Shodan

Service Description

Shodan provides weekly attack surface security reports based on PSU public-facing assets in Shodan.io. Utilized by partner organizations that make up the NCDPI K-12 Cybersecurity Program.

Shodan is the world’s first search engine for Internet-connected devices.

External Continuous Vulnerability Scanning Efforts

Security Domain

CIS Control 7 – Continuous Vulnerability Management
NIST CSF – Detect: Continuous Monitoring (DE.CM)
NIST 800-53 – Assessment, Authorization, and Monitoring

Shodan Version

Finds devices like webcams, routers, and servers.
Indexes metadata such as banners, ports, and protocols.
Highlights exposed or vulnerable systems.
Used by security pros to assess and monitor network risks.
Offers a global view of connected device exposure.

runZero Version

Safeguards against ransomware and cyber attacks.
Provides a detailed view of what the “bad guys” can see about the PSU’s network externally

PSU Time Commitment

Upfront/Setup: N/A.
Ongoing: Varies based on complexity of PSU

How to get this service

Submit a report request form for your PSU to subscribe

Additional Resources

The Ethics and Legality of Port Scanning – SANS GIAC Certifications

Point of Contact

Name: Ray Zeisz, Friday Institute
Email: rlzeisz@ncsu.edu