@ -100,6 +100,8 @@ The scanner component has the following workflow:
|
|||||||
|
|
||||||
Once the [server component](server.md#remote-network-scannning) has been setup, the client can be installed/used from any network. Even a network that is isolated from the server. Only caveat is that the client can communicate with the server. To ensure that the client can connect to the server set the `auth_token` to match that of the server.
|
Once the [server component](server.md#remote-network-scannning) has been setup, the client can be installed/used from any network. Even a network that is isolated from the server. Only caveat is that the client can communicate with the server. To ensure that the client can connect to the server set the `auth_token` to match that of the server.
|
||||||
|
|
||||||
|
There is no true confirmation of the servers identity outside of confirming the TLS Certificate is trusted. Due to this fact, you're advised to use your own CA to sign the server components TLS Certificate. By doing this only you can issue a certificate to the server component. All that is required is to ensure that your CA certificate is within the trusted certificates of the machine that is running the agent.
|
||||||
|
|
||||||
!!! danger "Security"
|
!!! danger "Security"
|
||||||
Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server.
|
Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server.
|
||||||
|
|
||||||
|
|||||||
@ -103,3 +103,4 @@
|
|||||||
"results": "{{ subnet_scan_results }}"
|
"results": "{{ subnet_scan_results }}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
validate_certs: true # Ensure always true
|
||||||
|
|||||||
Reference in New Issue
Block a user