this post was submitted on 28 Jul 2023
11 points (76.2% liked)

Sysadmin

7717 readers
1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago
MODERATORS
 

My company is about to shift a large workload to a vendor that uses an RD Gateway hosted at Amazon to serve access to the front-end application. It's open to the internet at 443. There's no MFA. How worried should I be?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago

From what I understand, Remote Desktop Gateway acts as a proxy to route Remote Desktop connections inside a VPC. So authentication will be delegated to the Windows machines, which appears to be outside the scope of Remote Desktop Gateway. I haven't set up Windows on EC2, maybe there's a way to tie authentication to AWS Identity Center to get some form of 2FA or SSO?

The deployment guide mentions that you can use Network ACLs to limit access to the gateway to certain IP ranges, so here's that.