Domain controllers must be blocked from Internet access.
An XCCDF Rule
Description
<VulnDiscussion> Domain controllers provide access to highly privileged areas of a domain. Such systems with Internet access may be exposed to numerous attacks and compromise the domain. Restricting Internet access for domain controllers will aid in protecting these privileged areas from being compromised.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-243475r723460_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Block domain controllers from internet access. This can be accomplished with various methods, such as restrictions at boundary firewalls, proxy services, host based firewalls, or IPsec.
If a critical function requires Internet access, this must be documented and approved by the organization.