The Shodan search engine is an excellent resource for hackers looking for unprotected endpoints. If you have ever played with Shodan, you will probably know that some of the most popular searches are the searches for unprotected devices using default logins for usernames. At the time of writing, there were 6,630 routers out there which used the login credentials of username=admin / password=1234.
While there were similar resources and alternative software producing similar results before Shodan came along, the search engine has received a lot of publicity and media attention, making non-techies more aware of endpoint security.
What Is Endpoint Security?
An endpoint is simply one end of a communication channel – e.g., a laptop, desktop, wireless router, smart phone or network server. When we talk about endpoints we are usually talking about Internet-connected hardware devices, but even a URL in an API is an endpoint through which a client interacts with a server’s resources. The seemingly innocuous endpoint is the Achilles heel of cybersecurity and vulnerable to attack, as it is often a convenient entry point to a system where criminals can execute their malicious code and gain access to devices and victims’ sensitive data.
Endpoint security is the practice of securing devices against attack from criminals. At its most basic, it is the physical protection of devices in an organization (e.g. ensuring only employees with the proper credentials can access IT equipment.) In cyberspace, endpoint security is about employing complex software to identify system vulnerabilities, protect systems from attack and ensure there are processes in place to patch breaches that do occur.
Endpoint security has evolved over the years from using basic antivirus solutions and firewalls to high-tech, modern solutions that employ artificial intelligence algorithms, advanced automation technologies and predictive analytics software. These new (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Penny Hoelscher. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/PETMaQp-gSg/