Agent Client Collector security

Halvor Mortense · ‎09-06-2022

Hi,
I am new to the agent client collector, and I have been looking into the security aspect of ACC.

1. What type of encryption is used by the ACC to locally encrypt sensitive data?

2. Where is the encryption key stored?

3. What is considered sensitive data in terms of what is encrypted? i.e., is the allow-list encrypted.

4. Is there any additional security measures that can be performed to secure the agent, besides having strict policies?

From the documentation: "Agents run as non-root users. Agent files can’t be read by other non-root accounts on the host system. Agents locally encrypt sensitive information in memory, such as MID Server passwords and sensitive command line parameters. Sensitive command line parameters are also obfuscated when displayed or logged."

Maik Skoddow · ‎09-06-2022

Hi

within the ACC data sheet I found the following statement:

ACC is designed to meet the most stringent security
requirements. Agents initiate connections with MID Servers
over encrypted WebSocket connections, with no need to
store host credentials in the MID Server or to open inbound
firewall ports. Communication between MID Servers and
the main ServiceNow instance is encrypted.
Agents run as non-root users. Agent files can’t be read by
other non-root accounts on the host system. Agents locally
encrypt sensitive information in memory, such as MID
Server passwords and sensitive command line parameters.
Sensitive command line parameters are also obfuscated
when displayed or logged.

If you need more detailed information you should reach out to your ServiceNow sales team

Maik

Halvor Mortense · ‎09-06-2022

Thank you for the response, but i'm in need of more detailed information, so i'll try reaching out to ServiceNow.

Avro Guha · ‎09-18-2023

Honestly more details needs to included from security standpoint. We scanned 3.1 version of acc and it doesn’t look good, multiple high CEV vulnerabilities not been addressed .