US-CERT: Publications

The following documents are available from the US-CERT website.

Securing your computer | Recovering from an attack | General internet security | Distributable materials | Monthly and quarterly reports

Securing your computer

Before You Connect a New Computer to the Internet
- Tips for connecting a new (or newly upgraded) computer to the internet for the first time
- For home users, students, small businesses, or any organizations with limited Information Technology (IT) support
Governing for Enterprise Security
These web pages provide reports, presentations, and podcasts on how to manage security at the enterprise level

Home Network Security
Information to help you use your home computer safely when you connect to the internet

Recognizing and Avoiding Email Scams
Introduction to what email scams are, how they work, and how to avoid them

Software License Agreements: Ignore at Your Own Risk
An overview of the risks computer users may incur by blindly agreeing to terms contained in software licensing agreements

Spyware (non-technical)
Overview of spyware and some practices to defend against it

Using Wireless Technology Securely
An overview of the risks associated with wireless technology and some practices for using it safely
Virus Basics
An introduction to viruses and ways to avoid them

Recovering from an attack

Recovering from a Trojan Horse or Virus
Steps for saving a computer and files after a machine has been infected with a Trojan Horse or virus.

General internet security

SQL Injection
This paper discusses the Structured Query Language (SQL) injection attack technique and offers mitigation methods.
Understanding Voice over Internet Protocol (VoIP)
This paper provides an overview of VoIP and focuses primarily on security issues that may affect those new to this technology.
Banking Securely Online
This paper discusses risks associated with online banking and provides some practices for using it safely.

Playing it Safe: Avoiding Online Gaming Risks
This paper discusses technological and social risks associated with online gaming.

Combating Insider Threat
These web pages include surveys, case studies, podcasts, and more on mitigating insider threat

Computer Forensics
Discusses the need for computer forensics to be practiced in an effective and legal way, outlines basic technical issues, and points to references for further reading

The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0)
US-CERT has been alerted to an increase in distributed denial of service (DDoS) attacks using spoofed recursive DNS requests. These attacks are troublesome because all systems communicating over the internet need to allow DNS traffic. This paper provides information about configuring DNS servers to protect against this threat.
Malware Threats and Mitigation Strategies
A focus on the rapidly growing problem of malicious code and provides organizations with best practice defense tactics
May 16, 2005
Malware Tunneling in IPv6
Describes Malware Tunneling and how to manage attacks

National Strategy to Secure Cyberspace
Engages and empowers Americans to secure the portions of cyberspace that they own, operate, control, or with which they interact

Protecting Aggregated Data
Discusses security issues, business impacts, and potential strategies for organizations that create and maintain large aggregations of data