Shodan Computer Search Engine

Slides:



Advertisements
Similar presentations
Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Chapter 7 HARDENING SERVERS.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.
Cyber Security – Our Approach James Clement Network Specialist ETS: Communications & Network Services
Internet Information Server (IIS)
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Course 201 – Administration, Content Inspection and SSL VPN
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Intranet, Extranet, Firewall. Intranet and Extranet.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
2 Windows 7 – New Features DirectAccess Active Directory authentication without a VPN connection Firewall and NAT friendly with most existing network.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Chapter 13 – Network Security
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Internet Information Server Name : Yao Gu Date : 10-June-2000 COSC : 573.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.
Module 7: Advanced Application and Web Filtering.
Cybercrime What is it, what does it cost, & how is it regulated?
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.
Client Access – Published applications Control through TEMPLATE.ICA Use SSL Authentication level –Remove: EncRc5-0 EncRc5-40 EncRc5-56.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.
WINS Monthly Meeting 06/05/2003 WINS Monthly Meeting 06/05/2003.
Web Server Design Week 10 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/17/10.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
By Collin Donaldson. What is it? Shodan is a search engine that allows you to look for devices connected to the internet using service banners. When you.
Search Engine and Optimization 1. Introduction to Web Search Engines 2.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
SOHO Security Recommendations. Change default user/password Of the AP/router Typical  admin – admin  root – root  root – 1234  Admin - There are web.
Unit 4 – Network Threats and Vulnerabilities
Chapter 5 Electronic Commerce | Security Threats - Solution
SQL Server Security & Intrusion Prevention
What is a Firewall?.
FIREWALL configuration in linux
Footprinting and Scanning
Module Overview Installing and Configuring a Network Policy Server
TECHNOLOGY GUIDE THREE
Real Life Networking Examples
Chapter 5 Electronic Commerce | Security Threats - Solution
FTP - File Transfer Protocol
Implementing TMG Server Publishing
Virtual Network Management Center 2
Footprinting and Scanning
Protecting Your Maps and Data when using ArcGIS Server
Shodan.
WEB API.
Chapter 27: System Security
Configuring Internet-related services
Lecture 3: Secure Network Architecture
Back to the Future with Information Security How Embedded Devices Have Turned Back the Security Clock James Edge Information Security Specialist.
Windows desktop sharing
Cybersecurity and Cyberhygiene
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
Presentation transcript:

Shodan Computer Search Engine Matt Jennings

Road Map What is Shodan? How does Shodan work? HTTP banners Example searches Who uses Shodan? Conclusion

What is Shodan? Shodan is a computer search engine Developed by John Matherly and launched in 2009 Originally developed for marketing research purposes Shodan is somewhat similar to Google, Bing, Yahoo etc.

What is Shodan? Media Attention People were able to access Powerplants, hockey rinks, red-light cameras, webcams, particle accelerators Brought to light the lack of security

How does it work? Google 1.) Crawl the web for data 2.) Index 3.) Search Shodan 1.) Probes ports of nodes 2.) Grab HTTP headers 3.) Index HTTP headers 4.) Search Instead of searching for web content, you are searching for information from HTTP headers

Service Headers Information can be gathered from: HTTP(port 80), FTP(21), SSH(22) and other service headers Headers contain information such as date, server, last updated, connection, content type, welcome message, etc.

Example HTTP response header

Shodan Does not require account creation to search Without account: Only 10 results per query Can’t filter by ‘country’ or ‘net’ With account: 50 results per query Increased filters Export XML data

Shodan Filters Syntax : ‘filter:value’ with boolean operators (+,-,|) city and country city:”Pittsburgh” + country:US geo Geo:32.8,-117,50 hostname hostname:.ca net net.192.168.1.1/24 port port:21(ftp) os os:”windows 2000” SSL filters

GUI Country Filter USA first with 55 million hosts China in 2nd with 17 million hosts

city:"Beijing" + country:China

hostname:.edu

Compound Search port:110 city:"New York" os:"Windows XP"

General Search “tomcat 6.0” * Any text within the banner is searchable through Shodan

Network Radar

What we can learn from HTTP status codes Can understand authentication properties through the status of HTTP request HTTP status codes 200 OK Request has been succeeded 401 Unauthorized WWW-Authenticate header 403 Forbidden Authorization will not work to access this resource

Example 200 OK request “cisco 200 ok country:BR”

Cisco 200 OK

Example 401 Authorization Request “cisco 401 country:br”

Example 401 Authentication Header “admin+1234”

ICS-Cert Recommendations Place all important systems behind a firewall and separated from other networks Use VPN Rename and change password of any default accounts Use lockout policies to prevent brute force attempts Strong password policies

Who uses Shodan Cybersecurity professionals Researchers Penetration testers Researchers Law enforcement Cybercriminals - Identify open networks and notify users about them

Conclusion Seems scary Huge resource of information Not anonymous Huge resource of information Increased security of devices

References http://www.shodanhq.com/ http://money.cnn.com/2013/04/08/technology/security/shodan/index.html http://articles.washingtonpost.com/2012-06-03/news/35459595_1_computer-systems-desktop-computers-search-engine http://en.wikipedia.org/wiki/Shodan_(website) http://www.theregister.co.uk/2013/03/20/scada_honeypot_research/ http://ics-cert.us-cert.gov/pdf/ICS-Alert-10-301-01.pdf http://www.zdnet.com/blog/security/shodan-search-exposes-insecure-scada-systems/7611

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.