Companies spend hundreds of millions of dollars on computer security. Unfortunately most of this expense is smoke and mirrors. They install security software and monitoring tools. Controls are document and reviewed on a regular basis (think Sarbanes Oxley and laugh if you are in the business). And all to what purpose? Mostly "Show and Tell" for internal Auditors and executives that have no idea of the real exposures they face. But it all looks good on paper.

Contrary to popular belief, these exposures do not have to be exploited by computer geniuses. Often, only a rudimentary understanding of a system or program will provide a wide open door to the company jewels. In fact, many security breaches are accomplished by computer literates. So before you authorize another million dollars on the latest and greatest security product, take a look at the simple stuff that shoots management in the foot every day.

You have strict standards for all Platforms and Operating systems. So what makes you think they are really followed? Oh, the auditors said they were.

Ask your staff if development systems are ever directly upgraded to production
systems. If they are (and I assure you many are) it is likely that one or more conditions exist:

• The developer still has administrative access to the operating system,Data Bases and Applications.

• Software was installed with the vendor Userid and Password and was never changed (first thing a hacker looks for)

• There are shared Userids and passwords still on the system that were used for testing
• Standard Operating System Parameters required for production were not set prior to development and programs will not work as developed if standards are turned on now.
• The system was developed using real customer data and that data is still sitting somewhere unprotected from developers.

Your Policy says that Sensitive and Confidential data must be secured. They show you the security they have in place to accomplish this.

Ask some direct questions:

• Do you know every place in the network that this data is stored (I assure you they do not - but there are $ways to find out)
• Can authorized people print it out and leave it around for anyone to see or copy?
• Can the same people attach this data to an Email and send it outside the network unencrypted? (Probably happens every day)
• Is any of this data on unsecured, unencrypted Laptops that can be lost or stolen?

What about Web Applications? Expect to be reassured that security on Routers, Firewalls, and Intrusion Appliances are strong and constantly monitored.

But when was the last time you:

• Conducted a Network Penetration Attack Study? (Outside parties such as Price Waterhouse Coopers or Ernst & Young will almost certainly identify serious oversights that should be corrected).
• Are the Web Applications themselves secure? Chances are that the code is not all that good and provides opportunities for malicious behavior (have high-risk application code reviewed.

Then there is my personal favorite; Passwords. Strict standards are adhered to. These are enforced by Network Software and we force password changes every thirty days. Impressive!

But not all passwords are changed every thirty days.

• System Support (the propeller heads) commonly use a single Userid and Password for multiple systems. Any intruder gaining access to these lists can rip through your network at will.
• Who keeps a list of these Userids and Passwords (I assure you there are many).
• Who has access to the directory and files where they are stored (make them show you the access list right then and there).
• Are the files encrypted? Not likely. (Remember, these Userid and Password are the keys to the kingdom).
• So when you fired the last System Administrator you changed all the Administrative Userid and Passwords? Not likely.

    Note: Log on Userids and Passwords are not sufficient for this level of access 

There is nothing here too "Techy" to be understood. If you can get control of these common problems you will have closed huge holes in your Information Security Program.

Old saying - If you can’t dazzle-um with your brilliance, baffle-um with your Bull S___. Don’t let-um do it to you!

The next thing you should do is attach a GPS emitter that will show you where your computer is in real time. You should attach one to the laptop chassis inside and another in the hard disk. This way if the thief gets the hard disk only he will still be tracked. Of course such technology is very expensive so what can you do? You can but a piece of software that will invisibly track your computer movement when the thief is using it and will send you emails of the computer location based on the IP of the computer.

Last but not least, you can always attach some very high noise device that will make an insane noise as soon as someone touches the computer and was not supposed to. You can find all this equipent on the internet. The device will make a sound as soon as someone turns the computer on and forgets to turn off the device. Very smart isn't it?

As you see if someone steals the wrong computer he will have a tough time trying to escape. Welcome to the digital era!

bacre is a new weapon to fight against the informatic plague that the viruses are. It protects your pc against viruses, trojans and bugs.

Active Virus Shield 6.0.0.308

Active Virus Shield is a free system, supported by AOL and based in the powerful antivirus engine of Kaspersky Labs. It is so simple that you can install, config and start using it in minutes.

AntiPharming 1.30

This application was created in order to prevent "Pharming". You can install it in your PC and it will check the websites that you visit and protect your PC against this recent-created activity.

Avast Home 4.8

Avast Home is a powerful, functional and well-known antivirus. It can detect a large list of viruses, trojans, bugs, rootkits and spywares. It also checks your PC with great efficiency, cleaning it in real time.

AVG Free Edition 8.0

Grisoft has recently created the new 8.0 AVG. This corporation says that this version has a lot of facilities and is much better than previous editions. Some of the innovations are a LinkScanner and a WebShield module.

Comodo AntiVirus 2.0 Beta

Altough this antivirus is free, it has a lot of advantages and good options. You can make 3 kinds of analysis: Fasts, Generals or periodics. It has automatic actualizations and support for e-mail analysis.

NOD32 Anti-Virus System

This is, perhaps, the best antivirus in the market, and you can get it for free here. It is one of the fastest and powerful antivirus. It also has automatic actualizations and it works in all versions of MS Windows.

Norton Antivirus 2008

Norton Internet Security is a complete set of security tools for your computer. You will have a full FireWall, internet privacity, e-mail scan, and many other useful applications. It is also one of the most known antivirus.

TrojanHunter 4.7

As its name says, it will defend your computer from Trojans. TrojanHunter checks the Registry files, memory and disk drives, to detect any trace of Trojan, including new Trojans.

Windows Defender 1593

Windows Defender is an utility with which you can easily remove spyware that have infiltrated your PC, while you are protected so that they do not 'enter' more, as do the antivirus software with viruses.

None of these services is an alternative to a virus protection program on your PC but it is always good to check and double check your system using sites like these if you have any concerns over the health of your computer.

You might have seen VirusTotal in the American edition of PC World Magazine s 100 Best Products of 2007. For those of you that didn't, Virus Total will scan the file you uploaded with 33 different virus scanners updated every few hours including AVG, avast! and McAfee. VirusTotal has no upload limit, but don't be surprised when a 200mb file takes half an hour to upload.

Jotti's Malware Scan

Jotti's Malware Scan is similar to VirusTotal, but it only has 20 virus scanners. But because of this Jotti's Malware Scan will be a little faster. However, the Malware Scan only accepts files less than 10 mb.

VirSCAN

This multi-engine scanner has three more scanners than VirusTotal, but it seems to take twice as long as VirusTotal and Jotti's Malware Scan. Not only that but it only has a 10mb upload limit. One feature that might be useful to some users is the ability to see how harmful or harmless an infected file may be (I personally get rid of an infected file if I see one).

That concludes this article, but remember that none of these scanners replaces a good antivirus client that is actually installed on your system. You can get some good free ones pretty easily here and here.

Pros: Recently just out of beta stage, Avast 4.8 now offers a built in anti spyware and anti rootkit now giving it better detection then it's previous version 4.7. It seems to me that 4.8 uses less resources, though the Avast development team says there should be no change in memory usage. Avast also has an automatic update feature. Also i might at that Avast has a faster scanner then previous versions. Avast has also added a new self defense feature which stops Avast from being shut down by malware.

Cons: Avast currently has no heuristics scanner besides it's email protection. I have heard a couple complaints from people saying they thought Avast was slowing down their Internet speeds, i have tested several times to see if i could encounter this same issue and i did not see any difference in my download speed with Avast.

AVG Anti Virus 8.0.1 (Free)

Pros: AVG has finally came out with a new version of AVG Anti Virus that now offers a built in anti spyware giving it too better detection of spyware. AVG 8 also seems to be a lighter anti virus on memory usage. The AVG developers have also added a new feature called "Link Scanner" which turns out to be a Web Shield detecting viruses that are actually embeded in websites. AVG 8 was one of the first anti viruses to detect the Alicia Keys myspace virus with Link Scanner.

Cons: This isn't to big of a con, but its updates download kind of slow. The heuristics engine is not that good on detecting unknown malware and viruses compared to Nod32 and others.

Avira Antivir Personal 8.1 (Free)

Pros: Avira Antivir offers a strong heuristic scanner to detect some of the newest and unknown malware and viruses based purely on the behavior. Avira also has a very fast virus scanner, they have also added an anti spyware feature to it's free version thus giving it too better detection of spyware and also better overall detection.

Cons: Myself and many others have come to the believe that Avira must put it's free version updates on some of the slowest servers, depending on the time of day it can take up to 3 minutes to even connect to the update server, even then it takes another 2 minutes to download the updates because the speeds tend to be around 2-7KBPS (this download speed could be an issue only with me and a couple others though). And it also has an annoying popup each time it updates asking you to purchase the premium version.

BitDefender Anti Virus 10 (Free)

Pros: BitDefender 10 has a very sophisticated heuristic engine which will detect new malware and viruses that other Anti Viruses can not detect. It's paid for version has hourly updates which is a great thing for an anti virus. Another really good thing that i believe is a pro is that BitDefender uses virus signatures and a heauristic engine to detect viruses, spyware, malware and trojans.

Cons: BitDefender 10 is only an on demand scanner meaning, it will NOT give you 24/7 protection from viruses, it will only detect what is already on your computer. I suggest it should only be used as a second virus scanner and not your only anti virus.

ClamWin Anti Virus 0.93 (Free)

Pros: ClamWin is an open source anti virus built by the open source community, it offers good detection of new and old viruses. ClamWin is built on ClamAV technology and has just recently reached 1 million signatures in it's database. ClamWin provides an automatic update feature that lets you know when your database is out of date and needs updated. It also has a nice feature that will allow you to scan your memory (processes that are currently running) for viruses and other infections.

Cons: ClamWin is only an on demand scanner meaning it will not detect if you download a infected file until you manually scan that file, just use it along with your every day real time anti virus.

Dr.Web Anti Virus 4.44 (Free)

Pros: Dr.Web Anti Virus is a very small anti virus with a very big punch, detecting some of the nastiest viruses in the wild to date. It is an on demand scanner for home use only, it also makes a great secondary virus scanner along with your real time protection anti virus. Dr.Web also has a fast scanner with low memory usage.

Cons: The only con i can really come up with at this time is that it is only an on demand scanner and will not protect you from viruses, only detect and remove them or even try to "cure" the infected file.

PCTools Anti Virus 4 (Free)

Pros: PCTools Anti Virus 4 offers realtime protection which will protect you from even being infected by alot of different viruses and types of spyware. It offers a good heuristic engine and also a signature based engine to compliment the heuristic engine, it also offers a very simple interface that even a new computer user would not have trouble with.

Cons: PCTools also is the owner of the famous "Spyware Doctor" Anti Spyware which used to be a great program till they started to turn it into bloatware that isnt as good as other anti spywares, why this is a con for their Anti Virus is because they could do the same to their Anti Virus and ruin another good thing. Right now it seems highly unlikely they are going to do any major changes to their anti virus which is good and bad, they also have a very slow scanner that takes a much longer time then alot of other anti viruses. (pro) But i know alot of people who say they like when they scanner takes longer because it could possibly mean it's doing a deeper scan.

Introduction

Having already covered physical presence intrusion, detection, monitoring, surveillance, logging and privacy issues and the reason why we sometimes need to take a step back and view the situation from another perspective it is time to continue our through the eyes of a machine view of physical security.

Naming Conventions

The planning of your naming conventions for infrastructure and other network devices and assets in a logical and meaningful way is an aspect of network infrastructure that is too often not given just due care and attention. One of the most important reasons as to why you should do this is simply “so things don't get out of hand”.

“Stay on top of your devices; don't let them get on top of you”, is a theme that you will come across many times in the world of security, communications and networking. And it all starts with names.

The question that I am going to challenge you with here is what does the following string mean “F1R4S2S3CCS29501425P11F”? Read on and all will become clear.

Why Names?

Because we are humans and humans like to give things names in order to make some sort of meaning out of the world around us. Take the Internet for example: we get from place to place on the Internet by using a naming convention known as the Domain Name System or DNS for short.

Domain Name System (DNS)

Think of it as a telephone book that lists a whole pile of “human friendly” names and matches them to corresponding Internet address or IP Addresses pretty much in the same way as the white pages telephone directory that we all have come to know over the years. We humans find it easier to think of names rather than numbers. It's just the way we are.

There is no doubt about it; computersight.com is definitely more manageable than 200.184.219.176 for example. No!! This is not the IP Address for computersight.com; I just made it up, so to whoever actually owns it I apologize if a whole bunch of people get a wrong number. I will be covering DNS in another article.

Building Your Own Naming Convention

When it comes to naming conventions the question I get asked most is “How do you do it?” By “it” the enquirer wants to know how I go about creating a naming convention. It's not really that hard and I will show you now one way in which you can begin to build your own structured secure naming conventions.

Breaking the problem down I have found that most people really only want to know one basic thing and then they are quite fine to finish the job on their own. It's the big question of “Where do I start?” The best way to answer this is by using an example; so here we go:

Defining the Situation

Suppose you have 4 domain controllers, 10 web servers, 6 routers, 20 high-end switches, 100 workgroup switches that use transparent bridging, 3 mail servers, 5 file servers, 2 database servers and untold numbers of workstations and peripherals.

The first question that pops into the minds of most people; including network administrators, especially those without experience of this type of situation is: “Naming and naming conventions, where do I start?”

Defining the Beginning

Well as stupid as it may at first sound, the answer is of course at the beginning.

Which brings us to “How do I find and define the beginning?”

In this case the beginning is a physical thing. This means that we will be able to construct our new naming convention based on physical properties. The reasons for doing this are partly for ease of reference and partly for solidarity.

Physical infrastructure and devices have a tendency to be relatively stable in terms of their outward physical characteristics and location. Routers and servers do not go on walk-about all of their own volition. Rack-mounted devices are even more unlikely to wander. The rack itself; if bolted to the floor and/or wall or ceiling also makes it hard for physical infrastructure and devices to wander.

So what are the types of physical characteristics that we can take advantage of to make our naming systems and conventions easier to create and administer?

Defining the Physical Basics

The first thing to do is; as mentioned above, bolt and lock all physical infrastructure and devices down securely. Once done this has been done you can be confident that they will remain where they are. You now have your starting-point; that is, you have now created a “center-of-the-universe” reference base at least for this network.

The next thing to do is to find suitable aspects and physical attributes of our devices that would be suitable to use in our new naming convention. The question that we need to ask ourselves at this point is “What attributes should I use and where do they fit into the big picture?”

Defining a Hierarchy

In the example that we are working with here we have a number of different classes and types of devices as well as a whole bunch of physical infrastructure components such as cabling, racks, shelves etc. We also have communications and networking devices including routers and switches. In addition they are a number of servers. So let's put them into some form of structured order.

Humans find it easiest to address and manage large numbers and large numbers of individual items when they are given some sort of structured order and when that structured order inherently defines the relationships between the individual units, groups of units and the entire system of units as a collective entity.

So let us build our naming convention on a device and physical location hierarchal structure. At the top of this hierarchy are the core and infrastructure components of our network. The next layer down will be the distribution devices and infrastructure and then comes the local and peripheral devices and infrastructure components.

The biggest distinguishing feature between all of these assets is the type of service(s) that they deliver. Never forget networking and communications are all about the delivery of services when requested.

Top Level Entities

The devices that will be placed at the top level of a physical naming convention are those components that house other components. In our scenario this means the racks, their shelves and slots. At this point our most pressing concern is with the identification of specific physical locations.

Creating a naming convention that has the built-in capabilities of locating a device without even knowing the type of device that is physically located at this site will deliver your first layer of physical level naming convention security and redundancy. We will add the more device specific attributes shortly.

So Rack number 4, Shelf number 2, Slot number 3 definitely and unambiguously defines a specific physical location within our network but let's face it. This is a clumsy cumbersome name but its meaning is clear. Our next task is to make this clear and precise name less unwieldy. We shall do this by using the age old technique of contraction.

Facility number 1, Rack number 4, Shelf number 2, Slot number 3 becomes: F1R4S2S3. Definitely a lot easier to use at a glance and for those in the “know” a very precise physical location has been defined. Yet those not in the “know” are going to start having difficulties figuring this out. Given time they just might.

So we are going to make their job of cracking our simply naming convention system a lot harder by adding some extra detail that will assist us in knowing that the device that is currently at any given physical location is in fact the device that is meant to be there.

In this example physical naming convention the label; or tag if you prefer, of F1R4S2S3 would most definitely allows us to identify and locate in a very short period of time any specific device that is housed in this facility without prior knowledge of the device or even what type of device it is.

You will also note; that in Table 1 Naming Convention Hierarchy (above), I have not used building or room numbers that may be displayed publically. Instead I used “F1” to mean facility one which could be located anywhere within your organisation's complex. The communications, networking and security staff will all know that the “F1” refers to major central facility one.

You could of course have called it “N1” indicating that it is networking center one. The reason that I have not done so in this example is because we are looking to the future and I do mean the very near future.

Unified Communications and Network Convergence

Unified communications and networking convergence mean that it won't be too long before there will be no really clear demarcation point between networking and communications devices and infrastructure. Devices will be capable of and actually performing both functions.

IP telephony (VoIP) enabled LANs technologies and rollouts also add more weight to this being the norm rather than the exception in the years to come. So we might as well start thinking about this now and design our naming conventions to suit. Anyway I think you will be able to come up with your own system now that you have the knowledge of how and where.

Adding the Detail

In our example naming convention we have started with the entity that contained the most other entities: The Facility. Then we used the next sub-entity which also contained many other entities but with fewer sub-entities than the parent: The Rack. Then came: The Shelf, followed by: The Slot. Table 1 above shows this and how a Top-Down hierarchal system such as this works in the practical sense.

It is important that at the moment it makes absolutely no difference is actually located at the physical location of F1R4S2S3. Simply going here will get you to the device currently located here. But is it the “right” device?

This is where the next part of our naming convention comes into play. From a physical security stand-point it would be nice if we could not only get to the correct location but identify the device that should be there and compare this with the device that is actually there. In other words; what we need is a naming convention with a built-in cross-check, cross-referencing system. Here is how this can be done.

Built-In Device Confirmation

We are going to take advantage of the physical naming and labeling systems used by the manufacturer of the device and work them into our naming convention in this way will be able to distinguish any specific device from among the hordes that we are administering. In this aspect “human friendly” is a must.

Don't get me wrong. I do not mean friendly to every human just those “in-the-know”. We really don't care how much confusion we create for those not “in-the-know” because we don't want them to know. This is where the art and experience of creating naming conventions lies.

Mixing Alpha-Numeric Characters

You have already seen part of the way that I use most often to do this by creating a naming convention that uses a mix of alpha-numeric characters. Pretty much like they say you should do when creating authentication passwords.

Here is where we get to the device specific element of our name. We could identify a Cisco® Catalyst 2950 switch for example by using CCS29501. Here the CCS = Cisco® Catalyst Switch, the 2950 tells us that it is a 2950 series model and the last 1 tells us that it is switch 1. Remember we may have a number of the same series devices so it is handy to be able to tell them apart. I usually just use the last three or four digits from the devices serial number.

If you wanted to identify a specific port then I would use the same port identification convention as the manufacturer. Once again most manufacturers including Cisco® print this information on the device either above, below or next to the actual port.

So our new device name using our new naming convention would be F1R4S2S3CCS29501425P11F. I will write this out in full and then I think you will have the basic idea of what we have just done.

F1 = Facility 1, R4 = Rack 4, S2 = Self 2, S3 = Slot 3, CCS29501425 = Cisco Catalyst Switch 2950 series unit 1425 and P11F = Port 11 of the Front module.

Depending on your specific situation you can change this to suit yourself and your situation as desired. Now that you know the meaning behind the naming convention F1R4S2S3CCS29501425P11F seems as plain as day.

To someone; not-in-the-know, this jumble of alpha numeric characters is really quite formidable. Most of the time; those with malicious intent would simply give up and not even try to decipher the meaning of this string of characters.

It is in this way that we can quickly locate specific resources and components of resources. If you now the device name you can quickly go to it and check to may sure that the correct peripheral in another building is plugged into the correct port.

Network Convergence Implications

This is becoming even more important considering the convergence of networking and communications technologies that we are seeing today. Now the network administrator is performing a lot of tasks that were once the providence of the telephone guy. Not so anymore.

Develop and Maintain a Naming Convention Policy

The final task will as always be to create thorough documentation as you go. On the other hand the development and implement of an appropriate Physical Naming Convention Policy would be the first thing that you would do.

Coming up in the Physical Security Guide series are the following topics and concepts:

• Labeling, Checklists and Label and Checklist System(s) Security
• Drilling, Rehearsal, Role Playing Scenarios and Proof-of-Concept Implementations
• Surviving an Audit and Surviving Users
• The Physically Static Nature of Core Network Infrastructure Components
• Physical Location and Placement of Wiring Closets, Infrastructure Cabling and Cabling in General
• Mission Critical Systems, Rack Mounted Systems and Servers

So until next time enjoy!!

1. New viruses are created everyday, for this reason you should make sure your operating system (whether it be Windows, Macintosh or any other system), these updates generally pop up onto your screen every now and again, because your computer automatically searches for them. Don't think, oh I can't be bothered to download this update and chose download later, download it now it is made to protect and improve your computer. The same thing applies for internet browsers (Firefox, Internet Explorer etc... ).
2. Make sure you have up to date anti-virus software. Anti-virus software will prevent viruses from entering your computer. I recommend Norton anti-virus but if you don't want to spend anything on Norton then the free version of AVG anti-virus is an excellent piece of software and can be downloaded from here. As soon as you have installed your anti-virus software, I recommend you run an immediate virus-scan of your computer. This will make sure your computer isn't already infected with a virus, if it is the virus will be destroyed. From then on I would advise scanning your computer for viruses every 2-3 months.
3. Get a firewall, you should already have one built into your operating system, but most of these are inadequate and easy for hackers and Trojan horses to get round. For this reason I suggest that you download Comodo firewall which is excellent and free, it can be downloaded from here. This will keep Trojan horses and hackers out of your computer, thus protecting your personal details.
4. This one is for windows users only, sorry to those of you on different operators. Running a windows OneCare safety scan will protect your computer, clean it up and increase its performance. These scans take an hour or two, but are well worth it and you can still use your computer whilst the scan is running. You can run a scan by clicking here.
5. Spybot search and destroy is an amazing piece of free software. It protects your computer from spyware, scans for spyware that may already be in your system and destroys any spyware it finds. You can download it from here. There are also tutorials describing how to use Spybot, on the website mentioned.

I hope you have enjoyed reading this article, if you decide to follow any of these steps. Your computer will be better protected from viruses; Trojan horses; hackers and spyware. These steps may also improve the performance of your computer. I will not be held responsible for any side effects that may occur from following this guide (I don't think there will be, but just in case).

1. Upgrade your windows:

   Upgrade your operating system to Windows XP Service Pack 2 (SP2). Windows SP2 provide better overall protection, this free update also adds the Security Center screen (go to Start/Control Panel/Security Center), where you can manage settings for firewall, antivirus, and other protection tools.

2. Use anti virus and anti spam software:

   You need better protection than a simple antivirus program. Install several firewall, antivirus pop-up blocking, and anti spyware and spam utilities. A firewall gives added protection from hackers by protecting your privacy and personal information. Update your security patches and antivirus regularly. Make sure your antivirus program is automatically scanning all incoming emails and attachments. Anti-spam software can automatically scan your email for spam before it gets to your Inbox, sending it to a junk email box instead.
   
   You can also use a full security suite that does it all, for example Symantec Norton Internet Security, McAfee Internet Security, Trend Micro Internet Security 2007, Zone Alarm Internet Security, and F-Secure Internet Security.
   
   Never go online with any computer before it has had anti-spam, antivirus and firewall protection installed. Without these system protections, your computer could be infected with viruses that are programmed to create gateways that relay spam to other email recipients.

3. Always disconnect:

   Don't forget to disconnect from the Internet and shut down your system. Spammers are usually seeking out and exploiting unprotected home computers with high-speed Internet connections.

4. Use different email address:

   Use separate email addresses for different online activities. Share your email address only with trusted personal and business contacts. If these email addresses become clogged with spam, delete it.
   
   Use a combination of letters and numbers as your email address. By choosing a more complex email address, you are making it more difficult for spammers to randomly discover and fill your email account using software.
   
   Use Yahoo or Google email to subscribe to newsletters, site registrations, mailing lists, etc. That way the bulk of your spam will be sent to your junk-mail account, where you can easily delete it. These free emails are also provides free antispam filter. If the anti-spam filter lets a junk email pass through, you can click the “This is spam” button on the toolbar.

5. Don't post your email address:

   Posting your email address will attract spam. Share your email addresses only with people you know. There are many softwares such as spiders, crawlers and bots that can help spammers to search the Internet for email addresses.

6. Don't respond:

   Never open, reply to or click on the "remove" or "unsubscribe" link in a spam message. These actions can confirm your email address, causing you to receive more spam. Similarly don't fill any forms or click links in the email.

7. Delete it:

   Don't try, don't buy, and don't reply. Never visit Web sites or buy anything advertised in a spam message. Spam is almost always a scam. Just delete it.

8. Never download unknown attachment:

   Never open attachments if you don't expecting them, or if it comes from someone you don't know. Spammers can use email accounts of others using spoofing technique. Email spoofing is a technique commonly used to hide the origin of an email message. By changing certain properties of the email, spammers can make the email appear to be from other user than the actual sender.

9. Protect your personal information:

   Beware if you receive a message suggests that there is an urgent need for you to provide personal information, such as your login name, passwords or even credit card numbers, often combined with the faked threat that your account will be blocked if you do not comply. Remember that companies will never contact customers in this manner. If you get an email that appears to be from your bank, and the bank requests that you contact it, call its customer service hotline. Be sure to use the customer service number posted on your bank's Web site, not one included in the email. Alternatively, you can send the bank an email, but always use a customer support address listed on your bank's site.

10. Clear your private data:

    It is a good idea to clear your private data in order to protect them, especially when you go online in public places. You can do this easily if you use firefox just click tools then clear private data, or just press ctrl+shift+del.