There is a server at an organization that I visited that is both a DC and a file server. It has 2 NICs - one on the LAN and the other plugged directly into the Comcast router. This organization's IT consultant set it up this way so that he can remotely manage the server.
To me, this seems like a huge security issue. The credentials to access this server are not exactly strong. I have no idea why this server is not plugged into the firewall instead. And, why the heck would he not just connect to the network via VPN and then manage the server?
Am I missing something here? How could this possibly be an OK practice? What would be a preferred way to remotely manage this system, hopefully without too much expense since I am sure the budget is tight?