| ▲ | ktpsns 6 hours ago |
| To be honest, three nested RDPs sound like a terrible hack. In an ideal world, this would be two port forwardings and one RDP (thinking about ssh, which is still underrepresented in windows world). In an even more ideal world, this would be an IPv6 direct access ;-) |
|
| ▲ | everforward 5 hours ago | parent | next [-] |
| There are legit reasons, at least for two nested sessions. A production network that’s airgapped except for a bastion host that acts as a gateway. It’s better than port forwarding because you have to auth to the bastion host before the RDP chaining, and it often takes separate credentials for the second RDP session. It’s a semi-common setup for higher security environments, and when you have a network of stuff that has known vulnerabilities you can’t patch for whatever reason. Traffic in and out is super carefully firewalled. It’s not great, but it’s better than a 25 year old MySQL with a direct public IP. |
| |
| ▲ | embedding-shape 5 hours ago | parent [-] | | > airgapped except for a bastion host that acts as a gateway First time I've heard of an airgapped system you could access remotely. Doesn't that kind of defeat the label "airgapped"? I think I'd just call that "isolated" at that point instead. | | |
| ▲ | debarshri 4 hours ago | parent | next [-] | | This concept is related to PAM.
You often have to do ops on infra and need some DMZ to do the ops. In regulated industry you have to record every operations done by the person and have to follow principle of least privilege. This what should happen in an ideal world. | | |
| ▲ | embedding-shape 4 hours ago | parent [-] | | > You often have to do ops on infra and need some DMZ to do the ops. This makes sense, "bastion" hosts and similar things is fairly common too. What's not common is calling those "airgapped", because they're clearly not. | | |
| ▲ | hnlmorg 3 hours ago | parent | next [-] | | I agree. They’re network enclaves. Which isn’t the same thing as an air gapped network. | |
| ▲ | debarshri 4 hours ago | parent | prev [-] | | Airgapped is a different concept altogether. |
|
| |
| ▲ | SigmundA 4 hours ago | parent | prev | next [-] | | Logically air gapped :) https://docs.aws.amazon.com/aws-backup/latest/devguide/logic... | | |
| ▲ | dijit an hour ago | parent [-] | | AWS likes to redefine things. Air gapped means... there is nothing except air in the gap between systems. A physical tether would defeat it. Now, I pedant could start talking about wifi, but air-gapping is a concept older than the internet. (It stems from plumbing where there's air that prevents back leakage of contamination). https://en.wikipedia.org/wiki/Air_gap_(networking) |
| |
| ▲ | rzzzt 5 hours ago | parent | prev [-] | | The moat! |
|
|
|
| ▲ | orisho 5 hours ago | parent | prev [-] |
| It's probably there not as a way to connect networks, but as a way to keep them separate, only allowing RDP between specific computers on different networks. |
