Security

Both usernames of logged on users and usernames within the software metering (i.e. users who have used applications on the computer) can be replaced with SHA-1 hash. The same encrypted string will be used for the same user each time, even if the user uses multiple computers, no duplicate entries are created.

To enable the anonymous user data option, the following system setting needs to be added to the configuration file:

privacy.hide_user=true

Example 62.

Default setting (not anonymous)

With privacy.hide_user=true (anonymous)

The IP addresses assigned to the network interfaces of the computer can be replaced with SHA-1 hash. Add the following system setting to the configuration file:

privacy.hide_ip=true

If a self-signed or self-issued certificate is used to secure communication, i.e. a certificate that is not installed in the trusted root certificate store of the computer, the agent needs to be configured to ignore warnings about unknown CA’s. Use the following system setting in the configuration:

http.ssl_verify=false

This setting is disabled by default.

The Snow Agent supports use of client certificates. The certificates need to be password protected, and the password must be stored (encrypted) in the agent configuration file.

A common practice is to distribute the client certificate alongside the agent as part of the update package. The agent is then configured to look for a certificate.pfx file that contains the client certificate for client authentication and use that (provided it has the correct password).

If the server endpoint is used with a client certificate and the password does not match, an error is generated in the snowagent.log. The agent will continue with other server endpoint configurations, if any have been set.

To be able to use Transport Layer Security (TLS) 1.2 for the communication between the Inventory agent and the Inventory server, the following requirements need to be met: