Shodan answers the question what is out there. Sometimes it is difficult to understand the depth and breadth of the internet. The sheer magnitude of what is out there and how it shows up in its many forms. But there is a site specifically designed to give you some idea of its scale. This site is called Shodan, it is a search engine that allows you to mine the internet for specific items such as specific servers, or webcams, or routers, etc. Take a look at the site here to see for yourself. It gives you a variety of information and is used by researchers and universities to quantify all of the possible services and servers out there.
But why would this be so important to cybersecurity. Because cyber attacks start with something we have talked about before on this blog. And that is simple reconnaissance. The bad guys need to know where the things of value are in order to exploit them or attack them or mine them for information or for monetary gain.
Who Knows This
Like any tool, Shodan gives you information. And like most tools, the first to use it is the bad guys. For instance, take a look at this search done on Shodan how many devices are vulnerable to the Heartbleed Virus. Now a bad guy can then take this information and using the Heartbleed virus go after these systems. Or a good guy can take this information and inform these potential victims of their exposure and get them on the road to safety. The Hearbleed virus came out two years ago and is easily defeated with the latest technology. Unfortunately, there are literally tens of thousands of systems that are still vulnerable.
This illustrates two things. First, that people do not keep up, and that is why there is a need for services such as mine. And second, it shows that the bad guys are usually the first to exploit these types of problems. Also to note that typically the bad guys do not use Shodan they are way ahead and use their own botnets to gather the same type of information.
What Should You Do?
First, off you should make sure that all of your systems throughout your control are updated and secure. And you can do this by performing a security audit immediately, and continue to do these security audits on a regular basis twice a year or more frequently. These types of audits are best done by outside organizations so that they can be done objectively and without internal interference. It’s kind of like have the guy who built the house be in charge of code violations and building inspections. His incentive is to get the house built.
It is much better to have an objective third party run these audits. Then include the internal folks after the report is prepared. It is not a witch hunt or to find someone at fault it is simply a method of finding all of your vulnerabilities and getting them mitigated as soon as possible. The risk to your organization is severe and can be handled if done quickly and correctly.
The first tool the security auditor or trusted advisor is going to use is Shodan, it is going to give him that picture of what is out there and what you have that is vulnerable. When you do not show up on Shodan’s radar as a known risk then you are on your way to safety and security.