-
Pagina 1
HP ProtectTools Security Software, Version 6.0 User Guide[...]
-
Pagina 2
© Copyright 2009, 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Microsoft, Windows and Windows Vista are either trademarks or registered trademar ks of Microsoft Corporation in the U nited States and/or other countries. The only warrantie s for HP products and services are set [...]
-
Pagina 3
About This Book This guide provides basic information for upgr ading this comput er model. WARNING! Text set off in this manner indi cates that failure to follow di rections could result in bodily harm or l oss of life . CAUTION: Text set off in this manner indicates that failure to follo w directions could result in damage to eq uipment or loss of[...]
-
Pagina 4
iv About This Book ENWW[...]
-
Pagina 5
Table of contents 1 Introduction to security ............. .......... .......... .............. .......... ............. .......... ........... ........ ......... ........... ........... 1 HP Pro tectT ools fea tures . ........... ............ .............. ........... ............ .............. ........... ............ .... . ........... ... 2 H[...]
-
Pagina 6
Specifying device settings ......... ............ .............. ........... ............ ............. ............ .............. 16 Configuring Applications Settings ................ ............ ............... ........... ............... .............. .......... ........ .. 16 Encry pting Dr ives . ........... .............. .......... ......[...]
-
Pagina 7
Logging in after Drive En cryption is activat ed ......... .............. ........... ........... .............. ......... 30 Advanced tasks ............ ........ ........... ......... ........ ......... ........... ........ ......... ........ ........... ........ ...... ......... ... 30 Managing Drive Encr yption ( adminis trator tas k) ..........[...]
-
Pagina 8
Settin g a shred schedule ................ ............. ................ .............. ................ .............. .......... 44 Selecting or crea ting a sh red prof ile ................ ................ .................... .................... .......... 44 Selecting a prede fined shr ed profile . ................. .................... ....[...]
-
Pagina 9
Creating an extendable JITA for a user or group ............ .............. .......... ............. ............ .. 55 Disab ling a JIT A for a us er or group .......... ........... ............... ............... ............ .............. ..... 56 Advanc ed Setti ngs .... ................ ............. ............. ................ ...........[...]
-
Pagina 10
x ENWW[...]
-
Pagina 11
1 Introduction to security HP Protec tTools sec urity so ftware p rovides se curi ty features that help pr otect against unauthor ized access to the compute r, networks, and critical da ta. Enhanced security functi onality is provided by several HP ProtectTools software modules. HP ProtectTools provides two versions that can be utilized: HP Protect[...]
-
Pagina 12
HP ProtectTools features The following tab le details the key fe atures of HP ProtectT ools modules: Module Key features HP ProtectTools Security Manager Administrative Console ● The Security Manager setup wizard is used by administrators to set up and configure levels of security and security logon methods. ● Configure options hidden from b as[...]
-
Pagina 13
Module Key features Smart Card Security (part of Security Manager) ● Provides a management software interface for Smart Card. HP ProtectTools Smart Card is a personal se curity device that protects authentication data requiring both the card and a PIN number to grant access. The Smart Card can be used to access Password Manager, Drive Encryption,[...]
-
Pagina 14
Example 1: A Purchasing Agent for a lar ge manufacturer ma kes most of her corp orate transact ions over the Internet. She also frequently visits seve ral popular web sites that require log in information. She is keenly aware o f security so does not use the same pa ssword on every account. The Purchasing Agent has decide d to use Credential Manage[...]
-
Pagina 15
Both Embedded Security an d Drive Encryption for HP ProtectT ools will not allow access to the encrypted data even when the dr ive is removed beca use they are bo th bound to th e original motherboar d. Example 2: A Hospital Administrator wan ts to ensure only doctors and authorized personn el can access any d ata on t heir local comp uter with out[...]
-
Pagina 16
Example 1: A Stock Broker wants to make sure his e-ma ils only go to specific clients and ensure no one can fa ke the e-mail account and intercept it. The Stock Bro ker signs himself and h is clients up with Privacy Manager. Privacy Manager issues th em a Certifica te of Authentication (CA) to each user. Using this tool, the Stock Bro ker and his c[...]
-
Pagina 17
● Creating str ong passwor d policies ● Addressing regulatory security mandates Protecting against targeted theft An example of this ty pe of incident would be the ta rgeted theft of a computer or its confidential data and customer in formation. This can easily occur in open office e nvironments or in unsecured a reas. The following fea tures h[...]
-
Pagina 18
Preventing unauthorized access from internal or external locations Unauthorized access to an unsecured business PC presents a very tangible risk to critical data such as information fro m financial ser vices, an execu tive, or R&D tea m, and to priv ate informatio n such as patient records or personal financia l records. Th e following features[...]
-
Pagina 19
Additional security elements Assigning security roles In managing comput er security, one impo rtant prac tice is to divide responsibilities and rights among various types of administrators a nd users. NOTE: In a small organizati on or for individual use, thes e roles may all be held by the same person. For HP ProtectT ools, the security d uties an[...]
-
Pagina 20
HP ProtectTools password Set in this HP ProtectTools mo dule Function Smart Card PIN Smart Card Security Can be used as a multifactor authentication optio n. Can be used as a Windows authentication. Authenticates users of Drive Encryption, if the Smart Card token is selected. Computer Setup password NOTE: Also k nown as BIOS administrator, F10 Setu[...]
-
Pagina 21
Backing up credentials and settings You can back up crede ntial s in the following ways: ● Use Drive Encryption for HP Prot ectTools to select and back up HP ProtectTools credentials. You can also register for Onlin e Drive Encryption Key Recovery Service to store a backup copy of your encryption key, which will enable you to access your computer[...]
-
Pagina 22
2 HP ProtectTools Security Manager Administrative Console About HP ProtectTools Administrative Console Administration of HP ProtectTools Security M ana ge r is provided through the Administrative Console. Using the console, the local administrator can: ● Enable or disable secu rity features ● Manage users of th e computer ● Adjust device-spec[...]
-
Pagina 23
● Management Tools - Opens your default bro wser to a web page where you ca n discover additional managem ent applications and tool s that extend th e features of Security Manager as well as a means to stay no tified whe n ne w applications and updates are available. ● Links - Provides t he following: ◦ Setup Wizard - Launches the Setup Wizar[...]
-
Pagina 24
Enabling security features The security features enabled here app ly to all users of this computer. 1. In the left pane of the Administrative Consol e, expand Security , an d click on Featur es . 2. To enable a se curity feature, click the corresponding check box next to Windows Logon Security and/or Protect data (activates Dr ive Encryption). ● [...]
-
Pagina 25
4. In the Policy section drop -down list, choose wh ether AN Y (only one) of the specified credentia ls are required, or if ALL of the sp ecified credential s are required in order to authen ticate a user. 5. Click the Apply button. Defining Settings You can specify wh ich advanced security settings to allow. To edit the se ttings: 1. In the left p[...]
-
Pagina 26
Removing a user NOTE: This proced ure does not delet e the Window s user account. I t only removes that a ccount from Secu rity Manager . To complete ly remove t he user, you must remov e the user f rom both Sec urity Manager and Wi ndows. 1. Click Start , click All Programs , click HP , and the n click HP ProtectToo ls Administrative Console . 2. [...]
-
Pagina 27
Encrypting Drives Drive Encryption fo r HP ProtectTools allows yo u to encrypt compu ter hard drives, making th e hard drive unread able and inaccessi ble to any unauth orized person who might try to access it even if the drive has been re moved from the computer or se nt to a data recovery servi ce. To enable or di sable Drive Encr yption , click [...]
-
Pagina 28
3 HP ProtectTools Security Manager HP ProtectTools Security M anager a llows you to significantly increase the security of your computer. Through the us e of Security Manager applica tions, you can: ● Manage your logo n and passwords ● Easily change your Windows password ● Set up authentica tion credentials, inclu ding a smart card ● Increa[...]
-
Pagina 29
NOTE: If the HP Password Ma nager level of security has not been conf igured, users must still enter their Windows password at th e Windows lo gin screen, re gardless of the security login methods that are required by other l evels of security. Managing passwords Password Manager for HP ProtectTool s creates a nd manages log ons, which allow you to[...]
-
Pagina 30
Initializing the Smart Card HP ProtectTools Security M anager can support a nu mber of different Smart Cards. The number an d type of characters used as PIN numbers may vary. The manufacturer of the Smart Card should provide tools to install a security certificate and managem ent PIN that ProtectT ools will use in its security algorithm. NOTE: The [...]
-
Pagina 31
Shredding or bleaching files File Sanitizer for HP ProtectTools deletes files by ove rwriting them with meaning less data. This process, referred to as “shredding,” grea tly enhanc es information security by making the deleted files very difficult to recover. File Sanitizer further en hances information security by overwriting p reviously used [...]
-
Pagina 32
Adding applications Additional applications may be avail able to add new features to this program. 1. Click Start , click All Programs , click HP , and the n click HP ProtectTools Security Ma nager . 2. In the Sec urity Manag er left pane , select the Administration drop-d own menu and click Discover Mor e . NOTE: If there is no Discover More link,[...]
-
Pagina 33
5. Enter your password to verify your id entity, then click the arrow button. 6. Enter a path and name for the stor age file. By default, the file will be saved to your Documents folder. Click Browse to specify a different location. Click Next . 7. Enter and confirm a password to protect the file. 8. Click Fini sh . Restoring your data You restore [...]
-
Pagina 34
Changing your Windows user name and picture Your Windows user name and a picture are display ed in the upper left corne r of Security Manager. To change your user name and/or picture: 1. Click on the upper left section of Security Manager with your user name and picture. 2. To change your u ser name, type a name in th e Windows user n ame box. 3. T[...]
-
Pagina 35
4 Password Manager for HP ProtectTools Logging on to Win dows, websites and programs is easier and more se cure when you use Password Manager. Password Manager allows you to set up the logon screens o f websites and pro grams for quick and secure access. First, Password Manager learns about your log ons and the specific d ata that you type in the i[...]
-
Pagina 36
● Open Password Ma nager - Launc hes the Security Man ager dashboar d on the Passwor d Manager page. ● Help - Displays online help for the Password Manager application. NOTE: The administrator of the comput er may have set up Se curity Manager to requ ire more than one credential when verifying your identity. Adding logons Adding a logon f or a[...]
-
Pagina 37
4. Edit your logon information. ● Click the arrows to the right of a l ogon field to populate it with o ne of several preformatte d choices. ● Optionally, click Choose oth er fields to add additio nal fields from the screen to your logo n. ● Deselect Submit account data if you want the logon fields filled in but do n ot want them submitted. ?[...]
-
Pagina 38
Managing your logons Password Manager makes managing your logon info rmation - user names, p asswords and multiple logon accounts - painless and i ntuitive, from one central location. Your logons are liste d on the Manage tab . Whenever multiple logons h ave been created fo r the same website, each logon is then liste d under the we bsite name an d[...]
-
Pagina 39
5 Drive Encryption for HP ProtectTools NOTE: Drive Encryp tion for HP ProtectToo ls is available on some mode ls only. In today’s world, a co mputer belonging to you or anyone on your staf f coul d be stolen, and critical information abou t your company could b e seriousl y compromised. Encrypti ng everything o n your computer hard drive makes it[...]
-
Pagina 40
Setup procedures Opening Drive Encryption 1. Click Start , click All Programs , click HP , and the n click HP ProtectToo ls Administrative Console . 2. Click Drive Encryption . General tasks Activating Drive Encryption Use the HP Protect Tools Administrative Console Setup Wizard to activat e Drive Encryption. Deactivating Drive Encryption Use the H[...]
-
Pagina 41
Encrypting or decryp ting individual drives 1. In the Administrative Co nsole left pane, expand Drive Encryption , and click Encryption Manage ment . 2. Click the Change Encryption b utton. 3. In the Change En cryption dialog box, sel ect or clear the check box ne xt to each hard dri ve you want to e ncrypt or decrypt, a nd then c lick OK . NOTE: W[...]
-
Pagina 42
6 Privacy Manager for HP ProtectTools Privacy Manager is a tool used to obtain Certificates of Authority, which veri fy the source, integrity, and security of communicati on when using Microso ft mail, Microsoft Office docu ments, and Instant Messenger. Privacy Manager levera ges the security inf rastructure provid ed by HP Protect Tools Security M[...]
-
Pagina 43
set up as an account wi thin Microsoft Outlook on the same co mputer from which you are requesting the Privacy Manage r Certificate. Requesting a Privacy Manager Certificate 1. In the Security Manager le ft pane, expand Privacy Manager , and cli ck Certificates . 2. Click the Request a Privacy Manage r certificate button. 3. On the “Welcome” pa[...]
-
Pagina 44
Renewing a Privacy Manager Certificate When your Privacy Manager Certificate nears expiration, you w ill be notified that you need to renew it: 1. In the Security Manager le ft pane, expand Privacy Manager and click Certificat e Manager . 2. Click a Privacy Manager Ce rtificate . 3. Click Renew certificate . 4. Follow the on-screen instruction s to[...]
-
Pagina 45
3. On the “Migration Fil e” page, click Bro wse to search for the .dppsm file that you crea ted when you installed or expo rted the Privacy Manager Certificate, and then click Next . 4. On the “Migration Fil e Import” page, click Finish . 5. Click Close , and then click Apply . NOTE: Refer to Installing a Privacy Ma nager Certificate or Exp[...]
-
Pagina 46
Adding a Trusted Contact 1. In the Security Manager le ft pane, expand Privacy Manager and click Truste d Contacts , and then click the Invite Co ntacts butt on. – or – In Microsoft Outlook, clic k the do wn arrow next to Send Securely on the toolb ar, and then click Invite Contacts . 2. If the Select Certificate dialog box opens, click the Pri[...]
-
Pagina 47
NOTE: When the e -mail is received by the Trusted Con tact recipient, the re cipient must open the e-mail and click Accept in th e lower-right corner of the e- ma il, and then click OK when the confirmation dialog bo x opens. 7. When you receive an e-mail response from a re cipien t accepting the invi tation to be come a Trusted Contact, click Ac c[...]
-
Pagina 48
Configurin g Privacy M anager in a Mi crosoft Off ice docum ent 1. Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, highlight File Sanitizer , and then click Shred Now . 2. When the confirmation dialog box opens, cli ck Yes . – or – 1. In the Security Manager le ft pane, expand Privacy Manager and [...]
-
Pagina 49
To add a sugge sted signer to a Micro soft Word or Micro soft Excel document: 1. In Microsoft Word or Microsoft Excel, create and save a document. 2. Click the Insert menu. 3. In the Text group on the toolbar , click the arrow next to Signature Line , and the n click Privacy Manager Signature Provider . The Signature Setup dia log box opens. 4. In [...]
-
Pagina 50
5. Click OK . 6. Authenticate using your chosen security logon method. If you later decide to edit th e document, follow the st eps in Signing a Microsoft Of fice Document . When the encrypti on is removed, you can edit th e document. Follow the st eps in this section to encrypt the do cument again. Removing the encryptio n from a Microsoft Office [...]
-
Pagina 51
Using Privacy Manager in Microsoft Outlook When Privacy Manager is installe d, a Privacy butt on is displayed on the Microso ft Outlook toolbar, and a Send Securel y button is displayed o n the toolbar of each Microsoft Outlook e-mail message. NOTE: If you are using Microsoft Office 2007, you must h ave all the Microsoft updates applied otherwise s[...]
-
Pagina 52
Advanced tasks Migrating Privacy Manager Ce rtificates and Trusted Contacts to a different computer You can securely migrat e your Privacy Manag er Certificates and T rusted Contacts to a different computer. To do this, export them as a password -pro tected file to a networ k location or any removable storage device, a nd then import th e file to t[...]
-
Pagina 53
7 File Sanitizer for HP ProtectTools File Sanitizer is a tool that allows you to securely er ase critical files and folde rs (personal inform ation or files, historical or Web-rel a ted data, or other data components) on your computer and periodically bleach you r hard driv e. NOTE: File Sanitizer currently op erates only on the hard dr ive. About [...]
-
Pagina 54
Setting a free space bleaching schedule NOTE: Free space bleaching is f or those assets t hat you delete using the Windows Recycle Bin or for manually deleted a ssets. Free space ble aching provides no additional security to shredded assets. To set a free space bleaching schedule: 1. In the Security Manager le ft pane, expand File Sanitizer and cli[...]
-
Pagina 55
To select a prede fined shred profile: 1. In the Security Manager le ft pane, expand File Sanitizer and click Settings . 2. Click a predefined sh red profile. 3. Click View Detail s to view the list of assets that are selected for shredding. 4. Under Shred the following , select the check box next to each asset that you want to conf irm before shre[...]
-
Pagina 56
NOTE: It is highly recommende d that you run free space bl eaching regularly if you use the simple delete option. 1. In the Security Manager le ft pane, expand File Sanitizer , click Settings , select Si mple Dele te Settings , and then click View Details . 2. Select the assets you want to de lete: a. Under Available de lete options , click an asse[...]
-
Pagina 57
Manually shredding one asset CAUTION: Shredded assets cann ot be recovered. Care fully consider which items you select for manual shredd ing. 1. Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, highlight File Sanitizer , and then click Shred One . 2. When the Browse di alog box opens, navig ate to the [...]
-
Pagina 58
Aborting a shred or free space bleaching operation When a shred or free space ble aching opera tion is in progress, a messa ge above the HP ProtectTools Security M anager icon i n the no ti fication area is di splayed. The message provides details on the shre d or free space blea ching proc ess (p ercentage complete), and gives you the option to ab[...]
-
Pagina 59
8 Embedded Security for HP ProtectTools NOTE: The integrated Trusted Platform Module (TPM) embedded security chip must be installed in your computer to use Embedded Security fo r HP ProtectTools. Most HP commercial desktop computers include the Infineon TPM, which is the only commo n criteria certified chip to meet T CG specifications. Embedded Sec[...]
-
Pagina 60
To enable th e embedded security ch ip in Computer Setup: 1. Open Computer Setup by turning on or resta rting the computer, and then pressing F10 while the “F10 = ROM Base d Setup” message is displaye d in the lower-left corner of the screen. 2. If you have not se t an administrat or password, use the arrow keys to select Security , select Setu[...]
-
Pagina 61
NOTE: To use secure e-mail, you must first conf igure the e-mail client to u se a digital certificate that is created with Embedded Security . If a digital certificate is not av ailable, you must obtain one fro m a certification authority. F o r instructions on config uring your e-mail and obtaining a digital certificate, refe r to the e-mail clien[...]
-
Pagina 62
Advanced tasks Backing up and restoring The Embedded Security backup feature creates an arch ive that contains ce rtification information to be restored in case of eme rgency. Creating a backup file To create a backup file: 1. Click Start , click All Programs , click HP , and the n click HP ProtectTools Security Ma nager . 2. In the left pane, clic[...]
-
Pagina 63
9 Device Access Manager for HP ProtectTools This secu rity tool is available to a dministrato rs only. Device Access Manager for HP ProtectTool s has the following security fe atures that protect against un authorized access to devices attached to yo ur computer system: ● Device profil es that are created fo r each user to define device access ?[...]
-
Pagina 64
NOTE: If background serv ice is not running , it attempts to st art now. Click Yes to allow it. 5. Click OK . Device class configuration (advanced) More selections a re available to allow specific us ers or groups of users to be granted or denied access to types of devices. Adding a user or a group 1. Click Start , click All Programs , click HP , a[...]
-
Pagina 65
Scenario: A Simple Configuration policy is configured to deny all non-Device Administrators access to the DVD/CD-ROM drive. Result: A JITA enabled user attempts to access t he DVD/CD-ROM drive, they receive the same access denied me ssage as a non JITA ena bled user. In addition, ano ther popup will disp lay asking for the users credentials. Once t[...]
-
Pagina 66
5. Set the JITA perio d to the required time . 6. Click the Extendable check box. 7. Click the Apply button. The selected user can now login, authenticate to Security Manager and access the device. One minute before the JIT A period is about to expire , the user will be prom pted to extend their JITA period. Disabling a JITA for a user or group Adm[...]
-
Pagina 67
10 Computrace for HP ProtectTools Computrace for HP ProtectTools is a tool that can remotely monitor, manage, and track your computer. Once activated, Computrace for HP ProtectTools is configured from the Ab solu te Softwar e Customer Center. From th e Customer Cent er, the administra tor can configure C omputrace for HP Pr otectTools to monitor or[...]
-
Pagina 68
Glossary activation. The task that must b e completed before any o f the Driv e Encryption features ar e a ccessible. Drive Encryption is activated using the HP ProtectTo ols Security Mana ger Administrative Consol e setup wizard. Only an administrator can activate Drive Encryption. The activa tion process consists of act ivating the sof tware, enc[...]
-
Pagina 69
Drive Encryp tion key r ecovery ser vice. The SafeBoot Reco very Service. It stores a copy of the encryption key, enabling you to access your computer if you forget you r password and do not have access to your local backup key. You must crea te an account with the service to set up onlin e access to your backup key. Drive Encryption logon screen. [...]
-
Pagina 70
A task that allows the us er to decrypt one or more chat history sessions, displaying the Contact Screen Name(s) in plain text and ma king the session availab le for viewing. revocation pas sword. A password that is cre ated when a user requ ests a digi ta l certificate. The passwor d is requi red when the user wants to revoke his o r her digital c[...]
-
Pagina 71
A communication session during which trusted messages ar e sent from a trusted send er to a Trusted Contact. trusted message. A communication session during which trusted messages ar e sent from a trusted send er to a Trusted Contact. Trusted Platform Modu le (TPM) embedded secu rity chip. The generic term for the HP Pro tectTools Embedded Security[...]
-
Pagina 72
Index A access controlling 53 preventing unauthorized 8 accessing HP ProtectT ools Security 6 account basic user 50 advanced tasks Device Acce ss Manager 54 Embedded Security 52 B background service, Device Access Manager 53 backing up and re storing certification information 52 Embedded Security 52 backup and resto re 22 basic user account 50 Basi[...]
-
Pagina 73
changing Windo ws user name 24 changing your picture 24 device access 21 drive encryption status 21 logging in 18 managing communi cation privacy 20 managing pa sswords 19 preferences 22 setting credentials 19 shredding or bleaching files 21 theft recovery 21 HP ProtectTools Security Manager Administrative Console configuring application settings 1[...]
-
Pagina 74
viewing Privacy Manager certificate details 33 viewing trusted contact details 37 R restricting access to sensitive data 7 device access 53 S security key objectives 6 levels 13 logging in 18 login methods 13 roles 9 setup wizard 13 security setup password 10 shred profile customizing 45 predefined 44 selecting or creating 44 simple delete profile [...]