The following documents are available from the US-CERT website.

Non-Technical Documents | Technical Documents | Monthly and Quarterly Reports

Non-Technical Documents

Securing Your Computer

• Ten Ways to Improve the Security of a New Computer
  Ten important things to make new computers more secure
• The Basics of Cloud Computing
  Information on what cloud computing is, how it can help small businesses and home users, and possible security concerns
• Small Office/Home Office Router Security
  Information on home routers and how to increase your router security
• Before You Connect a New Computer to the Internet
  
  • Tips for connecting a new (or newly upgraded) computer to the internet for the first time
  • For home users, students, small businesses, or any organizations with limited Information Technology (IT) support
• Governing for Enterprise Security
  These web pages provide reports, presentations, and podcasts on how to manage security at the enterprise level.
• Home Network Security
  Information to help you use your home computer safely when you connect to the internet
• Recognizing and Avoiding Email Scams
  Introduction to what email scams are, how they work, and how to avoid them
• Securing Your Web Browser
  This paper will help you secure your web browser.
• Software License Agreements: Ignore at Your Own Risk
  An overview of the risks computer users may incur by blindly agreeing to terms contained in software licensing agreements
• Spyware
  Overview of spyware and some practices to defend against it
• Using Wireless Technology Securely
  An overview of the risks associated with wireless technology and some practices for using it safely
• Virus Basics
  An introduction to viruses and ways to avoid them

Recovering from an Attack

• Recovering from a Trojan Horse or Virus
  Steps for saving a computer and files after a machine has been infected with a Trojan Horse or virus.

General Internet Security

• Cyber Threats to Mobile Phones
  This paper describes various cyber threats to smartphones and feature phones, describes some of the consequences of such attacks, and offers tips on protecting your mobile phone.
• Understanding and Protecting Yourself Against Money Mule Schemes
  This paper describes money mule schemes, explains some of the consequences, and offers tips to avoid becoming a victim.
• Socializing Securely: Using Social Networking Services
  This paper describes some security risks associated with social networking services and offers tips to minimize these risks.
• Understanding Voice over Internet Protocol (VoIP)
  This paper provides an overview of VoIP and focuses primarily on security issues that may affect those new to this technology.
• Banking Securely Online
  This paper discusses risks associated with online banking and provides some practices for using it safely.
• Playing it Safe: Avoiding Online Gaming Risks
  This paper discusses technological and social risks associated with online gaming.
• Protecting Aggregated Data
  Discusses security issues, business impacts, and potential strategies for organizations that create and maintain large aggregations of data.
• Introduction to Information Security
  Basic concepts of internet security

Distributable Materials

• Protect Your Workplace Campaign
  Posters and a brochure that offer guidance for creating a secure workplace and for reporting cyber incidents

Back to top

Technical Documents

• HP Printer Vulnerability
  Information about a vulnerability and mitigation techniques and best practices
• Technical Information Paper: Coreflood Trojan Botnet
  This TIP provides an overview of the Coreflood Trojan Botnet as well as mitigation strategies against this vulnerability-independent malware.
• Technical Information Paper: System Integrity Best Practices
  Recommendations for best practices to use to achieve system integrity through software authenticity and the assurance of user identity
• Technical Information Paper: Cyber Threats to Mobile Devices
  Introduces emerging threats likely to have a significant impact on mobile devices and their users
• SQL Injection
  This paper discusses the Structured Query Language (SQL) injection attack technique and offers mitigation methods.
• Combating Insider Threat
  These web pages include surveys, case studies, podcasts, and more on mitigating insider threat.
• Computer Forensics
  Discusses the need for computer forensics to be practiced in an effective and legal way, outlines basic technical issues, and points to references for further reading.
• The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0)
  US-CERT has been alerted to an increase in distributed denial of service (DDoS) attacks using spoofed recursive DNS requests. These attacks are troublesome because all systems communicating over the internet need to allow DNS traffic. This paper provides information about configuring DNS servers to protect against this threat.
• Malware Threats and Mitigation Strategies
  Focuses on the rapidly growing problem of malicious code and provides organizations with best practice defense tactics.
  May 16, 2005
• Malware Tunneling in IPv6
  Describes Malware Tunneling and how to manage attacks.
• National Strategy to Secure Cyberspace
  Engages and empowers Americans to secure the portions of cyberspace that they own, operate, control, or with which they interact.
• Technical Trends in Phishing Attacks
  Identifies technical capabilities behind phishing attacks, reviews trends, and discusses countermeasures.
• DHS Cyber Security Initiatives
  Information sheets that describe some of the Department of Homeland Security's cyber security efforts

Back to top

Monthly and Quarterly Reports

• US-CERT Monthly Activity Summary - December 2011
  December 2011
• US-CERT Monthly Activity Summary - November 2011
  November 2011
• US-CERT Monthly Activity Summary - October 2011
  October 2011
• US-CERT Monthly Activity Summary - September 2011
  September 2011
• US-CERT Monthly Activity Summary - August 2011
  August 2011
• US-CERT Monthly Activity Summary - July 2011
  July 2011
• US-CERT Monthly Activity Summary - June 2011
  June 2011
• US-CERT Monthly Activity Summary - May 2011
  May 2011
• US-CERT Monthly Activity Summary - April 2011
  April 2011
• US-CERT Monthly Activity Summary - March 2011
  March 2011
• US-CERT Monthly Activity Summary - February 2011
  February 2011
• US-CERT Monthly Activity Summary - January 2011
  January 2011

Report Archive ->

Back to top