Cargando…
Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases
Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performi...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7309102/ https://www.ncbi.nlm.nih.gov/pubmed/32471252 http://dx.doi.org/10.3390/s20113048 |
| _version_ | 1783549147206385664 |
|---|---|
| author | Fernández-Caramés, Tiago M. Fraga-Lamas, Paula |
| author_facet | Fernández-Caramés, Tiago M. Fraga-Lamas, Paula |
| author_sort | Fernández-Caramés, Tiago M. |
| collection | PubMed |
| description | Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan. |
| format | Online Article Text |
| id | pubmed-7309102 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-73091022020-06-25 Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases Fernández-Caramés, Tiago M. Fraga-Lamas, Paula Sensors (Basel) Article Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan. MDPI 2020-05-27 /pmc/articles/PMC7309102/ /pubmed/32471252 http://dx.doi.org/10.3390/s20113048 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Fernández-Caramés, Tiago M. Fraga-Lamas, Paula Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title | Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title_full | Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title_fullStr | Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title_full_unstemmed | Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title_short | Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title_sort | teaching and learning iot cybersecurity and vulnerability assessment with shodan through practical use cases |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7309102/ https://www.ncbi.nlm.nih.gov/pubmed/32471252 http://dx.doi.org/10.3390/s20113048 |
| work_keys_str_mv | AT fernandezcaramestiagom teachingandlearningiotcybersecurityandvulnerabilityassessmentwithshodanthroughpracticalusecases AT fragalamaspaula teachingandlearningiotcybersecurityandvulnerabilityassessmentwithshodanthroughpracticalusecases |