Azure VM – Network Security Group

Azure VM – Network Security Group

Recently I created a new virtual machine on Azure. It’s been awhile since I’ve had one, so I went through securing it. Made sure I had a firewall running and using Fail2Ban to stop brute force attacks. Or at least I thought…

I found that I was banning IP addresses by the hundreds a day trying to log into SSH. Seriously, what the hell! 90% where from China so I looked into seeing if I could ban whole countries. That just seemed extreme. It occurred to me to just allow logging in with specific IP addresses, like from my home or work.

On the server itself, I found this to not actually stop the attempts. Since they could still try to log in. So instead I used Azure’s Network Security Group to limit access to just my home IP address. This means I can edit access if needed, but prevent the endless hacking from China, Russia, Ukraine, and other locations.

Nothing against, those countries, but I don’t need the security hassle from whomever is really hacking me.

On a side note – The recent hacking of the US Democratic Party (DNC and John Podesta) during the 2016 election cycles, really shows how poorly people take security. I am no expert, but come on… Password as your password? That is just stupid.

Comments are closed.