Restricting RDP access to Azure virtual machines

By default, every VM you’v e created within Azure has RDP (Remote Desktop Protocol) on port 3389 enabled. You can access you VM from anywhere in the world.

You can restrict RDP access on just that IP addresses you want, so you can limit the access. So for example, you can limit your company IP address and maybe you home address to access the specific VM in Azure.

To restrict access, I’ve created a NSG (Network Seciruty Group) with the following configuration:

1.) Create a new Inbound security rule with a priority of 4095 (every digit below the default of 65000 is fine!!)
2.) Configure the following rule:

Priority: 4096
Name: Deny-RDP-Access
Source: Service Tag
Source service tag: Internet
Source port ranges: *
Destination: VirtualNetwork
Destination port ranges: 3389
Protocol: TCP
Action: Deny

3.) Configure a second rule:

Priority: 4095
Name: Allow-RDP-Access
Source: IP Addressess
Source IP Addressess/CIDR ranges: YOUR IP ADDRESSESS
Source port ranges: *
Destination: Any
Destination port ranges: 3389
Protocol: TCP
Action: Allow

image

Now you can test your new configuration. RDP access is only allowed from your custom IP addressess!!

5nine AzSec for Azure Security

5nine AzSec - Azure Security Simplified

5nine AzSec is an intuitive standalone application that creates, maintains and manages inbound/outbound traffic rules for virtual machines in Azure. Firewall log data is collected, displayed and managed in a central console.

5nine Cloud Security with AzSec is a bundled offering that includes 5nine Cloud Security and 5nine AzSec. This integrated solution enables hybrid cloud administrators to manage firewall rules, alerts and logs across Azure and Hyper-V environments from a single access point.

  • Easy Firewall Configuration: Apply firewall rules in a single step instead of using complex scripts or the Azure portal.
  • Automate Firewall Rule Configuration: Built-in templates enable you to easily apply firewall rules and reduce the risk of misconfiguration for virtual machines running in the Azure environment.
  • Simplify Anomaly Discovery: The firewall log export allows you to view and analyze firewall log data right from within the 5nine Cloud Security Anomaly Analysis module, and export logs to Splunk or other SIEM systems.
  • Monitor Azure from One Location: Review your Azure subscription resource groups, status, usage and billing summary from within 5nine’s interface.
  • Consolidate Hybrid Cloud Management: Configure firewall rules and view log data across Azure and Hyper-V environments from a single access point.*

 

image

image