Are you Cyber Secure at home?
Today I just want to mention three sites to help you check – these aren’t a replacement for a good router / firewall connecting you to the internet, or for good antivirus, but looking at some other areas:
one for checking that your email isn’t known to have appeared in any security breaches,
one for checking that there are no known devices behind your public IP address that are presenting themselves to the internet insecurely
one that scans your public IP address for open well known ports (I’ll explain later)
Have I Been Pwned
The tagline for this website is “Check if your email has been compromised in a data breach” and this is essentially what it does. The homepage allows you to enter a email address and press the “pwned?” button after which it either tells you:
Good news – no pwnage found!
Or if it finds your email in one of the compromises it lists the date and details of the compromise.
For example – my business email address shows no results – thankfully.
If I search for an old email address however that I no longer use
Lower down on the site you then get provided with a list of the compromises that your email address was involved in. For example:
What to do? If you search for your email address on this site and find that it was involved in breaches; you should check the date the breaches occurred and if you have not changed your password since that date you should do so now.
Additional benefits for businesses & domain owners: If you own a domain (e.g. you receive your email at firstname.lastname@example.org) either for your personal email or because you are a business then you should go to the “domain search” tab on the “Have I Been Pwned” site and register your domain as a whole so you receive email addresses about any breaches on that domain.
Shodan is a IOT vulnerability search engine – it is used by script kiddies, researchers, black hats, white hats and everyone inbetween to identify and catalogue devices on the internet with open ports.
Shodan can be run in two ways –
You can tell Shodan to run a query against the internet. It might be probe all UK based public IP addresses to see if any of them have open port 23235. To do this requires a paid for account.
You can ask Shodan if a particular public IP address to see if its listed with any vulnerabilities from searches someone else has conducted. For example tell me if 22.214.171.124 is listed on Shodan. To do this is free.
Shodan is one of those tools that has both positive and negative sides. Negatively, it can give hackers a list of known vulnerable devices at specific IP addresses. Positively, it can tell you if any devices behind your IP address are known to be on the internet and hackable.
To make use of Shodan to check your public IP address you need to know that address – I’m going to assume that businesses know this information but if you are doing this at home then perhaps the simplest way to find this is to ask Google “What is my IP address”.
For example when searching for my public IP address on Shodan I get no results – again thankfully.
What to do? If you find that Shodan lists something for your IP address then you need to identify what the device is – to do this you’d look at the information Shodan provides and then at what you have at home – particularly internet of things devices – cameras, printers, TVs, PVRs, heating controls, lights etc. Once you identify what it is that is exposed you need to make it secure – to do this I’d start at the manufacturer’s website to see if there is an update to the device that fixes the problem.
Additional benefits for businesses & domain owners: If you want to be able to actively scan you have to take out a subscription with Shodan. This might be worthwhile for some users perhaps but not probably most people reading this.
GRC’s Shields Up! tool simply scans the IP that you arrive at their website on for open well known ports. TCP and UDP both have port numbers – these are essentially connection numbers – running from 0 through to 65535, the first 0 through to 1023 are well known ports. This means they are used for offering services to the internet – the best of these is probably TCP port 80 which is used for HTTP traffic – web pages.
Shields up! scans these ports or any other specific port you ask it to scan and tells you if you have the port open, closed on in stealth mode. Stealth mode is the answer you want which is why its shown on Shields Up! in green.
To run the scan go to the web page:
Select Proceed and this takes you to another page:
On this page select “All Service Ports” and wait for the scan to run – once complete if you see all green you are okay.
It should be noted that this scan will only scan ports 0-1055 or other specific ports you select- so it can only tell you about these ports. If you have open ports between 1056 and 65535 it will not tell you this.
What to do? If you find ports shown in red or blue then you need to attempt to identify what these are – this isn’t necessarily straight forward and you might need to get help. In all probability you have either opened these ports deliberately on your internet router or a technology called UPNP has opened them for you.
Additional benefits for businesses & domain owners: If you are in the public sector, a charity or a business owner and want help with investigating this further then please contact us.