How to block Domain Controllers from Internet access for an Active Directory Domain




This article guides professionals on how to securely configure Active Directory Domain by Domain controllers must be blocked from Internet access.

Implementing this control should be considered at a minimum as medium importance.

PS. G5 Cyber Security can scan your entire network for security vulnerabilities, guide you to resolve them, and more. Please contact us here to get started.



How to implement this security control

Blocking domain controllers from internet access can be done using various methods, such as restrictions at boundary firewalls, proxy services, host-based firewalls, or IPsec.  

If a critical function requires Internet access, this must be documented and approved by the organization.


How to verify this security control is implemented

Try to access the internet from the domain controller.

Review internet access restrictions with the administrator. If Internet access is not prevented, this is an issue.


Why you should implement this security control

Domain controllers provide access to highly privileged areas of a domain.  Such systems with Internet access may be exposed to numerous attacks and compromise the domain.  Restricting Internet access for domain controllers will aid in protecting these privileged areas from being compromised.