My company is about to shift a large workload to a vendor that uses an RD Gateway hosted at Amazon to serve access to the front-end application. It’s open to the internet at 443. There’s no MFA. How worried should I be?
My company is about to shift a large workload to a vendor that uses an RD Gateway hosted at Amazon to serve access to the front-end application. It’s open to the internet at 443. There’s no MFA. How worried should I be?
From what I understand, Remote Desktop Gateway acts as a proxy to route Remote Desktop connections inside a VPC. So authentication will be delegated to the Windows machines, which appears to be outside the scope of Remote Desktop Gateway. I haven’t set up Windows on EC2, maybe there’s a way to tie authentication to AWS Identity Center to get some form of 2FA or SSO?
The deployment guide mentions that you can use Network ACLs to limit access to the gateway to certain IP ranges, so here’s that.