-1

We know that vulnerability scanners have three model types: Host-based, Network and Database.

The Host-based vulnerability scanner uses a client-server structure, and the host will run an agent.

How to understand the client-server structure? Is the Client the Agent and the Server is host's OS?

schroeder
  • 123,438
  • 55
  • 284
  • 319
aircraft
  • 136
  • 6
  • I'm not sure what you are asking here. Do you want a clarification of what the terms client and server mean (which is not a security question, i.e. off-topic here) or do you want a clarification of how a host based scanner works? – Steffen Ullrich Apr 02 '20 at 06:05
  • I want to know the C-S refers to what, I guess the C is Agent. How about the S? – aircraft Apr 02 '20 at 06:09
  • The agent probably connects to a centralized solution where the results of the scanning are processed. The agent could be the client and the centralized application could be the server, or the other way round. If you dig a bit into client-server architecture, you'll understand that it is unlikely that the host's OS is the server here. – Ljm Dullaart Apr 02 '20 at 07:10
  • There are different types of host-based scanners. Not all of them use a client-server model. It sounds like you don't understand a particular scanner you have in mind or you don't understand client-server models. Can you edit your question to add more context? – schroeder Apr 02 '20 at 14:52

1 Answers1

1

A host-based vulnerability scanner is not required to use a Client/Server architecture. Host-based only means, that the scanner runs on the same machine that it is scanning.

If it uses a Client/Server pattern, the client is the agent running on the host. The server is usually a central orchestrator, managing the individual agents. This makes sense in larger environments, where many agents are rolled out and need to be controlled remotely.

The orchestrator can have several duties, including the following:

  • Deploy rule-set on agents
  • Schedule and trigger scans
  • Collect scan results
  • Provide an overview of scan results (e.g. on a dashboard)
  • Alert in case of high risk findings

It is basically the centralized management system for the agents.

Demento
  • 7,249
  • 5
  • 36
  • 45