This company setup two Server 2008 R2 servers in different locations. Both servers are setup with a public IP address, NOT through a firewall. They only use Windows Firewall. These are going to be used as file servers for another company. So DFS is enabled and replicating over the WAN. I would never in a million years setup a configuration like this without secure firewalls and VPN, but cheap companies seem to make dumb decisions. Below is a basic nmap scan of their public IP. Since you guys know security, how easy would it be to exploit their vulnerabilities?
PORT STATE SERVICE
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-wbt-server
PORT STATE SERVICE
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-wbt-server