll consider:

  • Dedicated connections like Express Route in Azure
  • Site-to-Site VPNs
  • Remote access VPNs hosted in the cloud
  • IP Security Policies
  • Source network restrictions
  • Terminal Services Gateway
  • Privileged Session Management solutions designed for the cloud

Some of these techniques are circuitous and rely on your existing, on-prem remote admin access infrastructure. The techniques are more or less stronger in relation to each other and have different prerequisites. We will compare and contrast them all.

Latest
  • Mapping BeyondTrust Capabilities to the Operational Technology Cybersecurity Controls (OTCC)
    May 14, 2026 Mapping BeyondTrust Capabilities to the Operational Technology Cybersecurity Controls (OTCC)
    Resources
    1m
  • BeyondTrust Executive Summary
    Feb 25, 2026 BeyondTrust Executive Summary
    Resources
    1m
Related
  • Norton Healthcare: Achieving HIPAA Compliance and Scaling Telehealth
    May 21, 2020 Norton Healthcare: Achieving HIPAA Compliance and Scaling Telehealth
    Case studies
    1m
  • ServiceNow + BeyondTrust: Basic vs Enterprise Remote Support
    Apr 14, 2020 ServiceNow + BeyondTrust: Basic vs Enterprise Remote Support
    Resources
    1m
Share this Article
  • Link

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.