We currently have one Greenbone appliance covering a number of physical locations and are now looking at deploying a sensor at one of the remote sites. This is partly to relieve load but also because we cannot reach all our network from one location.
We use some non-routed IP addresses at all our sites (192.168.x.x) and these are not currently scanned. In some cases the same addresses are re-used at different sites.
How will Greenbone cope if the master and sensor both scan local machines that have identical non-routed IP addresses but are in different locations? Most of these devices do not have DNS names.
Will they be combined in some way or will Greenbone be able to keep them as 2 separate devices?
If I understand you correctly you ask about identical IP addresses in the target of different tasks.
A task can only be executed by a sensor OR directly by the master, not both.
The only area where results of all tasks meet are the assets.
To differentiate hosts in the host assets, we use five different kinds of identifiers:
IP adress
MAC address
OS identifiers
Hostname
SSH-Key
It’s unlikely that results of two different hosts are merged. Only if you get very little information about a host this seems feasible.
Hi Tino, Thanks for that. Yes, the tasks will only ever be executed on one appliance so that’s ok.
Hostnames should definitely be different (in the case of pcs) but for industrial control kit etc, I expect we will find a lot of devices with default names that have never been changed. As there are no DNS entries for most of these devices and Greenbone doesn’t seem to store MAC addresses for devices not on the same subnet, I expect we will find some clashes.
As long as we can tell from an asset, which Greenbone device scanned it, we will be able to sort things out. Will this be possible? Also, if I move an existing task to a sensor, will that create new duplicate assets or will the system know to merge them?