"Wherever you see a successful business, someone once made a courageous decision." – Peter F. Drucker
现代管理学之父 彼得·德鲁克(1909-2005)以其丰富的人生阅历、洞烛入微的观察、鞭辟入里的剖析、旷世奇才的文笔,写下了四十余本有关经济、政治、社会及管理的巨著,其中大部分翻译成二十多种语言发行于全世界。
365 Daily Success Quotes
12/17
"Who told you it couldn’t be done? And what great achievement has he to his credit that entitles him to use the word ‘impossible’ so freely?" – Napoleon Hill
拿破仑·希尔(Napoleon Hill,1883-1970),现代成功学奠基人,世界上最伟大的励志大师之一。生于美国,幼年丧母,早年生活坎坷。从1908年起,希尔在钢铁大王安德鲁·卡内基的帮助下,开始了长达20多年的成功学研究,拜访了500多位在美国政治,工商,科学和金融等领域取得卓越成就的高层人士。完成了具有划时代意义的名著-《成功法则》。希尔总结的十七条成功法则激励了全球数千万人,他本人则被誉为“百万富翁的创造者”。他曾被威尔逊和罗斯福总统聘为总统顾问,从而影响了美国历史的进程。他的著作还有《思考致富》《如何提高你的薪水》等。其作品被翻译成26种文字,在34个国家出版。
《Law of Success Lesson 4 – The Habit Of Saving》
12/18
"Dream no small dreams for they have no power to move the hearts of men." – Goethe
约翰·沃尔夫冈·冯·歌德(Johann Wolfgang von Goethe, 1749年8月28日,美因河畔法兰克福,出生时用名:J·W·歌德-1832年3月22日,魏玛;也做:Göthe)作为诗人、自然科学家、文艺理论家和政客,是魏玛的古典主义的最著名的代表。而作为诗歌、戏剧和散文作品的作者,他是最伟大的德国作家之一,也是世界文学领域的一个出类拔萃的光辉人物。
12 Dirty Habits That Prevent You From Developing Exceptional People Skills
- Dirty Habit #1 –Looking down at the floor when speaking to someone. You must learn to look at someone directly in their eyes when speaking to them. If you were taught that staring at people was impolite, you’re absolutely right. However, this does not mean you can’t look at someone in his or her eyes.
- Dirty Habit #2 – Slouching when you’re standing or sitting down. Stand up straight. In our society being tall is a good thing. When you slouch you appear much shorter. Not only will standing straight make you look taller but it will also give you a confident look.
- Dirty Habit #3 –Frowning and not smiling enough. No one likes to spend time with someone who’s in a bad mood. If you’re not feeling too great then try to keep your distance. People love to spend time with upbeat, optimistic people. Make an effort to smile, not frown.
- Dirty Habit #4 – Avoiding strangers. Since the day you were born, your parents have taught you never to speak to strangers. Well, you’re a grown up now and things have changed. In order to develop exceptional people skills you need to be comfortable speaking to all types of people. You need to meet as many people as you can.
- Dirty Habit #5 – Making a poor first impression. Did you know that people will judge almost everything about you just by your first impression? Make an initial effort to get along with the person you are meeting and you’ll save yourself a lot of trouble in the future.
- Dirty Habit #6 – Not making an effort to speak well. In order to develop great people skills you need to become a great conversationalist. This doesn’t mean you need to speak a lot; this means you need to speak well. You need to articulate and choose your words wisely. Basically, you need to listen to what you’re saying and not just blabber on about whatever you feel like.
- Dirty Habit #7 – Not being a good listener. Have you ever noticed how you tend to fall into a mind drift as soon as the other person begins to speak? Okay, well if you really don’t care about the person, then fine. But if you do, make an effort to listen and let the person speak. It will only help you further on in the conversation.
- Dirty Habit #8 – Not staying in touch with your acquaintances. To make sure you have the best relationships with all of the people you know, you must stay in touch with them. You need to regularly check your contact list and remind them all that you still exist. I’m not saying to call them up twice a week but an occasional check up is always nice.
- Dirty Habit #9 – Not being proactive. When there is not enough action and things are looking dull, it’s up to you to make a move. If you aren’t satisfied with the current situation don’t blame others, do something about it! Let’s face it: no one really cares if you’re unhappy, except maybe your mom…
- Dirty Habit #10 – Not enjoying your social life. If you want people to enjoy your company, you need to let them know that you’re a fun person to spend time with. If you’re a hard worker, then I congratulate you! However, you need to occasionally go out and be known for your excellent nights out! Go out and live your life to the fullest!
- Dirty Habit #11 – Not facing your fears. Actually, this relates to all aspects of your life but in this context I’m talking about meeting new people, career promotions, etc. If you need to do something logical but your emotions are getting in the way, then you need to analyze the situation and use some common sense.
- Dirty Habit #12 – Refusing to be open minded. There are all kinds of people out there. There are different religions, different races, different cultures, and different languages. Learn to accept others for who they are not who you want them to be. Give them your full respect and work out your differences unless of course you aren’t receiving the respect you deserve.
10 things you should know about securing DNS
Dr. Thomas W. Shinder
Introduction
The Domain Name System (DNS) is used for resolving host names to IP addresses on the Internet and on private TCP/IP-based networks. DNS is subject to exploits and attacks, but you can make it more secure. Here are 10 strategies for securing your DNS servers.
1. Use DNS forwarders
A DNS forwarder is a DNS server that performs DNS queries on behalf of another DNS server. The primary reasons to use a DNS forwarder are to offload processing duties from the DNS server forwarding the query to the forwarder and to benefit from the potentially larger DNS cache on the DNS forwarder.
Another benefit of using a DNS forwarder is that it prevents the DNS server forwarding the requests from interacting with Internet DNS servers. This is especially important when your DNS server is hosting your internal domain DNS resource records. Instead of allowing your internal DNS servers to perform recursion and contacting DNS servers itself, configure the internal DNS server to use a forwarder for all domains for which it is not authoritative.
2. Use caching-only DNS servers
A caching-only DNS server is not authoritative for any DNS domains. It’s configured to perform recursion or use a forwarder. When it receives a response, it caches the result and returns the answer to the system issuing the DNS query to the caching-only DNS server. Over time, the caching-only DNS server can amass a large cache of DNS responses, which can significantly improve DNS response times for DNS clients of that caching-only DNS server.
Caching-only DNS servers can improve security for your organization when used as forwarders that are under your administrative control. Internal DNS servers can be configured to use the caching-only DNS server as their forwarders, and the caching-only DNS server performs recursion on behalf of your internal DNS servers. Using your own caching-only DNS servers as forwarders improves security because you don’t have to depend on your ISP’s DNS servers as forwarders when you’re unsure of their security configuration.
3. Use DNS advertisers
A DNS advertiser is a DNS server that resolves queries for domains for which the DNS advertiser is authoritative. For example, if you host publicly available resources for domain.com and corp.com, your public DNS server would be configured with DNS zone files for the domain.com and corp.com domains.
What sets the DNS advertiser apart from any other DNS server hosting DNS zone files is that the DNS advertiser answers queries only for domains for which it is authoritative. The DNS server will not perform recursion for queries to other DNS servers. This prevents anyone from using your public DNS server to resolve names in other domains. This increases security by lessening the risks associated with running a public DNS resolver, which include cache poisoning.
4. Use DNS resolvers
A DNS resolver is a DNS server that can perform recursion to resolve names for domains for which that DNS server is not authoritative. For example, you might have a DNS server on your internal network that’s authoritative for your internal network domain, internalcorp.com. When a client on your network uses that DNS server to resolve the name techrepublic.com, that DNS server performs recursion by querying other DNS servers to get the answer.
The difference between this DNS server and a DNS resolver is that a DNS resolver is a DNS server that is dedicated to resolving Internet host names. A resolver could be a caching-only DNS server that isn’t authoritative for any DNS domains. You can make the DNS resolver available to only your internal users, you can make it available only to your external users to provide a secure alternative to using a DNS server outside of your administrative control, or you can allow both internal and external users access to the DNS resolver.
5. Protect DNS from cache pollution
DNS cache pollution is an increasingly common problem. Most DNS servers can cache the results of DNS queries before forwarding the response to the host issuing the query. The DNS cache can significantly improve DNS query performance throughout your organization. The problem is that if the DNS server cache is “polluted” with bogus DNS entries, users can subsequently be forwarded to malicious Web sites instead of the sites they intended to visit.
Most DNS servers can be configured to prevent cache pollution. The Windows Server 2003 DNS server is configured to prevent cache pollution by default. If you’re using a Windows 2000 DNS server, you can configure it to prevent cache pollution by opening the Properties dialog box for the DNS server and clicking the Advanced tab. Select the Prevent Cache Pollution check box and restart the DNS server.
6. Enable DDNS for secure connections only
Many DNS servers accept dynamic updates, enabling them to register DNS host names and IP addresses for hosts that use DHCP for host IP addressing. DDNS can reduce the administrative overhead for DNS administrators who otherwise would need to manually configure DNS resource records for these hosts, but if unchecked, DDNS updates can pose a security risk. A malicious user can configure a host to dynamically update DNS host records of a file server, Web server, or database server and have connections that are destined to those servers diverted to his machine instead of the intended target.
You can reduce the risk of malicious DNS updates by requiring secure connections to the DNS server in order to perform the dynamic update. This is easily achieved by configuring your DNS server to use Active Directory integrated zones and requiring secure dynamic updates. All domain members will be able to dynamically update their DNS information in a secure context after you make this change.
7. Disable zone transfers
Zone transfers take place between primary and secondary DNS servers. Primary DNS servers that are authoritative for specific domains contain writable DNS zone files that are updated as needed. Secondary DNS servers received a read-only copy of these zone files from primary DNS servers. Secondary DNS servers are used to improve DNS query performance throughout an organization or over the Internet.
However, zone transfers are not limited to only secondary DNS servers. Anyone can issue a DNS query that will cause a DNS server configured to allow zone transfers to dump the entirety of its zone database files. Malicious users can use this information to reconnoiter the naming schema in your organization and attack key infrastructure services. You can prevent this by configuring your DNS servers to deny zone transfer requests or to allow zone transfers only to specific servers in the organization.
8. Use firewalls to control DNS access
Firewalls can be used to gain access control over who can connect to your DNS servers. For DNS servers that are used only for internal client queries, configure firewalls to block connections from external hosts to those DNS servers. For DNS servers used as caching-only forwarders, configure firewalls to allow DNS queries only from those DNS servers that use the caching-only forwarders. An especially important firewall policy setting is to block internal users from using the DNS protocol to connect to external DNS servers.
9. Set access controls on DNS registry entries
On Windows-based DNS servers, you should configure access controls on the DNS server-related Registry settings so that only the accounts that require access to them are allowed to read or change those Registry settings.
The HKLM\CurrentControlSet\Services\DNS key should be configured to allow only the Administrator and System account access, and these accounts should have Full Control permissions.
10. Set access control on DNS file system entries
On Windows-based DNS servers, you should configure access controls on the DNS server-related file system entries so that only the accounts that require access to them are allowed to read or change those files.
The %system_directory%\DNS folder and subfolders should be configured to allow only the system account to access the files, and the system account should be given Full Control permissions.
Additional resources
nTechRepublic’s Downloads RSS Feed
nSign up for our Downloads Weekly Update newsletter
nSign up for our Network Security NetNote
nCheck out all of TechRepublic’s free newsletters
n"Troubleshoot DNS with this flowchart" (TechRepublic download)
n"Ramp up DNS security with these three steps" (TechRepublic article)
n"Strengthen vulnerable spots to improve DNS security" (TechRepublic article)
Version history
nVersion: 1.0
nPublished: November 3, 2005