My company is about to shift a large workload to a vendor that uses an RD Gateway hosted at Amazon to serve access to the front-end application. It’s open to the internet at 443. There’s no MFA. How worried should I be?
My company is about to shift a large workload to a vendor that uses an RD Gateway hosted at Amazon to serve access to the front-end application. It’s open to the internet at 443. There’s no MFA. How worried should I be?
It’s pretty bad. You are going to be vulnerable to password spraying at the very least and a phishing email or credential leak, both incredibly common, will result in a bad day.
You need MFA and preferably FIDO based MFA with conditional access.