Share Knowledge to the world

Setup Wireless/Securit

Setup Wireless/Securit:
------------------------
1. Login to Wireless router (linksys)
- Open browser: 192.168.1.1
- Username: admin
- Password: admin

- SSID: Wireless Name (ITS-Computer)
- Enable SSID Broadcast: show wireless name
- Click SaVE
-------------------------------------
802.11 : Wifi standard
Wireless B: 11Mbps
Wireless G: 54Mbps
Wireless N: 100-300Mbps
-------------------------------------
Wireless:
WPAN: bluetooth, infra =>
WLAN: Wifi => access point
WWAN: GSM, Edge, 3G, 4G => Microwave
-------------------------------------

2. Setup Security:

WPA2/PSK

WPA: to encrypt wireless signal
PSK: to authenticate wireless client using key

send signal: yahoo.com => %$%^$^$^%$^ (WPA)

3. Filter MAC Address (Wireless client)
---------------------
- Mac adress = Hardware address = phisical address = Network card address
- IP address = software address = logical address
MAC = C8-3A-35-D1-7E-F1

---------------------

Wireless Security:

- PSK: wireless password
- WPA: wireless encryption
- MAC Filter

-----------------------------------------------

- Firewall: software & hardwae

Firewall Software:
- ISA Server: Run on Windows 2003
- IPCop: Linux-base
- Smoothwall
- MicroTec...

Harware Firewall:
- Cisco ASA, PIX => Router
- Watchguard => Router
- LinkSys, Dlink => Router

ADSL Router:
- Router
- Modem
- Switch
- Wifi
------------------------------------------

Internet Traffic:
- Incoming traffic: Download
- Outgoing traffic : Upload

- Send email: outgoing traffic
- open yahoo.com: in + out
- download software: in
- upload website to hosting: out
- User on internet remote VPN to local Office: inoming
- user on internet open webmail of local mail server: incoming

------------------------------------------

- Network 4 category:
- localhost: local computer: 127.0.0.1
- Internal: LAN: local network
- External: WAN: Internet
- VPN: Extranet: local network stay on internet
2000-2003
- Modem: converter line to network sinal
- Router: NAT (map internal & external to same network)
- Switch: Share internet

2005: Router: 3-1

3 type of profile in network server

Profile: there are three profiles
1-Local User Profile: (Automatic creat after user log in first time that it copy from
Original profile is Document and setting\Default)
2-Roaming profile: It is a Network profile that creat after user log in domain in the
first time that it copy profile from client pc to Server pc.
3-Mandatory Profile: This profile like as Roaming profile but it has permission as
Guest or limit permission.
---------------------------------------------------------
2-Roaming Profiles:
-AllowDomainUser:(Group Policy Managerment Edit)-computer configuration
-policies-windows Setting-security setting- localPolicy
-user Right Assigment-Allow log on locally - add (Domain Users) -ok
-gpupdate /force -log of server- log on user name.
=>c: (find username profile).
=>log in back to administrator- my computer -properties-Advanced-UserProfiles
-setting-client user name (roaming)-copyto (D-E:Profile"shared" clien-username
directory) but on network must \\server1\profile\clien-username directory ok.
=>Active directory user-computer =>R-click User name => properties=>Profile
UserProfile - Profile path: \\server1\profile\clien-username.

=>Testing profile of clien-username

(AllowUserAsAdmin:R-click User name => properties =>MemberOf=>Add=>Domain Admins)

3-Mandatory Profiles

As I mentioned, mandatory profiles are simply read-only versions of
the standard roaming profiles I've already discussed. Creating a mandatory
profile is probably one of the simplest administrative tasks you'll ever
perform. If you look in each individual profile directory, you'll find
a hidden file called NTUSER.DAT. This file contains all the user-configurable
aspects of the profile. To create a mandatory profile, simply rename this
file NTUSER.MAN.

NTUSER.DAT => NTUSER.MAN

*Conclusion
As I've explained in this series, you can use profiles to make the
users' lives easier, your life easier, or both. Roaming and mandatory
profiles can be very handy to both administrators and users.

Build Web Server

Build Web Server (IIS: Internet Information Services)

=>Can use with Intranet & Internet
=>Used to fly Web site or as Web Hosting
---------------------------------------------------
To protect from Hacker:
=>Microsoft build up IIS 6.0 have:

a.IIS Lockdown Wizard: Use to Lock & Unlock web server like: .asp, .html,
.jpg, .gif, .bmp ... and can multi operate Active Server Page
with Front Page server.

b.FTP User Isolation: Protect from Hacker that used Protocol TCP/IP on other
Operation System attack to FTP Server.

c.Can Access with Low-Privileged account for down attack from Hacker like:
-Active Control : Control user account with web server
-Authentication : provide the real protect (User account & Pwd)
-Encryption : Secure with online business (Bank, Credit Card...)
that provide Encryption to Protocol secure Sock Layer
(SSL 3.0).
-Auditing : control user account with web site.
-----------------------------------------------------
There are 4 IIS sevice:
a.File Transfer Protocol (FTP) Server : It is a service that use protocol FTP that
can Upload fast Data (port=21).
b.Hyper Text Tranfer Protocol (HTTP) : It use protocol HTTP for translate code:
(HTML, java, Asp, Php... "Port=80").
c.Simple mail Transfer Protocol (SMTP) : For send mail to internet.
d.Network News Transfer Protocol (NNTP) : For read the new of news ISP provider.

---------------------------------------------------
1. Add IIS Components:
-Start => Administrative tool => Manage your Server
-Click Role => Add Roles => Choose Application Server (IIS, Asp.NET)
(Follow screen).
---------------------------------------------------
2.Set directory path for storing website:

-Start => Administrative Tools => Internet Information Services (IIS) Manager
-Expand Server name\ Web Sites\Default Website => Right-click on it =>

a.Website:
-Description : (vithya-computer)
-IP address : (192.168.168.168)

b.Home Directory:
-Local Path: (C:\inetpub\wwwroot)

-Tick: (Script Source access)

c.Documents (Set index file "index.htm"):
=> Move Index.htm to the first top
to make default home page of the website.

=>ok-select all - ok
---------------------------------------------------
3.Create Virtual Directory:
=> R-click (vithya-computer)- New Virtual Directory
-Next - Alias: (vithya-computer)
-Path: (C:\Inetpub\wwwroot)-Next(2)-finish

---------------------------------------------------
4.Create website:
-Creat new file name: index.htm and open with notepad => write some words
you want - save it to (C:\inetpub\wwwroot).

5.Test Opening website:
-Open IE or Firefox on client computer or server
-Type IP address of Web server: (192.168.168.168)

Virtual Private Network Server

Virtual Private Network (VPN) Server:
-------------------
-VPN : Is the highest secure of the LAN network system for client or networks remote.

-VPN : There are 2 type:

a.User to Network : It is the coporate Intranet from client to network.
b.Network to Network : It is the coporate Internet from network to network.

-------------------
1- VPN Server:
(Have 2 Network Interface Cards:)
1-LAN:192.168.168.168
2-WAN:192.168.20.19

=>Start - programs - Administrative tools - Routing and Remote Access
=>R-Click (Local Host Name)- Configure and Enable Routing and Remote Access - next
.Virtual Private Network (VPN) access and NAT - next - Private Network(LAN)
-Next- From a specified range of addresses - New - (set DHCP for VPN Client)
=> 192.168.168.1 => 192.168.168.20
-Next - finish - ok

-------------------
2- Create user account in AD :

=> Start - Administrative Tools - Active Directory User & Computers
-create new user whatever you want, example:

username: vpn1
passwords:123

username: vpn2
passwords:123
=> Properties (vpn1 & vpn2) - Dial-in - Network Access Permission (Allow access) - ok

-------------------
3- Testing VPN Client (Stand on the internet) to remote VPN Server:

=>Start - run - ncpa.cpl - Creat a new connection - Next
- connect - Connect to the network at my workplace
- Virtual Private Network Connection - Next - Company Name (VPN client)
- Host name or IP address (192.168.168.168) - My use only - Tick(add a short..)
- Finish - User name: xxxx - password: xxxx - Tick (Save this user ...)

VPN need 2 NIC
Lan 192.168.1.1
Wan 203.1.2.3

Lan 10.0.0.1
WAN 192.168.1.253

ping 10.0.0.2 local pc ip

Building FTP Server

Building FTP Server: (File Transfer Protocol) Service
-------------------
1- Add FTP component in IIS:
=>Start - control Panel - Add or Remove Programs
-Add Remove Windows Components - Application Server
-Details... - Internet Information Services (IIS)
-Details... - Files Transfer Protocol (FTP) Service -ok

2- Set Folder path to store files:
=>Start - Administartive Tools - IIS Manager

=>Expand server name - Click FTP Site - Click here
to lunch on right panel.

=>Expand server name - R-Click on FTP Site => New FTP Site
-Next - Description: FTP Server => Choose IP: (192.168.168.168)
and port: 21 => Next => Path: c:inetpub\ftproot
=>Select: Read and Write => Next - Finish.
=>Right-Click on FTP Server that just created => Start.

3- Set Security for users to access FTP site and disable anonymouse access:
=>Right-click on FTP Server => Permision
- Give full permision to group: "Users"

=>Right-click on FTP Server => Properties => Security Accounts
- Untick "Allow anonymous.."

4- Create user account in AD & testing FTP:

=> Start - Administrative Tools - Active Directory User & Computers
-create new user whatever you want, example: username: ftp_user and
passwords:123

=>Open IE: ftp://192.168.168.168 => Enter username and password you
just created above - Click View menu => Open FTP Site in Windowss
Explorer => Retype username & pwd again

=>Test create new folder and new text file or copy document on
FTP site

=>Open C:\inetpub\ftproot => you will see file & folder that you created.

Build DNS Server

Build DNS Server: DNS(Domain Name System)

a-DNS It is an internet service used to translate from domain name to IP address so it easy remember
then IP address but however Internet used IP address so everytime we used domain name it always
translate to IP address .
b-DNS it has important duties to store record host database for every network computer can easily
connect.
ex. www.google.com ip address = 64.233.167.147
.com for business
.net for network system
.edu for education ministry
.org for Organization
.gov for Government
.kh for note that khmer
www.iic.edu.kh.
----------------

1. Set fix IP
Ip add :192.168.21.254
Sub Net :255.255.255.0
Default :192.168.21.1
DNS :192.168.21.254

2. Config DNS:

a- Create Forward zone: map name to ip

=> When build Domain Controller => it automatic create DNS Forward zone.
=> But we can delete it and recreate the forward zone
-Delete all in Forward Lookup Zones - R-click (Forward Lookup Zones) - New Zone Wizard
Next 3 - Zone name (iic.edu.kh) - next 2 - finish

=> After create forward zone => Must create the A record: it's used to point host name to ip address
-R-click (iic.edu.kh) => New Host (A) - Name (Host Name of server) Server1 - IP add (192.168.21.254)
-Add Host - ok - Done

b- Create Reverse zone: map ip to name

-R-click (Reverse Lookup Zone - News Zone - next 3- Network ID: 192.168.21)-Next 2 - finish

=> After create reverse zone => Must create PTR record: it's used to point ip address to hostname
-R-click (192.168.21.x Subnet) - News Pointer (PTR) - Host Ip number 254 - Browse (server1.iic.edu.kh)

3. Test DNS:
- C:/>nslookup

4. Tes Reverse Lookup zone
- > 192.168.20.7 =>Enter

5. Show DNS Zone:
- > set all

6.set debug - iic.edu.kh

-set q=any
yahoo.com
hotmail.com

Before test DNS in windows server 2008 => Must disable IPV6

=> this test is work for DNS, you can you DNS command: set q=any to query any domain name for
DNS record like: A, MX, CNAME record.... and NS record

=> this query is resolved by our local DNS Server that we just created.

- internet address = 64.4.20.174 => A Record(point name to IP)
- nameserver = ns2.msft.net => NS Record (point to DNS Server)

- mail exchanger = mx1.hotmail.com => MX Record (point to Mail Server)

- primary name server = ns1.msft.net
responsible mail addr = msnhst.microsoft.com
serial = 2010082401
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 2419200 (28 days)
default TTL = 3600 (1 hour)

=> All above are the SOA record (Start of Authority): used to refresh or retry the DNS Records

Build DHCP Server

Build DHCP Server (DHCP: Dynamic Host Configuration Protocol)

Autos apply Dynamic IP-Address to Client Network Card:
(IP-Address, Subnet mask, default getway, dns ..)
----------------------------------------------------
What DHCP?

=>There are two DHCP:
a.DHCP Server: Is the free IP-Adress storage center
b.DHCP Client: Take the Ip-Adress from DHCP server

=>There are 4 processing from DHCP Server to DHCP Client:
a.IP Lease Discover : Client request to DHCP server
for free IP-Address
b.IP Lease Offer : DHCP server control all IP-Adress
and send back the free IP-Address for client
c.IP Lease Request : Client select the Randomize of
the free IP-Address
d.IP Lease acknoledgment: DHCP server Accept with the Client select
of free IP-Address

----------------------------------------------------

1.Add DHCP Component:

=>Start - Programs - Administrative Tools - Manage Your Sever:
-Manage Your Server Roles - Add or remove a role
-Next - DHCP sever - Next (3) - Cancel - Finish .
(follow screen)

2.Create new Scope and set Server Option (Router & DNS IP):

=>Start - Programs - Administrative Tools -DHCP - R-Click (Host Name)
- New Scope - Next - Names: "DHCP for Office Admin, for ..... "
- Description: IIC University - Next :
.Start IP Address: xxx.xxx.xxx.xxx (192.168.168.1)
.End IP Address: xxx.xxx.xxx.xxx (192.168.168.254)
.Length: 24
.Subnet mask: Autos (255.255.255.0)

-Add: Exception IP

1. For Leader & IT Office
.Start IP Address: xxx.xxx.xxx.xxx (192.168.168.1)
.End IP Address: xxx.xxx.xxx.xxx (192.168.168.20)

2 For Server
.Start IP Address: xxx.xxx.xxx.xxx (192.168.168.161)
.End IP Address: xxx.xxx.xxx.xxx (192.168.168.170)

3 For Printer & Reserve ...
.Start IP Address: xxx.xxx.xxx.xxx (192.168.168.200)
.End IP Address: xxx.xxx.xxx.xxx (192.168.168.254)

-Next: (Expire Date) - Next(2) - Router (Default Gateway)

(192.168.1.1).

A. Domain Name and DNS Severs:
-Parent domain : "vithya.local"
-Server Name : "server1"
-IP address : "192.168.168.168" - Add (Resolve)
-IP address : "203.217.168.27" (ISP)

-Next

B. WINS Severs:
-Server Name : "server1"
-IP address : "192.168.168.168" - Add(Resolve)

-Next (2)- finish.
=>R-Click (server1.vithya.local[192.168.168.168]) - Authorize

3. DHCP Reservations : for dublicate Ip can used also.
=>R-Click (Reservations) - New Reservations
. Reservations Name : xxxx (DomainServer01)
. IP Address : (192.168.168.168)
. MAC address : (000000000000)
- DHCP only - Add .

4.Testing DHCP Server at User Computer:
-Log on to computer user - change TCP/IP to Optain IP Address Automatically
-Start => Run - cmd => c:ipconfig /all

=>To see it obtain IP from server or not
=>If not try command: c:\ipconfig /release and C:\ipconfig /renew

ISA Server 2006

1-Create Rule To Allow Internet Access for ISA and User

-----------------------------------------------------------------

-Open ISA Server => Array => Server name => Firewall Policy => Right-Click

=>News-Access Rule ... - Access rule name: Allow internet access for ISA

and Users => Action: Allow => All Outbound Traffice - From Source:

Local Host and Internal => Next => To Destination: External => Finish

=>Apply-Test Open internet both at ISA machine and User PC.

------------------------------------------------------------------------

2-Creat Rule to Block Yahoo Messanger

-Open ISA Server=> Array => Server Name => Firewall Policy => Right-click

=> New =>Access Rule... - Access rule name: Block yahooMSG => New

=> Choose the following:

-Protocol type : TCP

-Direction : Outbound

-Port Range : From: 5000 To: 5050

=2 Next => Finish => Expand User-Defined => Double click on protocol name:

Yahoo MSG => Close - from Source: interal => next => to Destination External

=>Finish =>Apply - Test Sign in yahoo messanger at User PC

------------------------------------------------------------------------

3- Creat Rule to Block User download software

-Open ISA Server => array => Server name => Firewall Policy => Right-click

=>New=>Access Rule... - Access rule name: Block download => Action: Allow

Outbound Traffic - From Source: Internet => Next => To Destination : External

=>Finish => Apply - Right-Click on this rule => Configure HTTP => Extension

Tab => Block specified extensions => Add file extensions you want to block :

"exe, bat, com, dll, ocx, cab, rar, zip, tar, pif, js, vbs, flv, swf ..."

-Test downloads software at User PC with allthesoft.com

------------------------------------------------------------------------

4- Creat Rule to Block URL website Google.com

-Open ISA Server => Array => Server Name => Firewall Policy => Right-click

-New => Access Rule ... - Access rule name: Block Google.com => Action: Deny

=> All Outbound Traffic - FROM Source: Internal => Next => To Destination :

Add => new => URL Set => Name: Google => Add: http://google.com => OK

=> Expand: URL Sets => Double click Google URL => Close => Finish

-Test open website google.com at User PC.

------------------------------------------------------------------------

5- Creat Rule to Block User IP

-Open ISA Server => Array => Server Name => Firewall Policy => Right-click

-New => Access Rule ... - Access rule name: Block User IP => Action: Deny

-All Outbound Traffic-From Source: Add =>New =>computer-Name:XP1 =>Computer

IP Address :10.0.0.5 - Expand Computer => Double click on XP1 - Close - next

-To Destination: External - Test open internet on User PC name XP1

------------------------------------------------------------------------

6- Creat Rule for restricted and unrestricted users

*For Restricted User rule:

-Open ISA Server => Array => Server Name => Firewall Policy => Right-click

-New => Access Rule ... - Access rule name: Restricted Users => Action: Allow

-Selected protocols -add-chose the protocols: HTTP, HTTPS, DNS, POP3, POP3S,

SMTP, SMTPS, Yahoo MSG

=>FROM Source: Internal - Next - To Destination: External - finish - Apply

-Right-Click on this rule - Configure HTTP - Extensions Tab

- Block Specification extensions - add file extensions you want to block:

exe, bat,com,dll, ocx, cab, rar, zip, tar, pif, js, vbs, flv, swf...

*For Unrestricted User rule:

-Open ISA Server => Array => Server Name => Firewall Policy => Right-click

-New => Access Rule ... - Access rule name: Unrestricted Users => Action: Allow

All Outbound Traffics

=>FROM Source: Add => New - Computer - name: ITPC - Computer IP Address :

10.0.0.10 -Expand computer - Double click on ITPC - close - next - To Destination:

External - Finish - Apply

=>Test Open internet both at IT Computer and User PC

------------------------------------------------------------------------

7- Bandwidth Splitter for ISA

*Install Software: bspliter2006.exe

-Open ISA Server => Array => Server Name => Expand Bandwidth Splitter-Right-

Click on Shaping Rule - new - rule - Shaping rule name: 64/128=> next - choose

"IP address sets specified below" => Add: Internal - next - Destination: External

=>2 next - choose "Shape incoming and outgoing trafic" - Incoming (kbits/s):64

and Outgoing(kbits/s): 128-next choose "Assign bandwidth individually to each

applicable user/ address"-next - finish - click Monitor to view who download

and where it gets address from ...

------------------------------------------------------------------------

8- Creat Rule to Block User IP Range

-Open ISA Server => Array => Server Name => Firewall Policy => Right-click

-New => Access Rule ... - Access rule name: Block User IP Range => Action: Deny

-All Outbound Traffic-From Source: Add =>New =>computer Set -Name:Accounting Range

=>Computer IP Address :10.0.0.2 -10.0.0.15 - Expand Computer => Double click

on Accounting Range - Close - next

=>To Destination: External

=>Test open internet on User PC Computer IP Address :10.0.0.2 -10.0.0.15

Work?

---------------------------------

=> Block Content:

-Right-click (Block User IP Range)-Properties- Content types- Selected content types ...

-Check HTML Documents, Text ... => ok

- Test open internet on Client Computer IP Address :10.0.0.16

---------------------------------

9- Restricted Internal Network to Other Web (facebook.com => iic.edu.kh):

-Open ISA Server => Array => Server Name => Firewall Policy => Right-click

-New => Access Rule ... - Access rule name: Deny Access facebook => Action: Deny

-All Outbound Traffic-From Source: Internal - next

-To Destination: new - URL set - name: facebook - new - http://*.facebook.com - ok

-add - facebook - 2 next - finish - Right-click (Firewall Policy "Deny Access facebook")

-properties- Action - Deny - Check (Redirect HTTP Re...) - http://www.iic.edu.kh - ok

-Test open internet on Client

---------------------------------

10- Setup VPN Server and Client :

=>Creat new group: VPN_Group and User: vpn_user1

-Open ISA Server => Array => Server Name => Virtual Private Networks( VPN ):

=> Step1: Configure address Assignment Methode and Enable VPN Clients:

-Click Add => Select Server Name

-Set private IP range: From 172.16.0.1 To 172.16.0.10 =>ok

-Click "Enable VPN Client Access" => 10

=> Step2: Specify Windows Users => Add Group: VPN_Group

=> Step3: Verify VPN Properties => Tick "Enable PPTP" =>Ok

Remote Access Config => Tick "External" =>Ok

=>Step4: View Firewall Policy for VPN Client Network:

-Right-click on Firewall Policy => New => Access Rule

-Access rule name: Allow VPN Users to access Internal => Action: Allow

-All Outbound Traffics - From Source: VPN Clients - next

-To Destination: Internal => Finish

=>Step5: View Network Rule:

-Creat new VPN Connection in user PC on the internet as below:

.Username:vpn_user1

.Password:123

.Gateway :192.168.1.253 (public IP of ISA WAN Interface)

-Test connect VPN on internet to dial to internal via ISA VPN on Client

IP-Cop:

----------------------------------------------

1.Enable Web-Proxylog to monitor Users

=>Click Menu Service - Advance Proxy - Tick " Enable on green"

and "Transparent on green" and "Log Enable" => Save & Restart

=>Test open website: yahoo.com, google.com

=>To see who is opening any website => click menu logs

=>Proxy logs in IPCop web interface

----------------------------------------------

2.Ban IP and MAC Address

=>Click Menu Service - Advance proxy - In the box: "ban IP address (on per line)"

-typ the IP of User computer that you want to block or in the box:

"banned MAC address (00:24:8C:E9:97:A6 "on per line")" => Type the MAC of user computer that you want to

block => save and restart

=> Test setup IP or MAC address same to the rule => Try to open website ....

****Note: if you want to avoide the rule, just add your IP in the box:

"Unrestrict IP address (one per line)" or "Unrestrict MAC address (one per line)"

---------------------------------------------

3.Block MIME Contents

http://www.utoronto.ca/web/htmldocs/book/book-3ed/appb/mimetype.html#arch

=>Click menu services - Advanced proxy =>at the "MIME type filter" => Tick "Enable"

-Type any application you want to block like:

.application/octet-streams (*.exe)

.application/zip

.application/x-tar

.application/rar

(google "MIME content" )

save & restart

=Test dowloads software...

------------------------------------------

4.Block or Ublock Outbound ports

=>Click Menu Sevices => Advanced Proxy => In the box "Allowed standard ports (one per line)"

-To block port:80 => Remove "80 #http" => Can not open any website

-To allow port:80 => Add "80 #http" => So that users can open any website

---------------------------------------------

5.Limit Download Sizes

=>Click Menu Sevices => Advanced Proxy => In the box "MAX download size (KB)" => Set 2000MB

and in the box: "MAX upload size (KB)" => Set 1000MB

*** Note: if you want to avoid the rule above =>mean NO Restrict (Unlimite download), just add

your IP in the box: "Unrestrict IP addresses (one per line)" or "Unrestricted MAC address (one per line)"

---------------------------------------------

6.Limit Internet Bandwidth

=>Click Menu Sevices => Traffic Shaping => Tick "Traffic Shaping" =>Downlink speed (kbit/sec)=256

and Uplink speed (kbit/sec) = 128 =>it means that users can only download with the speed 256 kbps

and upload speed 128 kbps.

---------------------------------------------

7.Allow only Firefox and IE User

=>Click Menu Sevices => Advanced Proxy =>Tick "Enable Browser check" => Tick "Firefox and IE"

=>So Only Firefox and IE user can browse the website, others can not.

---------------------------------------------

8.Block Website Facebook

=>Click Menu Sevices => URL FiLTER => in the box "block domain (one per line)" => Type website:

facebook.com => Tick "Enable custom blacklist"

=>Test Open Facebook.com

How to Set Goals When You Have No Idea What You Want

You’ve heard about the importance of goal setting; we all have. You know that people with written goals succeed, and you might have read all about achievement ambition goal.
The problem is, you don’t have any ambitious goals. You don’t have any goals at all. You’re not really sure what you want from life – maybe something a bit more than what you’ve currently got, but every time you try to write a list of goals, it seems like a futile exercise.

Here are four ways to identify the goals that you really want.

Relax Your Ideas on What “Goals” Mean
We often think that a “goal” has to be something big. Maybe you’ve got the impression that goals need to be about money, or success in some way that society has defined.

Relax! A “goal” is simply something which you’d like to do or achieve. It could be buying a house or a car, yes, but it could also be something which might matter to no-one in the world except you – perhaps your goal is to learn to bake cakes as good as the ones your grandma used to make.

Goals aren’t things that you feel you “should” do, and any good life coach will steer you away from goals that have been imposed upon you by other people.

Start With What You Enjoy
We all have natural interests and passions – things that we get really excited about (even though our friends and family might be bemused). Perhaps you absolutely love everything to do with baseball. Maybe you really enjoy playing the trombone. It could be anything!

Write down a list of five or ten things that you really enjoy. Is there a goal buried in any of them? Perhaps you’ve always had a desire to coach Little League. Maybe you’d really like to play your trombone in front of an audience (even though the idea scares you a bit).

What goals arise from your interests? How could your hobbies become part of something bigger and more meaningful in your life?

If That Doesn’t Work ... Think About What You Don’t Want

try writing a list of things you don’t want

I don’t want to be overweight

I don’t want to live a life without meaning

I don’t want a bad relationship with my partner (family/kids/etc)

I don’t want to work in a job I hate

I want to reach and maintain a healthy weight

I want to have a meaningful life

I want a good relationship with my partner (family/kids/etc)

I want to work in a job I love

Consider the Key Areas of Life
In the great book, The Success Principles, Jack Canfield suggests that there are seven areas where you should consider setting goals, and lists these categories as:
- Financial
- Job/career
- Physical health
- Relationships
- Personal development
- Community
If you’re still stuck in your goal-setting, go through these seven key areas. Do you have a gut feeling that any of them are lacking or out of balance in your life? Do any particular goals or ambitions come to mind?

You might find it a useful exercise to write down a score for how you feel you’re doing in each area (from 0-10, with 0 being “awful” and 10 being “perfect”). Look at the areas where you score low. What could you do to raise that score? What goals might you set?

Reference

http://www.dumblittleman.com/2009/09/how-to-set-goals-when-you-have-no-idea.html

វិធីប្រើប្រាស់ម្រុំជាឱសថព្យាបាលជំងឺ

វិធីប្រើប្រាស់ម្រុំជាឱសថព្យាបាលជំងឺ

https://docs.google.com/file/d/0B7E8ImPoOrbcVEZXb0hGd3R2V2M/edit

Subscribe to: Posts ( Atom )

Pages

How to Set Goals When You Have No Idea What You Want