3. Greenbone Security Manager – Overview¶
The Greenbone Security Manager (GSM) is a dedicated appliance for vulnerability scanning and vulnerability management. It is offered in different performance levels.
|
3.1. Physical Appliances¶
3.1.1. Enterprise Class – GSM 5400/6500¶
The GSM 6500 and GSM 5400 are designed for the operation in large companies and agencies.
Fig. 3.1 GSM of the Enterprise Class
The appliances of the Enterprise Class can control other appliances as sensors. The appliances themselves can be controlled as remote scanners by another appliance.
The appliances in the Enterprise Class come in a 2U 19” chassis for easy integration into the data center. For easy installation and monitoring they are equipped with a two line LC display with 16 characters per line. For uninterruptible operation they have redundant, hot swappable power supplies, hard drives and fans.
For managing the appliance, a serial port is available in addition to two out-of-band management Ethernet ports. The serial port is set up as a Cisco compatible console port.
To connect to the monitored systems the appliances can be equipped with up to three modules. The following modules can be used in any order:
- 8 ports Gigabit Ethernet 10/100/1000 Base-TX (copper)
- 8 ports Gigabit Ethernet SFP (Small Form-factor Pluggable)
- 2 ports 10-Gigabit Ethernet XFP
3.1.2. Midrange Class – GSM 400/450/600/650¶
The GSM 400, GSM 450, GSM 600 and GSM 650 are designed for medium-sized companies and agencies as well as larger branch offices.
Fig. 3.2 GSM of the Midrange Class
The appliances of the Midrange Class can control other appliances as sensors. The appliances themselves can be controlled as remote scanners by another appliance.
The appliances in the Midrange Class come in a 1U 19” chassis for easy integration into the data center. For easy installation and monitoring they are equipped with a two line LC display with 16 characters per line. For uninterruptible operation the appliances come with redundant fans.
For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco compatible console port.
To connect to the monitored systems the appliances are equipped with eight ports in total, pre-configured and set up as follows:
- 6 ports Gigabit Ethernet 10/100/1000 Base-TX (copper)
- 2 ports Gigabit Ethernet SFP (Small Form-factor Pluggable)
A modular configuration of the ports is not possible. One of these ports is also used as management port.
3.1.3. SME (Small Enterprise) Class – GSM 150¶
The GSM 150 is designed for small companies and agencies as well as small to medium branch offices. Controlling sensors in other security zones is not considered. However, the GSM 150 itself can be controlled as a remote scanners by another appliance.
Fig. 3.3 GSM of the SME Class
The appliance comes in a 1U steel chassis. For easy integration into the data center an optional rackmount kit can be used. The appliance does not come with a display.
For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco compatible console port.
To connect to the monitored systems the appliance comes with four Gigabit Ethernet 10/100/1000 Base-TX (copper) ports in total. One of these ports is also used as management port.
3.1.4. Sensor – GSM 35¶
The GSM 35 is designed as a sensor for smaller companies and agencies as well as small branches.
Fig. 3.4 Physical sensor
The GSM 35 can only be used in sensor mode and has to be managed via a GSM master. No web interface is available on the GSM 35. GSMs of the Midrange Class and the Enterprise Class (GSM 400/GSM DECA and beyond) can be utilized as masters for the GSM 35.
The appliance comes in a 1U steel chassis. For easy integration into the data center an optional rackmount kit can be used. The appliance does not come with a display.
For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco compatible console port.
To connect to the monitored systems the appliance comes with four Gigabit Ethernet 10/100/1000 Base-TX (copper) ports in total. One of these ports is also used as management port.
3.2. Virtual Appliances¶
3.2.1. Midrange Class – GSM DECA/TERA/PETA/EXA¶
The GSM DECA, GSM TERA, GSM PETA and GSM EXA are designed for medium-sized companies and agencies as well as larger branch offices.
Fig. 3.5 GSM of the virtual Midrange Class
The appliances of the Midrange Class can control other appliances as sensors. The appliances themselves can be controlled as remote scanners by another appliance.
The appliances in the Midrange Class can be deployed using VMware ESXi on Microsoft Windows, MacOS and Linux systems.
To connect to the monitored systems the appliances come with eight dynamic, virtual ports in total in case of the GSM TERA/PETA/EXA or with four dynamic, virtual ports in total in case of the GSM DECA.
One of these ports is also used as management port.
3.2.2. SME (Small Enterprise) Class – GSM 150V/CENO¶
The GSM 150V/CENO is designed for small companies and agencies as well as small to medium branch offices. Controlling sensors in other security zones is not considered. However, the GSM 150V/CENO itself can be controlled as a remote scanner by another appliance.
Fig. 3.6 GSM of the virtual SME Class
The GSM 150V/CENO can be deployed using VMware ESXi on Microsoft Windows, MacOS and Linux systems.
To connect to the monitored systems the appliance comes with four dynamic, virtual ports in total.
One of these ports is also used as management port.
3.2.3. Sensor – GSM 25V¶
The GSM 25V is designed as a sensor for smaller companies and agencies as well as small branches. It provides a simple and cost effective option to monitor virtual infrastructures.
Fig. 3.7 Virtual sensor
The GSM 25V can be deployed using VMware ESXi on Microsoft Windows, MacOS and Linux systems.
The GSM 25V can only be used in sensor mode and has to be managed via a GSM master. No web interface is available on the GSM 25V. GSMs of the Midrange Class and the Enterprise Class (GSM 400/GSM DECA and beyond) can be utilized as masters for the GSM 25V.
To connect to the monitored systems the appliance comes with four dynamic, virtual ports in total.
One of these ports is also used as management port.
3.2.4. Entry Class – GSM ONE¶
The GSM ONE is designed for specific requirements such as audit using a laptop or educational purposes. It can neither control other sensors nor be controlled as a sensor by another appliance.
Fig. 3.8 GSM ONE
The GSM ONE can be deployed using various virtualization environments. The recommended and supported environment is Oracle VirtualBox.
The GSM ONE comes with one virtual port used for management, scan and updates.
The GSM ONE has all the functions of the Midrange and Enterprise Class except for the following:
- Master mode: the GSM ONE cannot control other appliances as sensors.
- Sensor mode: the GSM ONE cannot be controlled as a remote scanner by another appliance.
- Alerts: the GSM ONE cannot send any alerts via SMTP, SNMP, syslog or HTTP.
- VLANs: the GSM ONE does not support VLANs on the virtual port.
Note
The GSM ONE is optimized for the usage on a mobile computer. Features required for enterprise vulnerability management like schedules, alerts and remote scan engines are only available on the full featured appliances.
3.2.5. Entry Class – GSM MAVEN¶
The GSM MAVEN is designed for micro offices as well as small branches. It can neither control other sensors nor be controlled as a sensor by another appliance.
The GSM MAVEN can be deployed using various virtualization environments. The recommended and supported environment is Oracle VirtualBox.
The GSM MAVEN comes with one virtual port used for management, scan and updates.
Fig. 3.9 GSM MAVEN
The GSM MAVEN has all the functions of the Midrange and Enterprise Class except for the following:
- Master mode: the GSM MAVEN cannot control other appliances as sensors.
- Sensor mode: the GSM MAVEN cannot be controlled as a remote scanner by another appliances.
- Alerts: the GSM MAVEN cannot send any alerts via SMTP, SNMP, syslog or HTTP.
- VLANs: the GSM MAVEN does not support VLANs on the virtual port.
Note
The GSM MAVEN is optimized for the usage on a mobile computer. Features required for enterprise vulnerability management like schedules, alerts and remote scan engines are only available on the full featured appliances.
