tag:blogger.com,1999:blog-6230024559279811901.post62394263834538715..comments2023-08-28T14:37:10.715-07:00Comments on I.T. Proctology: Securing Azure Virtual Machines or I got hacked and how you shouldn’tBrianEhhttp://www.blogger.com/profile/09946552115562772058noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-6230024559279811901.post-13931720777849001262016-04-14T14:05:28.104-07:002016-04-14T14:05:28.104-07:00This must have been a terrible situation.
Things g...This must have been a terrible situation.<br />Things get better. When you create a new vm now the user Administrator is not there only the user you used when confiuring the vm.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6230024559279811901.post-70567272851041718942013-10-28T14:58:42.873-07:002013-10-28T14:58:42.873-07:00"disabled open internet" - I don't f..."disabled open internet" - I don't fully understand what you mean.<br /><br />You get VMs. The VMs can freely communicate out. However, you can only communicate with your VM over a publicly open port or you deploy a VPN using the Virtual Network feature (which is not free) and you reach your VMs through the tunnel.<br /><br />One big point of my post is to not leave 3389 exposed. It is actively probed and targeted. If you need a secure way to get to he VMs, use something else, like a VPN or GoToMyPC / GoToAssist.<br />BrianEhhttps://www.blogger.com/profile/09946552115562772058noreply@blogger.comtag:blogger.com,1999:blog-6230024559279811901.post-60278756005260057612013-10-28T14:33:05.824-07:002013-10-28T14:33:05.824-07:00does azure provide disabled open internet for VMs
...does azure provide disabled open internet for VMs<br />krsnahttps://www.blogger.com/profile/12010584347277638492noreply@blogger.comtag:blogger.com,1999:blog-6230024559279811901.post-17689448970732135392013-04-19T11:03:24.350-07:002013-04-19T11:03:24.350-07:00Yes, I have a script for that now. someplace...Yes, I have a script for that now. someplace...BrianEhhttps://www.blogger.com/profile/09946552115562772058noreply@blogger.comtag:blogger.com,1999:blog-6230024559279811901.post-20819020432477542342013-04-19T11:01:00.371-07:002013-04-19T11:01:00.371-07:00hanks for the post!
Now you should rename the use...hanks for the post!<br /><br />Now you should rename the user Administrator when creating a new VM, that is good to avoid hacking.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6230024559279811901.post-91734179084532658112013-03-12T06:02:12.146-07:002013-03-12T06:02:12.146-07:00IMHO, there are limited ways to recover your data....IMHO, there are limited ways to recover your data. And the methods are little different than they would be for a VM in the enterprise.<br /><br />Create a new VM and attach the disk. (BTW, you cannot just attach an OS disk as a Data disk, you must destroy the machine, unregister the disk from the Azure Library. Wait a bit. Register the disk as a data disk, and then you can move forward.<br /><br />I had the best luck with downloading your virtual disk and recover. Again, no different than in the enterprise.<br /><br />Sine all machines are in a DMZ, it would have to be a highly secured machine that I would even trust with data that I could not afford to lose. Or I did not have another copy of. Something that valuable, needs to be protected in a far better way than the front end machine of an Azure Service. It would at least be buried deeper within my application at another tier or another Service.BrianEhhttps://www.blogger.com/profile/09946552115562772058noreply@blogger.comtag:blogger.com,1999:blog-6230024559279811901.post-28789830250100782972013-03-11T23:38:59.415-07:002013-03-11T23:38:59.415-07:00If there is too much to loose on the hacked machin...If there is too much to loose on the hacked machine there is a way to restore access. Fortunately the bot does not change the password. I found an account created by the name 2bb with administrator prvileges.<br /><br />The information in your blog is mighty useful but will be more valuable if recovery solution is offered. <br /><br />We can talk if you want to. Don't worry I'm not a software services salesman :)<br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6230024559279811901.post-72654556589554606272013-01-07T15:26:40.851-08:002013-01-07T15:26:40.851-08:00Since writing this one behavior seems to have chan...Since writing this one behavior seems to have changed.<br />The first VM in a Service no longer appears to default to port 3389 for the RDP endpoint. One good step forward.BrianEhhttps://www.blogger.com/profile/09946552115562772058noreply@blogger.com