DC and CG in the DMZ of the networkLocked
I just started working for a company.
I am finding out that they have 3 DC in the DMZ (firewall is Cisco PIX)
2 of them are NS servers that handle our external records to the domain (mx records, A record, www record, etc). The other one is unluckily an exchange 2003 (not good thing to put DC in exchange), this one is also a GC, the only one in the DMZ.
From my 9 years of experience is the first time I see DC in the DMZ or Publics IP, if someone is able to hack into exchange or DNS I guess they will have access to the AD too. How much should I worry about this? Is this a huge security whole? is this something common although I haven?t seen it before?
Thanks in advance