What is Shodan? How can it improve online security?

Shodan is like Google but more of a repository of Internet of Things (IoT) devices. While Google indexes web pages on the world wide web and the content on these websites, Shodan indexes every device directly connected to the Internet.

The publicly available information through this search engine appears to be innocuous. To the average user, IP address strings and encryption terms don't make much sense. But for a hacker looking for a vulnerable device, that's more than enough to cause harm. But what if you could understand the data that matters most and how to use Shodan to improve your cybersecurity?

What exactly is Shodan?

Shodan is a cyber search engine that indexes devices connected to the Internet. This search engine started as a project of John Matherly. Matherly wants to learn about devices connected to the Internet, from printers and web servers to particle accelerators - basically anything with an IP address.

The purpose is to record the device specifications and have a map showing the locations of the devices and how they are connected to each other. Since 2009, when it went public, Shodan's purpose has remained largely unchanged. It still maps the exact locations of Internet-enabled devices, their software specifications, and their locations. Indeed, Shodan has grown to become an all-around eye on the net.

How Do Hackers Use Shodan?

What is Shodan? How can it improve online security? Picture 1 What is Shodan? How can it improve online security? Picture 1

Shodan was not originally designed for hackers, but the public information this search engine collects could be useful to hackers looking for vulnerable devices.

Find IoT devices with security rules

Shodan collects digital banners of IoT devices. A banner is like a CV that IoT devices send to web servers when requesting data. Banner reading is how the web server knows the specific device, how and what data packets to send to the device. Just as everyone's CV content will be different, so will the banners of IoT devices.

In general, a typical banner will show the device's operating system version, IP address, open ports, serial number, hardware specifications, geographic location, Internet service provider and registered name of the owner, if applicable.

Much, even all, of this information has been made public. This information could be visible to hackers, for example, devices running on outdated software. More specifically, a search filter can be used to narrow down vulnerable devices within a specific city. Knowing where to find vulnerable devices, hackers can use Wardriving tactics or perform Dissociation attacks to break into your network if they are not remotely accessible.

Find default password and login information

Most devices - such as routers - are supplied with default passwords or login credentials that users must change after setup. However, not many people do this. Shodan regularly compiles a list of active devices that still use their default credentials and open ports. Performing a search with the query 'default password' will show relevant search results. Anyone with access to this data and hacking tools can log into an open underlying system and cause damage.

This is why you should change your default password.

How to use Shodan to enhance cybersecurity

What is Shodan? How can it improve online security? Picture 2 What is Shodan? How can it improve online security? Picture 2

The amount of data available through Shodan is staggering, but it's hardly helpful if your device's security system is working properly. Searching for the device's IP address on Shodan will tell you if the search engine has any information about them. Let's start with the IP address of your home router. Strangely, Shodan won't have any information about your router, especially if the network ports are closed. Then move on to your security cameras, baby monitors, phones, and laptops.

Find and close vulnerable ports

You don't have to worry about hackers finding your device on Shodan and breaking into your system. The chances of that happening are low because Shodan only catalogs systems with open TCP/IP ports. And that's what you have to be aware of: Unsecured ports are open.

In general, ports are open so that Internet-enabled devices can serve requests, receive data, and know what to do with that data. That's how your wireless printer knows to receive a request from your PC and print a page, and how your webcam streams to the screen. And, more importantly, how can a hacker gain remote access to your device.

An open port is essential because that's how your device connects to the Internet. Closing all ports on your device will disconnect from the Internet. Ports become a security risk under certain circumstances, such as running old, outdated software or misconfiguring an application on the system. Thankfully, you can manage this malware infection and cybersecurity risk by closing vulnerable ports.

Use a VPN to connect to the Internet

You can search for your device's IP address on Shodan and see if the device's banner is public and which ports are open so you can close them. But that's still not enough. Consider using a VPN to hide your IP address as you browse the web.

The VPN acts as the first wall between you and the attacker. Using a VPN encrypts your Internet connection, so data and service requests go through secure ports instead of potentially unsecured ones. That way, the attacker needs to first crack the VPN service - which is not easy - before they can reach you. Then there is still another wall that you can erect.

Enable Microsoft Defender Firewall

What is Shodan? How can it improve online security? Picture 3 What is Shodan? How can it improve online security? Picture 3

Some VPNs, like Windscribe, have firewalls. While third-party firewalls are great, we recommend using the one that comes with Microsoft Defender, the native security program on Windows computers. Refer: How to turn on / off the firewall (Firewall) on a Windows computer for more details.

Your computer communicates with other computers on the Internet through data packets (bits of data containing media files or messages). The job of the Microsoft Defender firewall is to scan incoming data packets and prevent any behavior that could harm the device. Enabling the firewall is all you need to do. By default, the firewall only opens a computer port when an application needs to use that port. You don't have to touch the advanced security rules for the gateway unless you are a proficient user. Even then, consider setting a prompt to close the port afterwards (it's easy to forget this).

Think of how a firewall acts as an agent controlling traffic into your town and roads as gateways to your network. Staff check and ensure that only vehicles that meet safety standards are allowed to pass. These safety standards change all the time, so your employees must know the latest rules - and that's why you should install regular software updates. Ignoring gate security rules is like asking your employees to bypass a checkpoint. Pretty much any vehicle can use that blind spot to get into your town.

What is Shodan suitable for?

Shodan is a huge database containing identifying information about devices connected to the Internet. It is mainly used by enterprises to track network vulnerabilities and leaks. However, you will also find Shodan a useful tool to check the health of your security. Once you find these leaks, you can easily block them and improve your overall network security.