Professional Documents
Culture Documents
Exploring the
Dark Internet
Bill Matonte, Brian Brokling, Chris
Hamm
Overview
What is Shodan
o The dark Internet
o The Shodan Story
o How Shodan works
Industrial Controls
Systems(ICS)
Include Many Essential
Infrastructure
o Nuclear power plants
o Chemical processing plants
o Energy pipeline monitoring
and control
http://www.ipcprotects.com/images/control-networksecurity-diag-big.jpg
ICS Continued
Lack basic security features
o Encryption, Firewalls, Anti-Virus Software
Countermeasures
Restrict your devices to only allow packets to be
broadcast inside the internal LAN
Restrict what IP addresses can access your
network from the internet
Use VPN to remote access your network
Change all default device passwords to
something else
Surpress or minimize verbose banners
Run Shodan against yourself
o see if you can find yourself with Shodan
Works Cited
"Frequently Asked Questions." SHODAN. N.p., n.d. Web. 22 Apr. 2014. <http://www.shodanhq.com/help/faq>.
Goldman, David. "Shodan Finds the Internet's Most Dangerous Spots." CNNMoney. Cable News Network, 02 May 2013. Web. 22
Apr. 2014.
Goldman, David. "Shodan: The Scariest Search Engine on the Internet." CNNMoney. Cable News Network, 08 Apr. 2013. Web. 22
Apr. 2014.
Graddy, Marchello, and Dennis Strouble. "Critical Infrastructure Control Systems Vulnerabilities." International Conference on
Information Warfare and Security. Reading. N.p.: Academic Conferences International Limited, 2010. 106-XIII. Web. 22 Apr. 2014.
Hill, Kashmir. "Camera Company That Let Hackers Spy On Naked Customers Ordered By FTC To Get Its Security Act Together."
Forbes. Forbes Magazine, 04 Sept. 2013. Web. 22 Apr. 2014.
Hill, Kashmir. "The Crazy Things A Savvy Shodan Searcher Can Find Exposed On The Internet." Forbes. Forbes Magazine, 05 Sept.
2013. Web. 22 Apr. 2014.
ICS-CERT. "Alert (ICS-ALERT-11-343-01A)." Control System Internet Accessibility (Update A). Deopartment Of Homeland Security,
21 June 2012. Web. 22 Apr. 2014.
Leverett, Eireann. "Quantitatatively Assessing and Visualizing Industrial System Attack Surfaces." Diss. U of Cambridge, 2011.
Leveret-Industrial. Web. 23 Apr. 2014. <"https://www.cl.cam.ac.uk/~fms27/papers/2011-Leverett-industrial.pdf>.
NERC. "Control Systems Security Working Group(CSSWG)." NERC. North American Electric Reliability Corporation, n.d. Web. 23
Apr. 2014. <http://www.nerc.com/>.
O'Harrow, Robert, and Jr. "Cyber Search Engine Shodan Exposes Industrial Control Systems to New Risks." The Washington Post.
N.p., 27 Dec. 2012. Web. 8 Apr. 2014.
United States. Department of Energy.Office of Scientific and Technical Information, United States. Department of Energy, and Idaho
National Laboratory. Introduction to SCADA Protection and Vulnerabilities. Washington, D.C; Oak Ridge, Tenn: United States. Dept.
of Energy, 2004. Web.
Wiess, Aaron. "5 Tips to Protect Networks Against Shodan Searches." - ESecurity Planet. N.p., n.d. Web. 21 Apr. 2014.
<http://www.esecurityplanet.com/network-security/5-tips-to-protect-networks-against-shodan-searches.html>.