Test your security, and test it often

Configuration
1

Sharing a bit of a lessons learned. I test what my external web profile looks like somewhat regularly to ensure I haven’t made any stupid mistakes and opened my self up.

Running a few of my regular searches on Shodan and to my surprise I showed up. Even though I have ports open, they are limited to IP address that I specify. Generally, this means that scanners like Shodan do not see anything active on the open ports as they are not one of the specified IPs.

However, I made a change last week (and only for the week while I was out of town) which opened me up. There is a bug (at least I think its a bug) in my firewall firmware that causes the issue, I knew of the issue but didn’t think about it surfacing in this fashion.

Just a heads up to be testing your security regularly. You may have made a change that impacts your security in ways you didn’t realize.

Since I have gotten questions on what I do to check after these types of posts, here is what I check. I would be interested in seeing what others do also.

  1. From an public computer try accessing your instance from a browser, see what happens, see what the response looks like. Test your passwords (if it connects) and confirm you are getting a failed login notification. If you have a limit on incorrect passwords, confirm you get locked out after the limit.

  2. Perodic checks on Shodan. Check for your domain, IP and look for results under home assistant, homeassistant or any other key words you can think of to see if you show up. Note that this can lag a bit as Shodan has to scan your IP which may not be very frequent.
    https://www.shodan.io/

  3. Run the scans on GRC’s Sheilds Up.
    https://www.grc.com/shieldsup

  4. From a public IP (this can’t be done inside your network use a Coffee Shop, Public Wifi etc.) run a scan with Nmap.
    https://nmap.org/

There are phone based apps that can do some of these scans also, however, I have gotten some false positives when on a LTE connection due to the way the connection is made. This seems to be the case for others to with the ports that were showing open.

6 Likes
2

Thanks for the post and especially the “how-to” as well. Many post will tell you to do it, but does not educate the user. This is much appreciated

3

I am not a security researcher and can’t test all facets of the security, however, these are some low hanging fruit that can be checked with free web services. I’m interested for some more experienced users in this field to offer up some methods.

4

I had someone ask me in a PM what the tests above meant when they showed a result (ie. a port open).

If shodan, the shields up test or nmap show an open port, there are two things to think about. First did you intend to have that port open? If not, then that needs to be addressed. If you did intend to have it open the test is just confirming that. What this means is anyone in the world with an internet connection can see that open port to. Whatever service you have running on that port better be secure as anyone can access it. Test that security, use strong passwords and 2 factor authentication when possible.

5

To add to the toolset, https://censys.io/ is another scanner that is constantly looking for services running at any given web address. I constantly see these IPs in my firewall logs.

1 Like