Authentication, Authorization and Accounting are 3 main features of any digital access to services for inbound traffic or outbound traffic. I only agree on a solution if all three are really implemented properly. Yes, any security individual will say I have patched, added a certificate and created a group for the servers. The answer is no and still the access to the servers is still hack-able. The reason is individuals putting servers in the public domains have long been thinking hard to make these servers secure but they do not know that pocking a hole in the servers is a dead-end situation that will risk compromising clients data and privacy.

We are an advocate of cut-through proxy authentication and it will overcome situations like leaving access accounts on servers in the open cloud or in any organizations less secure segments.

Now what is the solution to this issue that is overlooked by most, the solution is within the steps below.

1. Every organizations should understand that servers intended for eCommerce, should generate a prompt for authentication the moment a        client on the untrusted zone (internet) tries to authenticate.
2. The authentication prompt should not come from the server itself but it should come from a security appliance in a trusted zone.
    Once the client enters the credentials, a query is sent to the hosting AAA Server.
3.  If the authentication is successful, the security appliance in this case lets just say a high grade firewall will redirect the client to the server.
4.  Clients must make sure the site that is accessed is secure by checking the URL of the front end server website is https:// instead of http://.       https will indicate that the SSL certificate makes sure that data is passed from the brower to the server securely.

Article by Habib Zakaria | Network Solutions Architect

Article 2: ​How to Export Computer list from Active Directory for any organization 

Article 1: Beyond Patching and Securing Access

Any organization will need to eventually pull a list of all the computers - Desktops & Laptops that are joined to their domain. This practice is very common when an organization is going through audits, asset counts, license counts and even if there is a need to deploy applications silently via Group Policy.  

Note that some smaller companies with limited resources that do not have SCCM infrastructure can benefit from this power script and can pull the asset list using PowerShell Script. 

Open Windows Powershell ISE  and Type the script shown. 

Save the script and name it anything you like, in my case I named the scripts as ExportComputer.ps1 

If you have now access to a computer and you can run the powershell using an account with domain admin rights, 

​you can run the script ExportComputer.ps1 and it will compile and save the file computers.csv in your C:\temp folder 

Article by Habib Zakaria | Network Solutions Architect