Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases
Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performi...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2020-05-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/20/11/3048 |
| _version_ | 1797566884810326016 |
|---|---|
| author | Tiago M. Fernández-Caramés Paula Fraga-Lamas |
| author_facet | Tiago M. Fernández-Caramés Paula Fraga-Lamas |
| author_sort | Tiago M. Fernández-Caramés |
| collection | DOAJ |
| description | Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan. |
| first_indexed | 2024-03-10T19:33:44Z |
| format | Article |
| id | doaj.art-6e6b8e8d76e04cc5a7c4dfbf2c59fe3d |
| institution | Directory Open Access Journal |
| issn | 1424-8220 |
| language | English |
| last_indexed | 2024-03-10T19:33:44Z |
| publishDate | 2020-05-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj.art-6e6b8e8d76e04cc5a7c4dfbf2c59fe3d2023-11-20T01:56:55ZengMDPI AGSensors1424-82202020-05-012011304810.3390/s20113048Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use CasesTiago M. Fernández-Caramés0Paula Fraga-Lamas1Department of Computer Engineering, Faculty of Computer Science, Universidade da Coruña, 15071 A Coruña, SpainDepartment of Computer Engineering, Faculty of Computer Science, Universidade da Coruña, 15071 A Coruña, SpainShodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan.https://www.mdpi.com/1424-8220/20/11/3048IoTcybersecurityShodanteaching methodologyuse case based learningsecurity audit |
| spellingShingle | Tiago M. Fernández-Caramés Paula Fraga-Lamas Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases Sensors IoT cybersecurity Shodan teaching methodology use case based learning security audit |
| title | Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title_full | Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title_fullStr | Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title_full_unstemmed | Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title_short | Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases |
| title_sort | teaching and learning iot cybersecurity and vulnerability assessment with shodan through practical use cases |
| topic | IoT cybersecurity Shodan teaching methodology use case based learning security audit |
| url | https://www.mdpi.com/1424-8220/20/11/3048 |
| work_keys_str_mv | AT tiagomfernandezcarames teachingandlearningiotcybersecurityandvulnerabilityassessmentwithshodanthroughpracticalusecases AT paulafragalamas teachingandlearningiotcybersecurityandvulnerabilityassessmentwithshodanthroughpracticalusecases |