infojet
for AVPros
(srchddg)
(AVWthr1)
(AVWthr2) (AVWthr3) (AVWthr-METAR trend)
(Aviation -- METAR/TAF only)
FastAWS Links (Metars, Airmets, Sigmets, ProgCharts)
UTC/Zulu time
DuckDuck Go
DuckDuck Go
SpeedTest-Megapath
SpeedTest-Fast.com(netflix)
Google Internet Speed Test
Comcast Business Internet Speed Test
AT&T Internet Speed Test
Comcast Xfinity Internet Speed Test
AT&T Speed Tiers by service category (download/upload speeds)
Comcast/Xfinity Internet Speed Tiers by service category (download/upload speeds)
Start Options for USB/microSDHC computers
privacy policy
terms of use
Scan URL (urlscan.io)
(ttls)
25296
Commercial(webbot) TOP site visits by (.com,.net,.org) Domain Name(since JAN-1-2020)
as of 2021-04-16
sogou.com
,4163
googlebot.com
,1719
amazonaws.com
,1187
msn.com
,721
omnis.com
,605
googleusercontent.com
,357
cloudsystemnetworks.com
,173
tmodns.net
,128
pagething.com
,104
apple.com
,102
myvzw.com
,83
mycingular.net
,69
internet-census.org
,69
hwclouds-dns.com
,65
colocrossing.com
,61
vultr.com
,55
webnx.com
,36
h12-media.com
,35
google.com
,33
aspiegel.com
,27
kyivstar.net
,26
contaboserver.net
,24
ispsystem.net
,24
okitup.net
,24
dataprovider.com
,20
lipperhey.com
,19
onr.com
,17
duckduckgo.com
,16
007ac9.net
,15
linode.com
,14
dreamhost.com
,13
qwant.com
,12
sbcglobal.net
,11
sprious.com
,10
completel.net
,10
gthost.com
,10
secureserver.net
,9
quadranet.com
,9
rr.com
,9
jscriptsdev.com
,9
ip-167-114-175.net
,9
scaleway.com
,8
dnspure.com
,8
baidu.com
,8
directwebhost.org
,8
chinaunicom.com
,7
verizon.net
,7
datapacket.com
,7
spectrum.com
,7
secqin.com
,7
cdn77.com
,6
hostry.com
,6
onyphe.net
,6
nextconnex.net
,5
fbsv.net
,5
comdevelopment.com
,5
bluehost.com
,5
rima-tde.net
,5
totalplay.net
,5
ip-192-99-18.net
,5
netsystemsresearch.com
,5
jumpingroo.com
,4
scalabledns.com
,4
servebyte.com
,4
prcdn.net
,4
btcentralplus.com
,4
ColocationAmerica.com
,4
hostwindsdns.com
,4
web-hosting.com
,4
cargojet.com
,4
ip-144-217-190.net
,4
ip-51-79-111.net
,4
ovh.net
,4
inwitelecom.net
,3
ip-158-69-252.net
,3
puregig.net
,3
ip-167-114-124.net
,3
cantv.net
,3
wiredns.net
,3
zare.com
,3
domaincrawler.com
,3
clientshostname.com
,3
rootlayer.net
,3
rch003.net
,3
ip-167-114-172.net
,3
bitdefender.net
,2
coldhak.com
,2
cox.net
,2
mycdz.com
,2
skyeris.net
,2
ptklp.com
,2
websitewelcome.com
,2
example.com
,2
2com.net
,2
plus.net
,2
rederatural.com
,2
telia.com
,2
virginm.net
,2
ip-142-44-251.net
,2
startdedicated.com
,2
sonic.net
,2
hinet.net
,2
hostdime.com
,2
totinternet.net
,2
triolan.net
,2
ip-51-222-50.net
,2
hecombawatedly.com
,2
ip-142-44-138.net
,2
accesskenya.net
,2
ip-51-161-57.net
,2
Borealisbroadband.net
,2
uelockies.com
,2
ip-198-245-49.net
,2
prismwebnets.com
,2
ip-167-114-150.net
,2
cipherwave.net
,2
ip-51-79-116.net
,2
hidehost.net
,2
ip-167-114-90.net
,2
lagranfrancia.com
,2
glesys.net
,2
fasternetwork.com
,2
ip-51-222-43.net
,2
group-ib.com
,2
ip-51-222-151.net
,2
kpn.net
,2
contabo.net
,2
hargray.net
,1
ipvnow.com
,1
nephosdns.com
,1
rcncustomer.com
,1
serverhotell.net
,1
telkomsa.net
,1
superonline.net
,1
as13285.net
,1
avast.com
,1
ip-192-99-225.net
,1
cloudradium.com
,1
linuxpl.com
,1
rogers.com
,1
metronethn.com
,1
64m.org
,1
telecom-solution.com
,1
ip-192-95-29.net
,1
ip-66-70-203.net
,1
cloudedic.net
,1
xo.net
,1
luisgermano.com
,1
cavtel.net
,1
ip-142-4-195.net
,1
silverstar.com
,1
InterCable.net
,1
abilitybusinesscomputing.com
,1
sciencescores.com
,1
airtelkenya.com
,1
foundationapi.com
,1
i3d.net
,1
protedtmailsrv22.com
,1
edns1.com
,1
i-tera.com
,1
tangobacchus.com
,1
m247.com
,1
othush.com
,1
eu.org
,1
fex.net
,1
appliedprivacy.net
,1
dnsserverboot.com
,1
volia.net
,1
lockingall.com
,1
promocloud.net
,1
2i3.net
,1
dsci-net.com
,1
online.net
,1
opera-mini.net
,1
pldt.net
,1
ip-51-161-120.net
,1
h0sted.net
,1
torservers.net
,1
as42926.net
,1
dslextreme.com
,1
datection.net
,1
ricetell.com
,1
bhn.net
,1
tedata.net
,1
vuhuv.com
,1
free-face-sitting.com
,1
sitting.com
,1
royal-watches.com
,1
246.net
,1
serverastra.com
,1
azimut-r.net
,1
proxad.net
,1
svea.net
,1
mivocloud.com
,1
keff.org
,1
webhop.net
,1
no-reverse-dns-configured.com
,1
quintex.com
,1
qwest.net
,1
serveroffer.net
,1
cloudlinkd.com
,1
idknet.com
,1
turk.net
,1
windstream.net
,1
gtt.net
,1
aglyptrutivin.com
,1
myaisfibre.com
,1
cosmoyard.com
,1
(lines in domain name file)
10477
sogou.com
,4163 (39.7% of visits)
googlebot.com
,1719 (16.4% of visits)
amazonaws.com
,1187 (11.3% of visits)
msn.com
,721 (6.9% of visits)
omnis.com
,605 (5.8% of visits)
googleusercontent.com
,357 (3.4% of visits)
cloudsystemnetworks.com
,173 (1.7% of visits)
tmodns.net
,128 (1.2% of visits)
pagething.com
,104 (1% of visits)
apple.com
,102 (1% of visits)
myvzw.com
,83 (0.8% of visits)
mycingular.net
,69 (0.7% of visits)
internet-census.org
,69 (0.7% of visits)
hwclouds-dns.com
,65 (0.6% of visits)
colocrossing.com
,61 (0.6% of visits)
vultr.com
,55 (0.5% of visits)
webnx.com
,36 (0.3% of visits)
h12-media.com
,35 (0.3% of visits)
google.com
,33 (0.3% of visits)
aspiegel.com
,27 (0.3% of visits)
kyivstar.net
,26 (0.2% of visits)
contaboserver.net
,24 (0.2% of visits)
ispsystem.net
,24 (0.2% of visits)
okitup.net
,24 (0.2% of visits)
dataprovider.com
,20 (0.2% of visits)
lipperhey.com
,19 (0.2% of visits)
onr.com
,17 (0.2% of visits)
duckduckgo.com
,16 (0.2% of visits)
007ac9.net
,15 (0.1% of visits)
linode.com
,14 (0.1% of visits)
dreamhost.com
,13 (0.1% of visits)
qwant.com
,12 (0.1% of visits)
sbcglobal.net
,11 (0.1% of visits)
sprious.com
,10 (0.1% of visits)
completel.net
,10 (0.1% of visits)
gthost.com
,10 (0.1% of visits)
secureserver.net
,9 (0.1% of visits)
quadranet.com
,9 (0.1% of visits)
rr.com
,9 (0.1% of visits)
jscriptsdev.com
,9 (0.1% of visits)
ip-167-114-175.net
,9 (0.1% of visits)
scaleway.com
,8 (0.1% of visits)
dnspure.com
,8 (0.1% of visits)
baidu.com
,8 (0.1% of visits)
directwebhost.org
,8 (0.1% of visits)
chinaunicom.com
,7 (0.1% of visits)
verizon.net
,7 (0.1% of visits)
datapacket.com
,7 (0.1% of visits)
spectrum.com
,7 (0.1% of visits)
secqin.com
,7 (0.1% of visits)
cdn77.com
,6 (0.1% of visits)
hostry.com
,6 (0.1% of visits)
onyphe.net
,6 (0.1% of visits)
nextconnex.net
,5 (0% of visits)
fbsv.net
,5 (0% of visits)
comdevelopment.com
,5 (0% of visits)
bluehost.com
,5 (0% of visits)
rima-tde.net
,5 (0% of visits)
totalplay.net
,5 (0% of visits)
ip-192-99-18.net
,5 (0% of visits)
netsystemsresearch.com
,5 (0% of visits)
jumpingroo.com
,4 (0% of visits)
scalabledns.com
,4 (0% of visits)
servebyte.com
,4 (0% of visits)
prcdn.net
,4 (0% of visits)
btcentralplus.com
,4 (0% of visits)
ColocationAmerica.com
,4 (0% of visits)
hostwindsdns.com
,4 (0% of visits)
web-hosting.com
,4 (0% of visits)
cargojet.com
,4 (0% of visits)
ip-144-217-190.net
,4 (0% of visits)
ip-51-79-111.net
,4 (0% of visits)
ovh.net
,4 (0% of visits)
inwitelecom.net
,3 (0% of visits)
ip-158-69-252.net
,3 (0% of visits)
puregig.net
,3 (0% of visits)
ip-167-114-124.net
,3 (0% of visits)
cantv.net
,3 (0% of visits)
wiredns.net
,3 (0% of visits)
zare.com
,3 (0% of visits)
domaincrawler.com
,3 (0% of visits)
clientshostname.com
,3 (0% of visits)
rootlayer.net
,3 (0% of visits)
rch003.net
,3 (0% of visits)
ip-167-114-172.net
,3 (0% of visits)
bitdefender.net
,2 (0% of visits)
coldhak.com
,2 (0% of visits)
cox.net
,2 (0% of visits)
mycdz.com
,2 (0% of visits)
skyeris.net
,2 (0% of visits)
ptklp.com
,2 (0% of visits)
websitewelcome.com
,2 (0% of visits)
example.com
,2 (0% of visits)
2com.net
,2 (0% of visits)
plus.net
,2 (0% of visits)
rederatural.com
,2 (0% of visits)
telia.com
,2 (0% of visits)
virginm.net
,2 (0% of visits)
ip-142-44-251.net
,2 (0% of visits)
startdedicated.com
,2 (0% of visits)
sonic.net
,2 (0% of visits)
hinet.net
,2 (0% of visits)
hostdime.com
,2 (0% of visits)
totinternet.net
,2 (0% of visits)
triolan.net
,2 (0% of visits)
ip-51-222-50.net
,2 (0% of visits)
hecombawatedly.com
,2 (0% of visits)
ip-142-44-138.net
,2 (0% of visits)
accesskenya.net
,2 (0% of visits)
ip-51-161-57.net
,2 (0% of visits)
Borealisbroadband.net
,2 (0% of visits)
uelockies.com
,2 (0% of visits)
ip-198-245-49.net
,2 (0% of visits)
prismwebnets.com
,2 (0% of visits)
ip-167-114-150.net
,2 (0% of visits)
cipherwave.net
,2 (0% of visits)
ip-51-79-116.net
,2 (0% of visits)
hidehost.net
,2 (0% of visits)
ip-167-114-90.net
,2 (0% of visits)
lagranfrancia.com
,2 (0% of visits)
glesys.net
,2 (0% of visits)
fasternetwork.com
,2 (0% of visits)
ip-51-222-43.net
,2 (0% of visits)
group-ib.com
,2 (0% of visits)
ip-51-222-151.net
,2 (0% of visits)
kpn.net
,2 (0% of visits)
contabo.net
,2 (0% of visits)
hargray.net
,1 (0% of visits)
ipvnow.com
,1 (0% of visits)
nephosdns.com
,1 (0% of visits)
rcncustomer.com
,1 (0% of visits)
serverhotell.net
,1 (0% of visits)
telkomsa.net
,1 (0% of visits)
superonline.net
,1 (0% of visits)
as13285.net
,1 (0% of visits)
avast.com
,1 (0% of visits)
ip-192-99-225.net
,1 (0% of visits)
cloudradium.com
,1 (0% of visits)
linuxpl.com
,1 (0% of visits)
rogers.com
,1 (0% of visits)
metronethn.com
,1 (0% of visits)
64m.org
,1 (0% of visits)
telecom-solution.com
,1 (0% of visits)
ip-192-95-29.net
,1 (0% of visits)
ip-66-70-203.net
,1 (0% of visits)
cloudedic.net
,1 (0% of visits)
xo.net
,1 (0% of visits)
luisgermano.com
,1 (0% of visits)
cavtel.net
,1 (0% of visits)
ip-142-4-195.net
,1 (0% of visits)
silverstar.com
,1 (0% of visits)
InterCable.net
,1 (0% of visits)
abilitybusinesscomputing.com
,1 (0% of visits)
sciencescores.com
,1 (0% of visits)
airtelkenya.com
,1 (0% of visits)
foundationapi.com
,1 (0% of visits)
i3d.net
,1 (0% of visits)
protedtmailsrv22.com
,1 (0% of visits)
edns1.com
,1 (0% of visits)
i-tera.com
,1 (0% of visits)
tangobacchus.com
,1 (0% of visits)
m247.com
,1 (0% of visits)
othush.com
,1 (0% of visits)
eu.org
,1 (0% of visits)
fex.net
,1 (0% of visits)
appliedprivacy.net
,1 (0% of visits)
dnsserverboot.com
,1 (0% of visits)
volia.net
,1 (0% of visits)
lockingall.com
,1 (0% of visits)
promocloud.net
,1 (0% of visits)
2i3.net
,1 (0% of visits)
dsci-net.com
,1 (0% of visits)
online.net
,1 (0% of visits)
opera-mini.net
,1 (0% of visits)
pldt.net
,1 (0% of visits)
ip-51-161-120.net
,1 (0% of visits)
h0sted.net
,1 (0% of visits)
torservers.net
,1 (0% of visits)
as42926.net
,1 (0% of visits)
dslextreme.com
,1 (0% of visits)
datection.net
,1 (0% of visits)
ricetell.com
,1 (0% of visits)
bhn.net
,1 (0% of visits)
tedata.net
,1 (0% of visits)
vuhuv.com
,1 (0% of visits)
free-face-sitting.com
,1 (0% of visits)
sitting.com
,1 (0% of visits)
royal-watches.com
,1 (0% of visits)
246.net
,1 (0% of visits)
serverastra.com
,1 (0% of visits)
azimut-r.net
,1 (0% of visits)
proxad.net
,1 (0% of visits)
svea.net
,1 (0% of visits)
mivocloud.com
,1 (0% of visits)
keff.org
,1 (0% of visits)
webhop.net
,1 (0% of visits)
no-reverse-dns-configured.com
,1 (0% of visits)
quintex.com
,1 (0% of visits)
qwest.net
,1 (0% of visits)
serveroffer.net
,1 (0% of visits)
cloudlinkd.com
,1 (0% of visits)
idknet.com
,1 (0% of visits)
turk.net
,1 (0% of visits)
windstream.net
,1 (0% of visits)
gtt.net
,1 (0% of visits)
aglyptrutivin.com
,1 (0% of visits)
myaisfibre.com
,1 (0% of visits)
cosmoyard.com
,1 (0% of visits)
Webbot/Spiders (A-Z list)
007ac9.net
,15
246.net
,1
2com.net
,2
2i3.net
,1
64m.org
,1
Borealisbroadband.net
,2
ColocationAmerica.com
,4
InterCable.net
,1
abilitybusinesscomputing.com
,1
accesskenya.net
,2
aglyptrutivin.com
,1
airtelkenya.com
,1
amazonaws.com
,1187
apple.com
,102
appliedprivacy.net
,1
as13285.net
,1
as42926.net
,1
aspiegel.com
,27
avast.com
,1
azimut-r.net
,1
baidu.com
,8
bhn.net
,1
bitdefender.net
,2
bluehost.com
,5
btcentralplus.com
,4
cantv.net
,3
cargojet.com
,4
cavtel.net
,1
cdn77.com
,6
chinaunicom.com
,7
cipherwave.net
,2
clientshostname.com
,3
cloudedic.net
,1
cloudlinkd.com
,1
cloudradium.com
,1
cloudsystemnetworks.com
,173
coldhak.com
,2
colocrossing.com
,61
comdevelopment.com
,5
completel.net
,10
contabo.net
,2
contaboserver.net
,24
cosmoyard.com
,1
cox.net
,2
datapacket.com
,7
dataprovider.com
,20
datection.net
,1
directwebhost.org
,8
dnspure.com
,8
dnsserverboot.com
,1
domaincrawler.com
,3
dreamhost.com
,13
dsci-net.com
,1
dslextreme.com
,1
duckduckgo.com
,16
edns1.com
,1
eu.org
,1
example.com
,2
fasternetwork.com
,2
fbsv.net
,5
fex.net
,1
foundationapi.com
,1
free-face-sitting.com
,1
glesys.net
,2
google.com
,33
googlebot.com
,1719
googleusercontent.com
,357
group-ib.com
,2
gthost.com
,10
gtt.net
,1
h0sted.net
,1
h12-media.com
,35
hargray.net
,1
hecombawatedly.com
,2
hidehost.net
,2
hinet.net
,2
hostdime.com
,2
hostry.com
,6
hostwindsdns.com
,4
hwclouds-dns.com
,65
i-tera.com
,1
i3d.net
,1
idknet.com
,1
internet-census.org
,69
inwitelecom.net
,3
ip-142-4-195.net
,1
ip-142-44-138.net
,2
ip-142-44-251.net
,2
ip-144-217-190.net
,4
ip-158-69-252.net
,3
ip-167-114-124.net
,3
ip-167-114-150.net
,2
ip-167-114-172.net
,3
ip-167-114-175.net
,9
ip-167-114-90.net
,2
ip-192-95-29.net
,1
ip-192-99-18.net
,5
ip-192-99-225.net
,1
ip-198-245-49.net
,2
ip-51-161-120.net
,1
ip-51-161-57.net
,2
ip-51-222-151.net
,2
ip-51-222-43.net
,2
ip-51-222-50.net
,2
ip-51-79-111.net
,4
ip-51-79-116.net
,2
ip-66-70-203.net
,1
ipvnow.com
,1
ispsystem.net
,24
jscriptsdev.com
,9
jumpingroo.com
,4
keff.org
,1
kpn.net
,2
kyivstar.net
,26
lagranfrancia.com
,2
linode.com
,14
linuxpl.com
,1
lipperhey.com
,19
lockingall.com
,1
luisgermano.com
,1
m247.com
,1
metronethn.com
,1
mivocloud.com
,1
msn.com
,721
myaisfibre.com
,1
mycdz.com
,2
mycingular.net
,69
myvzw.com
,83
nephosdns.com
,1
netsystemsresearch.com
,5
nextconnex.net
,5
no-reverse-dns-configured.com
,1
okitup.net
,24
omnis.com
,605
online.net
,1
onr.com
,17
onyphe.net
,6
opera-mini.net
,1
othush.com
,1
ovh.net
,4
pagething.com
,104
pldt.net
,1
plus.net
,2
prcdn.net
,4
prismwebnets.com
,2
promocloud.net
,1
protedtmailsrv22.com
,1
proxad.net
,1
ptklp.com
,2
puregig.net
,3
quadranet.com
,9
quintex.com
,1
qwant.com
,12
qwest.net
,1
rch003.net
,3
rcncustomer.com
,1
rederatural.com
,2
ricetell.com
,1
rima-tde.net
,5
rogers.com
,1
rootlayer.net
,3
royal-watches.com
,1
rr.com
,9
sbcglobal.net
,11
scalabledns.com
,4
scaleway.com
,8
sciencescores.com
,1
secqin.com
,7
secureserver.net
,9
servebyte.com
,4
serverastra.com
,1
serverhotell.net
,1
serveroffer.net
,1
silverstar.com
,1
sitting.com
,1
skyeris.net
,2
sogou.com
,4163
sonic.net
,2
spectrum.com
,7
sprious.com
,10
startdedicated.com
,2
superonline.net
,1
svea.net
,1
tangobacchus.com
,1
tedata.net
,1
telecom-solution.com
,1
telia.com
,2
telkomsa.net
,1
tmodns.net
,128
torservers.net
,1
totalplay.net
,5
totinternet.net
,2
triolan.net
,2
turk.net
,1
uelockies.com
,2
verizon.net
,7
virginm.net
,2
volia.net
,1
vuhuv.com
,1
vultr.com
,55
web-hosting.com
,4
webhop.net
,1
webnx.com
,36
websitewelcome.com
,2
windstream.net
,1
wiredns.net
,3
xo.net
,1
zare.com
,3
Webbot visits to Infojet.org since 1-JAN-2020
Webbot visits to Infojet.org since 1-JAN-2020
Small Business CyberSecurity 3-step Fast-List:
(1) Business Continuity Plan and BACKUPs(ENCRYPTED)-- Have malware-free backups of encrypted data ready to maintain operations after a cyber-event. Have a ready-to-go Business continuity plan. Your business continuity plan should be ready to snap into place to keep business operating without interuption.)
(2) UPDATEs-- Automatically update and automatically encrypt all hardware and software. Only use Apple or Chrome computers if possible. Ensure full encryption is used on all data in all phases (in-transit, in-storage, in-memmory).
(3) TRAINING-- Train yourself and all staff to never click on any links in any type of messages (emails, instant messages, text messages, etc.) or on any attachments in any messages. When reading messages, put your hands behind your back and only view, but not touch, any messages, or you will be fired!!
Cyber security resouces:
NIST Cybersecurity Framework
CISA Cyber Essentials
Checklist from your cyberinsurance provider (AIG has a 40 item checklist)
FINRA's cyber security checklist for small business
IRS's Safeguarding Taxpayer Data cybersecurity checklist (pub. 4557) & pub 5293
NIST Small Business Information Security
NIST Small Business Cybersecurity Corner
If your business is planning to operate 100% offsite, in the cloud, such as a tax firm running Chromebooks, Google Workspace and Intuit ProConnect, your number one priority will be to control access to your cloud resources through strict user and device management.
Most cybersecurity checklists are far too long, too detailed and too full of confusing jargon for most small businesses to successfully implement or implement in a timely manner. Because of these factors as well as the time and cost to fully implement a comprehensive cybersecurity program, many small businesses feel overwhelmed and do almost nothing (except for activating automatic updates on software) hoping they will not get hit.
Your small business will likely experience a cyber-event of some type in the future. Just make sure all of your systems are (1) automatically updated, (2) have a malware-free backup system ready to snap into place to keep your business going and (3) ensure all data is encrypted with the highest level of encryption available (AES-256) so you can assure affected parties that any data lost from a cyber event cannot by viewed cyber invaders (If the cyber invaders have your data but do not have your encryption key, they cannot view your data. Currently, AES-256 encryption would take hundreds of years to break with today's computing resources.).
Cyber Review (Traveler's Insurance)
CyberSecurity Videos (Traveler's CyberInsurance)
6 Basic foundations for a Secure Network:
CIS Control 1:
Identify and Control of Hardware Assets (Are only authorized devices allowed to connect to network?)
CIS Control 2:
List and Control of Software Assets (Are only authorized software programs run on the network?)
CIS Control 3:
Continuously Assess for & Eliminate Network Vulnerabilities (Is the network checked & cleaned of vulnerabilities?)
CIS Control 4:
Are Administrative Privileges controlled and monitored (Are only the bare minimal administrative rights granted to perform tasks?)
CIS Control 5:
Secure configuration of network devices (Are network devices securely configured? Are device manufacturers' default settings changed to secure settings?) (secure benchmark refs: CIS, NIST NCP)
CIS Control 6:
Monitor, Analyze and Maintain network logs (Are network logs analyzed, monitored, maintained and checked for integrity for later investigation to understand current or potential cyber attacks?)
Key Cybersecurity Resources (for planning for and creating a secure operation-source for cybersecurity frameworks):
Center for Internet Security (CIS)
NIST Cybersecurity Framework(Identify, Protect, Detect, Respond, Recover)
References for CyberAlerts/CyberEvents:
CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
US-CERT
NSA Cybersecurity Advisories
MITRE Attack Framework (displays attacker techniques)
Federal Communications Commission (FCC) Cyberplanner
Federal Trade Commission (FTC) Cybersecurity for Small Business
IRS Security Nine (FAT BET VUR):
(1) Firewall
(2) Anti-malware
(3) Two-Factor Authentication for all accounts (Online tax software, MS 365, Google Workspace, etc.)
(4) Backups of data to a secured location offnetwork or in the cloud secured with two-factor authentication. Practice restoring your backups to a live environment to ensure your data is actually fully restored.
(5) Encryption of all data and devices (use 7zip to encrypt data and store in external drive or encrypted cloud storage like Google Drive in Google Workspace (Enterprise edition)
(6) Training for all staff and decision makers, have data confidentiality and data security agreement policy on logon screen so staff see it and agree to it at each logon.
(7) Virtual Private Network (VPN) connection to the internet (use ProtonVPN)
(8) Update everything automatically
(9) Review ALL Terms of Use agreements with any online service that will handle entity data, (for incidents, Recover and Report) (3-step incident response plan: Identify, Assess, Recover/Report)
IRS Data Security Plan required by the Federal Trade Commission (FTC) Safeguards Rule:
FTC Safeguaurds Rule
Complying with the FTC Safeguards Rule
CISA 1-page Ransomware Fast Tips
CISA Cybersecurity planning questions/table top exercises
US Secret Service Cybersecurity planning guides
CISA Resources (Cyber Self-Assessments)
CISA Incident Reporting Form (for Federal Information Security Modernization Act of 2014 (44 USC 3552), FISMA related incidents and violations)
The Federal Information Security Modernization Act of 2014 (FISMA) defines incident as an occurrence that (A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
Notification Requirement
Agencies must report information security incidents, where the confidentiality, integrity, or availability of a federal information system of a civilian Executive Branch agency is potentially compromised, to the NCCIC/US-CERT with the required data elements, as well as any other available information, within one hour of being identified by the agency’s top-level Computer Security Incident Response Team (CSIRT), Security Operations Center (SOC), or information technology department. In some cases, it may not be feasible to have complete and validated information for the section below (Submitting Incident Notifications) prior to reporting. Agencies should provide their best estimate at the time of notification and report updated information as it becomes available. Events that have been found by the reporting agency not to impact confidentiality, integrity or availability may be reported voluntarily to US-CERT; however, they may not be included in the FISMA Annual Report to Congress.
In 1986, theUnited States Congress enacted the Computer Fraud and Abuse Act (CFAA), as an amendment to18 U.S.C. 1030. The CFAA has since been amended multiple times to address advancements in technologyand cybercrime. The CFAA criminalizes knowingly accessing a computer without authorization, obtainingprotected information, with the intent to defraud, intentionally causing unauthorized damage to a protectedcomputer, knowingly and with intent to defraud trafficking in passwords or access information, and extortioninvolving computers.
Small business Cybersecurity Road Map, one-page poster/cartoon (CISA)
CISA Small Business Cyberessentials
CISA Small Business Cyberessentials Starter kit
CISA Small Business Cyberessentials Starter Kit, by Chapter
CISA CyberEssentials Fast List
Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements:
Yourself
You, as leader of your organization are an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to drive cybersecurity strategy, investment and culture.
Actions For Leaders
- Lead investment in basic cybersecurity.
- Determine how much of your organization's operations are dependent on IT.
- Build a network of trusted relationships with sector partners and government agencies for access to timely cyber threat information.
- Approach cyber as a business risk.
Action to Take in Consultation with IT
- Lead development of cybersecurity policies.
To learn more about how you can drive cybersecurity strategy, investment and culture, explore the Cyber Essentials Toolkit on this element.
Your Staff
As users of your organization’s digital equipment and systems, your staff are essential elements of your organization’s Culture of Cyber Readiness. Your task for this element is to develop cybersecurity awareness and vigilance.
Actions For Leaders
- Develop a culture of awareness to encourage employees to make good choices online.
- Learn about risks like phishing and business email compromise.
- Maintain awareness of current events related to cybersecurity, using lessons-learned and reported events to remain vigilant against the current threat environment and agile to cybersecurity trends.
Actions to Take in Consultation with IT
- Leverage basic cybersecurity training to improve exposure to cybersecurity concepts, terminology and activities associated with implementing cybersecurity best practices.
- Identify available training resources through professional associations, academic institutions, private sector and government sources.
Your Systems
As the infrastructure that makes your organization operational, your systems are an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to protect critical assets and applications.
Action For Leaders
- Learn what is on your network. Maintain inventories of hardware and software assets to know what is in play and at-risk from attack.
Actions to Take in Consultation with IT
- Leverage automatic updates for all operating systems and third-party software.
- Implement security configurations for all hardware and software assets.
- Remove unsupported or unauthorized hardware and software from systems.
- Leverage email and web browser security settings to protect against spoofed or modified emails and unsecured webpages.
- Create application integrity and whitelisting policies so that only approved software is allowed to load and operate on their systems.
Your Surroundings
As your organization’s digital workplace, this is an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to ensure only those who belong on your digital workplace have access to it.
Actions to Take in Consultation with IT
- Learn who is on your network. Maintain inventories of network connections (user accounts, vendors, business partners, etc.).
- Leverage multi-factor authentication for all users, starting with privileged, administrative and remote access users.
- Grant access and admin permissions based on need-to-know and least privilege.
- Leverage unique passwords for all user accounts.
- Develop IT policies and procedures addressing changes in user status (transfers, termination, etc.).
Your Data
Your data, intellectual property, and other sensitive information is what your organization is built on. As such, it is an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to make backups and avoid loss of information critical to operations.
Action For Leaders
- Learn how your data is protected.
Actions to Take in Consultation with IT
- Learn what information resides on your network. Maintain inventories of critical or sensitive information.
- Learn what is happening on your network. manage network and perimeter components, host and device components, data-at-rest and in-transit, and user behavior activities.
- Domain name system protection.
- Leverage malware protection capabilities.
- Establish regular automated backups and redundancies of key systems.
- Leverage protections for backups, including physical security, encryption and offline copies.
Your Crisis Response
As your strategy for responding to and recovering from compromise, this is an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to limit damage and quicken restoration of normal operations.
Actions For Leaders
- Lead development of an incident response and disaster recovery plan outlining roles and responsibilities. Test it often.
- Leverage business impact assessments to prioritize resources and identify which systems must be recovered first.
- Learn who to call for help (outside partners, vendors, government/industry responders, technical advisors and law enforcement).
- Lead development of an internal reporting structure to detect, communicate and contain attacks.
Action to Take in Consultation with IT
- Leverage in-house containment measures to limit the impact of cyber incidents when they occur.
Booting Up: Things to Do First
Even before your organization has begun to adopt a Culture of Cyber Readiness, there are things you can begin doing today to make your organization more prepared against cyber risks.
Backup Data
Employ a backup solution that automatically and continuously backs up critical data and system configurations.
Multi-Factor Authentication
Require multi-factor authentication (MFA) for accessing your systems whenever possible. MFA should be required of all users, but start with privileged, administrative, and remote access users.
Patch &Update Management
Enable automatic updates whenever possible. Replace unsupported operating systems, applications and hardware. Test and deploy patches quickly.
Recommendations
CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.
- Maintain up-to-date antivirus signatures and engines.
- Keep operating system patches up-to-date.
- Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
- Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
- Enforce a strong password policy and implement regular password changes.
- Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
- Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
- Disable unnecessary services on agency workstations and servers.
- Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its true file type (i.e., the extension matches the file header).
- Monitor users' web browsing habits; restrict access to sites with unfavorable content.
- Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
- Scan all software downloaded from the Internet prior to executing.
- Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).
Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, Guide to Malware Incident Prevention & Handling for Desktops and Laptops.
Questions Every CEO Should Ask About Cyber Risks
Cybersecurity evolution should eventually lead to a zero-trust environment where devices, services and people will be required to continually request access to critical systems and data. Unless otherwise stated, all access is denied by default in a zero trust environment.
See the US National Security Agency's overview of a Zero-Trust environment
NSA Zero-Trust Model
INFOJET(back to top)