Certified Security - Specialty

Sign Up Free or Log In to participate!

You need to access the EC2 instances in your private subnet using SSH, which of the following is the most secure approach?

a, Add a Virtual private gateway and access the private subnet over a site-to-site VPN

b, Access hosts in the private subnet using a bastion host

c, Access hosts in the private subnet using a NAT gateway

d, Add a public IP address to one of the hosts in your private subnet and us that host to access all the others

the answer is b. but what I don’t understand is why using a VPN gateway and connection to instances isn’t the safest option, as it doesn’t expose any instances to the internet while on the other hand bastion host still exposes one instance although hardened is still exposed to the public internet

1 Answers

Hi there,

Let me ask this instead, which would be more secure?

  • All machines on your network having direct access to every machine in the private subnet

  • A single entry point that can be controller to access machines in the private subnet

Both are viable solutions, just which one is more secure?

Hari Prakash

hi, thanks for the answer and i will say that a single point is more secure, and vpn is not a single point access as it bridges networks.


Yep and therefore, that would make answer B be the more secure choice.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?