- Is there a documented, supported way? (I didn’t found any)
- And if it is, does it work without SSH protocol between the frontend and the master (since an SSH tunnel is a kind of hole through the firewall which should be between)?
Background: If the master gets compromised, effectively the whole organization is compromized, since the attacker can reach all sensors, and the sensors reach all networks. Therefore it helps to have a dedicated host with the frontend, connecting only over API through a firewall to the master (ideally NOT via SSH).
Best regards, Christoph K.
I guess you want to use a sensor virtual appliance:
No. The sensor separates the scan engine, enabling to scan a network where the master is not allowed to connect directly.
What I asked about is to separate the user web frontend (that’s the port where you connect the browser to with HTTPS, 443/tpc) from the backend (core system with PostgreSQL database under the hood), a firewall between those separated hosts, and connected with an API protocol, ideally not with SSH.
In Greenbone terms maybe to have the “Greenbone Security Assistant” on a separate server.
Hi, if you build our software from source this would be possible technically wise. But nevertheless it is not supported and provided via a Greenbone product.
2 Likes
OK, that’s what I wanted to know. Thanks!