Security Publications
These documents can help you with everything from setting up your first computer to understanding the nuances of emerging threats. Also included are reports from US-CERT that summarize activity by month and quarter.
General Documents | Technical Documents | Monthly and Quarterly Reports
General Documents
These documents are designed to help understand the basics of using computers, the internet, and general cybersecurity information.
Securing Your Computer
- The Basics of Cloud Computing
Information on what cloud computing is, how it can help small businesses and home users, and possible security concerns. - Before You Connect a New Computer to the Internet
Tips for connecting a new (or newly upgraded) computer to the internet for the first time. For home users, students, small businesses, or any organizations with limited Information Technology (IT) support - Data Backup Options
This paper summarizes the pros, cons, and security considerations of backup options for critical personal and business data. - Disposing of Devices
Safely
The extra steps you need to take to "wipe" information from a computer, tablet, or other device before discarding it. - Governing for Enterprise Security
These web pages provide reports, presentations, and podcasts on how to manage security at the enterprise level. - Home Network Security
Information to help you use your home computer safely when you connect to the internet - Recognizing and Avoiding Email Scams
Introduction to what email scams are, how they work, and how to avoid them - Securing Your Web Browser
This paper will help you secure your web browser. - Small Office/Home Office Router Security
Information on home routers and how to increase your router security - Software License Agreements: Ignore at Your Own Risk
An overview of the risks computer users may incur by blindly agreeing to terms contained in software licensing agreements - Spyware
Overview of spyware and some practices to defend against it - Using Wireless Technology Securely
An overview of the risks associated with wireless technology and some practices for using it safely - Virus Basics
An introduction to viruses and ways to avoid them
Recovering from an Attack
- Recovering from a Trojan Horse or Virus
Steps for saving a computer and files after a machine has been infected with a Trojan Horse or virus.
General Internet Security
- The Risks of Using Portable Devices
Information on the risks of using portable devices and recommended practices for minimizing those risks. - Password Security, Protection, and Management
This paper offers recommendations for protecting your information by selecting strong passwords and storing and managing them safely. - Cyber Threats to Mobile Phones
This paper describes various cyber threats to smartphones and feature phones, describes some of the consequences of such attacks, and offers tips on protecting your mobile phone. - Understanding and Protecting Yourself Against Money Mule Schemes
This paper describes money mule schemes, explains some of the consequences, and offers tips to avoid becoming a victim. - Socializing
Securely: Using Social Networking Services
This paper describes some security risks associated with social networking services and offers tips to minimize these risks. - Understanding Voice over Internet Protocol (VoIP)
This paper provides an overview of VoIP and focuses primarily on security issues that may affect those new to this technology. - Banking Securely Online
This paper discusses risks associated with online banking and provides some practices for using it safely. - Playing it Safe: Avoiding Online Gaming Risks
This paper discusses technological and social risks associated with online gaming. - Protecting Aggregated Data
Discusses security issues, business impacts, and potential strategies for organizations that create and maintain large aggregations of data. - Introduction to Information Security
Basic concepts of internet security
Distributable Materials
- Protect Your
Workplace Campaign
Posters and a brochure that offer guidance for creating a secure workplace and for reporting cyber incidents - Cybersecurity: What Every CEO Should Be Asking
The top five questions every Chief Executive Officer should be asking when managing cyber risk at their company.
Technical Documents
These documents are designed for more technical users—those interested in the mechanics of cybersecurity threats.
- Technical Information Paper: Website Security
This TIP provides basic guidelines and security safeguard concepts that can be applied to public facing websites to reduce the attack surface area or mitigate the effects of a compromise. - Technical Information Paper: Fundamental Filtering of IPv6 Network Traffic
This TIP launches a series of IPv6 TIPs to assist network defenders with the security implications of IPv6 deployment. - Technical Information Paper: Coreflood Trojan Botnet
This TIP provides an overview of the Coreflood Trojan Botnet as well as mitigation strategies against this vulnerability-independent malware. - Technical Information Paper: System Integrity Best Practices
Recommendations for best practices to use to achieve system integrity through software authenticity and the assurance of user identity - Technical Information Paper: Cyber Threats to Mobile Devices
Introduces emerging threats likely to have a significant impact on mobile devices and their users - Practical Identification of SQL Injection Vulnerabilities
This paper provides concrete guidance for administrators using open source tools and techniques to identify SQL injection vulnerabilities. - SQL Injection
This paper discusses the Structured Query Language (SQL) injection attack technique and offers mitigation methods. - Combating Insider Threat
These web pages include surveys, case studies, podcasts, and more on mitigating insider threat. - Computer Forensics
Discusses the need for computer forensics to be practiced in an effective and legal way, outlines basic technical issues, and points to references for further reading. - The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0)
US-CERT has been alerted to an increase in distributed denial of service (DDoS) attacks using spoofed recursive DNS requests. These attacks are troublesome because all systems communicating over the internet need to allow DNS traffic. This paper provides information about configuring DNS servers to protect against this threat. - Malware Threats and Mitigation Strategies
Focuses on the rapidly growing problem of malicious code and provides organizations with best practice defense tactics. - Malware Tunneling in IPv6
Describes Malware Tunneling and how to manage attacks. - National Strategy to Secure Cyberspace
Engages and empowers Americans to secure the portions of cyberspace that they own, operate, control, or with which they interact. - Technical Trends in Phishing Attacks
Identifies technical capabilities behind phishing attacks, reviews trends, and discusses countermeasures. - DHS Cyber Security
Initiatives
Information sheets that describe some of the Department of Homeland Security's cyber security efforts
Monthly and Quarterly Reports
These reports summarize general activity, including updates to the National Cyber Awareness System.
- US-CERT Monthly Activity Summary - December 2012
- US-CERT Monthly Activity Summary - November 2012
- US-CERT Monthly Activity Summary - September 2012
- US-CERT Monthly Activity Summary - October 2012
- US-CERT Monthly Activity Summary - August 2012
- US-CERT Monthly Activity Summary - July 2012
- US-CERT Monthly Activity Summary - June 2012
- US-CERT Monthly Activity Summary - May 2012
- US-CERT Monthly Activity Summary - April 2012
- US-CERT Monthly Activity Summary - March 2012
- US-CERT Monthly Activity Summary - February 2012
- US-CERT Monthly Activity Summary - January 2012