I have a Windows 2016 Hyper-V server box that came with two network cards. First NIC is connected to internal LAN (192.168.1.x) and 2nd NIC is connected directly to ISP Internet modem (therefore, it receives a dynamic public IP address given by ISP DHCP server). On 2nd NIC, I intend to create a virtual machine ("TESTVM") where I like to try to open some suspicious email attachments or click on website links (to find out whether they are malicious). I have installed Malwarebytes Anti-Exploits/Anti-Malware/Ransomware on this VM and it sends me email alerts whenever it detects "suspecious" activity.
I plan on connecting to this VM thru remote desktop connection program (port# 3389, 3390 .. etc) using Dynamic DNS.
Having said that, I know a lot of experts would go against the idea of exposing the server to public internet.
I know that I could put another router (192.168.2.x) between 2nd NIC and ISP internet modem to enhance security, but what I like to know is how am I venerable as it is?
How could hackers penetrate to this server when the only account is "administrator" with secure password?
Thanks you for your insight.