How to secure your Active Directory from attackers from outside world
Of course. You are looking at a standard Nmap scan of a Windows Domain Controller . Blocking these ports will severely break or completely disable your Active Directory domain and related services. Clients will be unable to log in, access files, or use domain resources . Warning: Do not block these ports on a Domain Controller without a deep understanding of the consequences. These are not "default ports to be blocked"; they are core service ports required for the server to function. A more secure approach is to control access to these ports rather than blocking them entirely. Here is a breakdown of what each service does and the correct way to secure it. --- Understanding the Ports & The Secure Alternative to Blocking Instead of blocking, you should implement Windows Firewall with Advanced Security to restrict which source IPs are allowed to connect to these services....