SIMULATION -
You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1.
To complete this task, sign in to the Azure portal.
See the explanation below.
To enable the RDP port in an NSG, follow these steps:
1. Sign in to the Azure portal.
2. In Virtual Machines, select VM1
3. In Settings, select Networking.
4. In Inbound port rules, check whether the port for RDP is set correctly. The following is an example of the configuration:
Priority: 300 -
Name: Port_3389 -
Port(Destination): 3389 -
Protocol: TCP -
Source: Any -
Destinations: Any -
Action: Allow -
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-nsg-problemTo configure Azure to allow RDP connections from the Internet to a virtual machine named VM1 while minimizing the attack surface of VM1, follow the steps below:
Open the Azure portal at https://portal.azure.com.
Navigate to the virtual machine named VM1 that you want to configure for RDP access.
Click on the "Networking" option in the left-hand menu.
Under the "Settings" tab, click on "Add inbound port rule" to create a new inbound rule.
In the "Add inbound security rule" dialog box, enter the following information:
a. Name: Enter a descriptive name for the rule, such as "RDP from Internet."
b. Protocol: Select "TCP" from the drop-down list.
c. Port range: Enter "3389" in both the "Start port" and "End port" fields.
d. Source: Select "Any" to allow RDP connections from any IP address. Alternatively, you can specify a specific IP range or individual IP addresses.
e. Action: Select "Allow" to allow RDP connections.
f. Priority: Enter a value that is lower than any existing rules, such as "100."
Click "Add" to save the new inbound rule.
Navigate to the "Network security group" option in the left-hand menu.
Click on the network security group associated with VM1.
Under the "Settings" tab, click on "Add inbound security rule" to create a new inbound rule.
In the "Add inbound security rule" dialog box, enter the following information:
a. Name: Enter a descriptive name for the rule, such as "RDP from Internet."
b. Protocol: Select "TCP" from the drop-down list.
c. Port range: Enter "3389" in both the "Start port" and "End port" fields.
d. Source: Select "Internet" to allow RDP connections from the Internet. Alternatively, you can specify a specific IP range or individual IP addresses.
e. Action: Select "Allow" to allow RDP connections.
f. Priority: Enter a value that is lower than any existing rules, such as "100."
After completing these steps, RDP connections from the Internet to VM1 will be allowed, while the attack surface of VM1 is minimized by restricting access to only the RDP port and only from the specified source IP addresses.