Keeping the IoT Secure with Shodan

IOT, IoT Attacks, IT Best Practices, Ophtek, ,
29
Jan 2020

The Internet of Things (IoT) is getting bigger and bigger. But this popularity is making it a target for hackers. Thankfully, Shodan is here to secure it.

It’s difficult to imagine life without the IoT; the sheer range of possibilities it opens up is astonishing. But it has also attracted a number of headlines due to its shortcomings in security. Naturally, the opportunity to strengthen security around IoT devices is one of great interest. And now there’s a website which promises to maximize your IoT security. Its name is Shodan and it could just revolutionize your device security.

Let’s take a look at what it is and how Shodan can keep the IoT secure.

What is Shodan?

Shodan is, in its simplest terms, a search engine for IoT devices. It’s similar to Google, but rather than searching for news on your favorite TV shows, you can use it find IoT devices. As long as a device is connected to the internet, Shodan should be able to find and identify it. And this applies to any IoT device be it a printer, security camera or refrigerator.

How Does Shodan Work?

The part of the internet that the IoT connects to is usually considered invisible, but all it takes is the right algorithm to analyze it. And this is what Shodan does. The overall mechanics of Shodan’s algorithm is complex, but here’s a breakdown of how it works:

  • Creates random IPv4 addresses which are used to identity network interfaces on a machine
  • Scans the internet for a real time list of connected IoT devices
  • Scans each device by checking a selection of available ports
  • Analyzes each port for a unique IPv4 address
  • Grabs a selection of metadata from the device which includes: usernames, passwords, geographical location and IP addresses

And all of this information can be displayed in the search results on Shodan.

Is Shodan a help or a Hindrance?

The amount of sensitive data that Shodan can expose is worrying. The last thing you want is for your usernames and passwords to be compromised. This could lead to grave consequences for your security. But is Shodan as scary as it sounds? Well, the truth is that it can actually enhance your IoT security.

Shodan is now a popular tool for security professionals to evaluate their IoT devices. And it’s most commonly used in the following ways:

  • Detecting Vulnerabilities: Shodan has a range of filters available that you can use to identify potential vulnerabilities in your IoT devices. This could include the use of default login credentials (these are the only login details that Shodan exposes) or which ports are currently open. By identifying these vulnerabilities with Shodan you can rectify them.
  • Track Exploits: Hackers are industrious characters and relish the challenge of identifying exploits. And the result is that IoT devices are constantly in their targets. Thankfully, Shodan is on hand to help. It does this by collecting together all known exploits for IoT devices and making them available. All a user has to do is use the Shodan search engine to search for specific terms and uncover any known exploits.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Use the 3-2-1 Backup Method to Protect Your Data

Backup, Backup and Recovery, Backup Strategies, Data Backup, Data Storage, Ophtek, , , , ,
28
Jan 2020

Hardware can easily become compromised, stolen or damaged. And this can leave you without crucial data. But the 3-2-1 backup method is here to help.

Data disasters are most often caused by hardware failure, human error or cyber-attacks. Regardless of the cause, your organization needs a good backup strategy in place. You need to be able to retrieve your data in the event of an emergency. Without a backup strategy you will struggle to recover and this will have a major impact on your productivity. And that’s why the 3-2-1 backup method has proved to be so popular with businesses.

Data protection has never been more important that today, so we’re going to take a look at how the 3-2-1 backup method can protect your data.

What is the 3-2-1 Backup Method?

The principle behind the 3-2-1 backup method lies in its name:

Let’s take a closer look at each part of the method to help you understand the thinking behind it:

  • Keeping at Least 3 Copies of Your Data: To keep just one backup copy of your data is careless. Say, for example, your data is compromised by ransomware. An option would be to retrieve your backup data from an external hard drive. But what if you discover this device has been damaged in some way? You need an alternative solution. And this could be accessing a USB drive or connecting to a cloud storage solution. The minimum number of copies you should keep is three, but there’s no maximum. You can keep three, five or fifty. 
  • Keeping 2 of these Copies on Local Devices: Onsite backups are essential for keeping your productivity in place. Data disasters are unpredictable and can have an instant impact. Therefore, you need to make sure that you have your backup data close to hand. This approach will allow you to quickly implement any compromised data and establish normal working practices. Again, it’s important to have more than one local backup available to safeguard against any technical issues. 
  • Keeping at Least 1 Copy Offsite: If you want to reap the benefits of a complete backup strategy you need to keep one copy offsite. Advances in cloud computing mean that it’s easier than ever to store data offsite. And this can pay dividends in the case of a local disaster. If, for example, you are hit by a hurricane or a flood, all your local backups could be damaged. It doesn’t matter if you’ve got three or three hundred. But if you keep at least one copy in the cloud you are ensuring comprehensive data protection is in place. 

Final Thoughts 

A good backup strategy is vital in protecting your data in the event of a data disaster. And it pays to be comprehensive in the manner in which you protect your data. The 3-2-1 backup method is the perfect way in which to achieve this.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
How Reliable is your Hard Drive?
How Reliable is your Hard Drive?

The Best Ways to Free Up Space on Your Hard Drive

archive, ccleaner, Cloud Storage, disk cleanup, hard drive, Ophtek, uninstall, , , , ,
21
Jan 2020

How Reliable is your Hard Drive?

All hard drives have a limit in terms of space. And this limit can soon be reached. But there are a number of simple ways to free up space.

A hard drive which is full can cause you a number of problems. Speed is the most obvious issue, but the chances of your PC freezing and crashing is also increased. And all of these scenarios are ones that can put a drain on your productivity. Therefore, you need to ensure that you have enough space on your hard drive.

You could expand your storage space, but this can be costly and isn’t always required. Instead, you can restore your PC’s productivity by following our steps to free up space.

Maximizing the Capacity of Your Hard Drive

To start freeing up space on your hard drive you need to make sure you follow these best practices:

  • Disk Cleanup: The simplest way to start maximizing space on your hard drive is with the Disk Cleanup application. This maintenance utility is bundled with Windows and carries out a quick evaluation of your hard drive. Files that are deemed necessary are kept, but there’s also an option to delete unnecessary files. 
  • Uninstall Apps You No Longer Use: A large number of apps will be installed on a PC over the course of its lifetime. But, due to time constraints, these aren’t always uninstalled when they’re no longer required. And this can take up a lot of disk space. So, you need to regularly visit the ‘Uninstall or Change a Program’ section of your Control Panel. Here you can analyze which programs are no longer required and remove them. 
  • Minimize Your System Restore Space: It’s likely that you will have used the System Restore app more than once to fix a system issue. But, over time, all the snapshots of your system can start to take up large amounts of space. Thankfully, you can restrict the amount of space used to store these snapshots. By minimizing the maximum Disk Space Usage you can save space on your hard drive. Just remember that this will also minimize the number of restore points you can access.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Snatch Malware Proves That Safe Mode Isn’t so Safe

malware, Network, Ophtek, Ransomware, Security, Security Threats, , , ,
14
Jan 2020

We’ve all had to boot into safe mode on our PCs at some point and you would assume it’s a safe environment. But the Snatch malware is proving otherwise.

Safe mode is a configuration mode that you can request your PC to boot into at startup. In safe mode, your PC will only execute essential applications. The functions of your PC will be limited, but it’s the perfect environment for fixing problems and removing various forms of malware. But it appears that Snatch is a brand of malware which can thrive in safe mode.

Snatch is a multi-factor threat which can cause real damage to your business, so it’s a slice of malware that you need to be protecting yourself against. To give you a head start, we’ve put together a quick lowdown on Snatch.

What is Snatch?

Snatch is a newly discovered malware variant which contains two key threats: a ransomware function and the ability to log and steal user data. It’s not the first piece of malware to come loaded with these threats, but its infection strategies are unique. Using brute force attacks, Snatch is targeting the PCs of various organizations. So far, this sounds far from unusual as brute force attacks are a fairly conventional form of hacking. But Snatch has a unique strategy.

Following the initial infection, Snatch forces the PC to reboot. And it’s at this point that Snatch informs the PC to boot into safe mode. It’s believed that this unusual, yet clever, step is initiated in order to avoid anti-virus software which is often disabled in safe mode. From here it can execute its malicious payload. Snatch will then begin encrypting files and demanding ransoms that have been as high as $35,000. There is also evidence that surveillance threats are present in Snatch, so data harvesting is likely to start once the infection is unleashed.

Protecting Yourself from Snatch

The Snatch malware has the capability to cause extensive damage to your organization in terms of both finances and credibility. It’s also disturbingly efficient as it deletes any volume shadow copies of the files it encrypts. By deleting these volume shadow copies, Snatch is ensuring that it’s impossible to restore the encrypted files. Therefore, it’s crucial that you protect your PCs from Snatch by:

  • Practice Good IT Security: The backbone of any secure network is based upon the actions of those using it. And this is why it’s important that all your users understand the basics of IT security. By embracing these practices it’s possible to keep your PCs protected from the majority of majority of malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Making Your Passwords Stronger with Password Checkup

Hacking, Ophtek, Password Security, Security Threats, ,
07
Jan 2020

Passwords are the single most important safety tool at your disposal. But passwords need to be strong. And creating strong passwords is far from easy.

Thankfully, Google has solved this problem for us. All you need to do is get on board with their new service: Password Checkup. Not sure what Password Checkup is? Well, as luck would have it, we’ve put together a quick guide for you.

The Problems with Passwords

There are certain passwords which are used time and time again. And not just by individuals. We’re talking millions of people all over the world using similar passwords. These includes all the old favorites such as Password123, abc123 and Passw0rd. Sure, these are easy to remember. But their ubiquity means that they represent a major security risk.

Modern security techniques, of course, have negated the impact of weak passwords, but only marginally. Two-factor authentication, for example, puts an extra barrier behind passwords. But this is not there to be treated as a security option to fall back on. That’s why you need to start with a strong password and work from there.

But the sheer number of sites and applications we log in to in the 21st century is mind-boggling. Memorizing all of these passwords requires some serious memory skills. The quickest solution to this problem is to write them all down. But, that’s right, you’ve guessed it. Writing down passwords is yet another security threat.

Password Checkup is the Solution

Google, the great innovator of technology, has decided to simplify and improve the password process. And the result is Password Checkup.

Google Chrome and individual Google accounts have long had a built in password manager. This has allowed users to not only generate passwords, but also store them securely. Users, therefore, have been able to browse online securely and access all their services with ease. But this isn’t enough for Google. They want to push the concept a little further.

And this is where the Password Checkup extension comes in. Available from the Chrome web store, all it takes is a simple install process to activate Password Checkup for Chrome. But what does it do? Well, its main objectives are:

  • Identifying whether your username/password combination has been exposed. Breaches of third-party databases are rife. But, thanks to the data at its disposal, Password Checkup can advise you of this and prompt a change of password.
  • To analyze your existing passwords and recommend strengthening them if required. Your passwords may be securely stored in Chrome, but this doesn’t mean they can’t benefit from strengthening further.

The Password Checkup extension isn’t the only method in which you can use the service. You can also log on at passwords.google.com to manage and analyze your stored passwords.

Stay Safe with Password Checkup

All it takes is for one password to be breached to cause untold damage. But Password Checkup helps to nullify this threat. Thanks to its clever technology, Password Checkup keeps you on top of weak and exposed passwords. This knowledge allows you to act quickly and effectively to secure your passwords. And, with Password Checkup soon to be an integral feature of Chrome, the future looks bright and secure.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More