User Profile
JVDenning
Copper Contributor
Joined 2 years ago
User Widgets
Recent Discussions
Azure DevOps services - on premise agent lockdown
If using Azure DevOps Services but with on premise build agents, deployment targets and Environment resources, the outbound connection from these is to a range of generic IP addresses for endpoints that are for all organizations. What measures could restrict or mitigate the risk of a malicious user able to repoint an on premise agent/target/resource to a different organisation to be able to download malicious payloads/upload data? The only ones i can currently think of: 1. The general protections regarding identity of anyone who sets up an organization. 2. Monitoring for agents etc that go offline (which would need some custom script/code to interact with the ADO API) These are retroactive / not as complete enough to provide sufficient confidence of protection. Anyone else solved this problem? It would preferably be a measure that is external to the agent e.g network based.910Views0likes2Comments
Groups
Recent Blog Articles
No content to show