I am not a server guy at all so forgive me if my questions seem somewhat odd.
So I've set up a few Windows Server 2016's with internet access and I've created a VPN solution to be able to RDP to them. One of the servers is an Active Directory Domain Controller.
The servers only need to be accessible via RDP using the VPN, so I have no need to expose them in any way to the internet, i.e. no web servers or such things. The servers are not super sensitive, I just want to follow common sense and secure things on an appropriate level following best practice.
My question is basically if there's anything else I should consider blocking?
I have blocked the following ports/protocols on ALL SERVERS for all incoming traffic except for the IP range used by the VPN connection.
And the following ONLY on the server running the AD domain controller (for all incoming traffic)
Outgoing traffic has been blocked (I'll open up the things I need when I realize I'll need them).
I'm using the built-in Windows firewall.