What are you doing to secure your Virtual Machines in Azure? Or in any public cloud for that matter? “What’s that?” you say? “Not my problem. That is why I moved to the cloud,” you say?
Silly Rabbit. Here is a better way to think about securing your Virtual Machines (VM’s). When you ran your Virtual Machines on a server you placed in a data center, who managed security? You did. Sure, the data center managed physical security—biometric access, logs, and the like—but they did not manage what happened to your server or VM’s. That was your responsibility.
Now, fast forward to Azure or any other public cloud. Who provides the servers, data storage and other hardware? The public cloud provider does; you just rent the hardware. So, it makes sense that the public cloud provider manages security for the hardware. But that is where they stop. The rest is up to you.
Secure Your VM’s in Azure with These Seven Tips
Fortunately, you can take some simple steps, many of which we have written about previously, to secure your VM’s in Azure. Let’s go through them.
Patch Your Software
Patch, patch, patch! Patch your server Operating System. As well, patch your applications. Eliminate every avenue for a hacker to take control of your system or your application.
Lock Down Your Administrative Ports
If you park your car in your garage, you don’t live in California. (My Detroit friend used to ask me, “why do you Californians park in your driveways and drive in your parkways?”) Sorry, I got off-topic there. What I meant to say is that if you park your car in your garage, you feel safe leaving the windows open and the car unlocked. After all, the thieves must open the garage to steal your car.
Now imagine that you park your car on the street. (Maybe you moved to California.) You don’t feel too keen about leaving the car unlocked or leaving the windows down. It’s the same with your VM’s.
Don’t leave your administrative ports open all the time. Open them when it’s time for maintenance. Then close them again. Secure your VM’s in Azure by closing the Remote Desktop Protocol (RDP) port (3389) when it’s not in use. But follow the “long tail” of other ports and close SSH (Secure Shell) (22), FTP (File Transfer Protocol) (21), Telnet (23), HTTP (Hypertext Transfer Protocol) (80), HTTPS (Hypertext Transfer Protocol-Secure) (443), SQL (Structured Query Language) (1433), and LDAP (Lightweight Directory Access Protocol) (389).
Watch for Brute-Force Attacks
While you are in managing your administrative ports, check to see that they are not undergoing brute-force attacks. Azure Defender will tell you if brute-force attacks are happening. Otherwise, you can look at the Windows Event Log for Event ID 4625 (account failed to log in). If you see lots of these events, you are under attack.
Use Complex Account Names and Passwords
This advice should sound familiar! Any administrative account should be using Multi-Factor Authentication (MFA). The password for the account should be something complex (mix of uppercase letters, lowercase letters, digits, symbols). You can make things harder for the hackers if you also make the account name something complex. Any hacker can guess that the account name is email@example.com. Cook up a complex username and make them work to get in.
Pay Attention to Secure Score
Azure has its own Secure Score. Amazon Web Services and Google have something similar. Secure your VM’s in Azure by looking at your organization’s secure score and (more importantly) the recommended actions that will improve your Azure Secure Score. Pick the recommendations that provide the most security improvement for the effort and implement those first. Move through the list of recommendations until you feel that you have improved your security enough. Take note of the recommendations that don’t make sense for the organization right now. Revisit them if circumstances change in the future.
Monitor for Threats
I continue to say that the value of security service from a cloud provider is that you get insight into all the threats that provider sees, not just the threats you see. Take this small step to secure your VM’s in Azure by being proactive. Determine the threats that worry you the most. Set alerts to tell you about those threats. When you do see an alert, investigate, and respond. If the alert is a false positive, refine your alerting logic.
Don’t Forget to Back Up Your Data
Finally, secure your VM’s in Azure by backing up your data. Do this to a location not controlled by your VM. You want to be able to recover your data if the hackers get through and lock your data.
Stay Safe Out There
(Did you think of this as well?) Moving your Virtual Machines to Azure or another cloud provider is a great next step in your move to the cloud. You get the advantages of scale, rapid infrastructure change when needed and reliable computing power. Just remember that you are still responsible for the security of your VM’s. The steps I have outlined above are not difficult. Follow them and secure your VM’s in Azure. You’ll sleep better.