0

I would like to add security (e.g. a login with a password) for the public-ip for my Azure VM. Because else everybody could e.g. deploy smart contracts via the cakeshop links or turn off and on the Ethereum nodes.

Does anybody know how to do it?

sunwarr10r
  • 4,420
  • 8
  • 54
  • 109

2 Answers2

1

It seems that you cannot set a password for the public IP. But you can set the password for the VM. For the security of the VM, you can use the Azure Network Security Group to filter the traffic. For more details, see Filter network traffic with a network security group.

For more security to the VM, you can try the Identity of Azure AD. Take a look at this Configure managed identities for Azure resources on a VM. Hope this will help you.

Charles Xu
  • 29,862
  • 2
  • 22
  • 39
  • Assigning vm identities brings nothing if the public ip exposes all the possibilities to change core configurations on your nodes to everybody over http and even offers a user friendly UI to do it. This can't be true if there is no way to close this UI. It's almost the same as if I post my Azure user+passwd, so everybody can shut down, start up and deploy smart contracts on my Quorum nodes – sunwarr10r Nov 18 '18 at 09:11
  • But it's impossible to set the password to the password. Others can do nothing if they do not have the permission of the VM even if they have the public IP. So you can use another way to keep the VM safe, not just for focus on the public IP. – Charles Xu Nov 18 '18 at 09:16
  • I have now logged out of portal.azure.com and then went to the public-ip and there I have a UI where I have a field `node control` and I can `Restart Node`, `Stop Node`, `Start Node`, `Create New Chain` and also can deploy a smart contract. How can others do nothing if they can by using the above mentioned things e.g. Stop the complete Block Chain Network via the offered UI? – sunwarr10r Nov 18 '18 at 11:25
0

There is no such thing as a password for a public IP, a public IP is just a resource assigning IP's to a network interface, nothing more.

If you are hosting an application in Azure it is up to you to make sure this is secure. Ideally, this would be done through authentication at the application layer, to prevent users from being able to do anything in the application without authenticating. If your application does not provide this then you may want to take a closer look at your application and whether it is fit for purpose.

If application level authentication is not possible then you could look at adding authentication at the application server level, be this Apache, IIS, Tomcat etc. You would need to look at the appropriate documentation for your application server.

Sam Cogan
  • 4,124
  • 7
  • 44
  • 76
  • I am using `Quorum` offered by Azure. After deploying it, there is a public-ip, which leads everybody to a UI, where everybody can `Restart Node`, `Stop Node`, `Start Node`, `Create New Chain` and also can deploy a smart contract. So your suggestion would be to shut down the `cakeshop` UIs offered by `Microsoft` `Azure`? – sunwarr10r Nov 18 '18 at 11:31
  • I have no experience with Quorum, but looking at it, this is not a service offered by Microsoft, it is a marketplace offering from a third part that runs in a VM on Azure. Given that you have same options mentioned above, enable application security if Quorum offers it (which it really should) or do it at the VM level – Sam Cogan Nov 18 '18 at 11:33