HP t5710 HP Sygate Security Agent User Guide

HP t5710 - Thin Client Manual

Get HP t5710 - Thin Client PDF manuals and user guides View all HP t5710 manuals
Add to My Manuals
Save this manual to your list of manuals

HP t5710 manual content summary:

  • HP t5710 | HP Sygate Security Agent User Guide - Page 1
    HP Sygate Security Agent 4.0 User Guide Documentation Build 1004 Published: May 1, 2005
  • HP t5710 | HP Sygate Security Agent User Guide - Page 2
    Copyright Information Copyright© 2003-2005 by Sygate Technologies, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic, mechanical, or otherwise, without prior written permission of Sygate Technologies, Inc. Information in this
  • HP t5710 | HP Sygate Security Agent User Guide - Page 3
    Preface ...ix Related Documentation ...ix Intended Audience...ix Technical Support ...x Chapter 1. Overview of the Agent 1 Modifying the Security Tells You 8 What Does the Flashing System Tray Icon Mean 10 The System Tray Icon Menu 10 Enabling Password Protection 11 Chapter 3. Testing Your
  • HP t5710 | HP Sygate Security Agent User Guide - Page 4
    HP Sygate Security Agent User Guide Rule Summary field ...20 Hosts Tab ...20 All addresses ...21 MAC addresses...21 IP Address(es) ...21 Subnet...21 Rule Summary field ...21 Ports and
  • HP t5710 | HP Sygate Security Agent User Guide - Page 5
    36 Saving Logs ...37 Stopping an Active Response 37 Chapter 6. Configuring the Agent's Settings 39 General Tab ...39 Automatically load HP Sygate Agent service at startup 40 Block Network Neighborhood traffic while in screensaver mode 40 Hide all notification messages 40 Beep before notify
  • HP t5710 | HP Sygate Security Agent User Guide - Page 6
    HP Sygate Security Agent User Guide To: ...47 Cc: ...48 Subject:...48 SMTP Server Address 48 My E-Mail Server Requires Authentication 48 Authentication Server Address 48 User Name/Password 48 Test E-Mail Notification 48 Log Tab ...48 Enable ... Log ...49 Maximum log file size is ... KB 49 Save
  • HP t5710 | HP Sygate Security Agent User Guide - Page 7
    Table Of Contents List of Tables Table 1. Table 2. Table 3. Table 4. Table 5. Table 6. Table 7. Table 8. Table 9. Table 10. Table 11. Table 12. Menus...7 System Tray Icon Colors 9 System Tray Icon Appearance 9 System Tray Icon Menu 11 Security Log Icons...29 Security Log Parameters and
  • HP t5710 | HP Sygate Security Agent User Guide - Page 8
    HP Sygate Security Agent User Guide List of Figures Figure 1. Main Console ...4 Figure 2. Traffic History Graph...5 Figure 3. Security Log...30 viii
  • HP t5710 | HP Sygate Security Agent User Guide - Page 9
    Sygate Standalone Agent (the Agent). For late-breaking news about known problems with this release, refer to the Readme.txt file that is included with this software. Related Documentation • HP Sygate Security Agent User Guide (online Help)-The online Help is a subset of information in this document
  • HP t5710 | HP Sygate Security Agent User Guide - Page 10
    the country and language and click the double arrow. 3. On the Support & Drivers page, under Or Select a product category, click Desktops & Workstations. 4. Click Thin Clients and then the specific product. Note: You can also click the Contact HP link for additional contact and resources links. x
  • HP t5710 | HP Sygate Security Agent User Guide - Page 11
    the Policy Editor: 1. From the Sygate FTP site, download the Policy Editor installer package, PolicyEditorInstaller.exe, to the image-building system. 2. Follow the instructions when prompted for your agreement to the license agreement, location of the software on your hard drive, and so on. 1
  • HP t5710 | HP Sygate Security Agent User Guide - Page 12
    User Guide When you install Policy Editor, the default policy file is automatically installed with it. When you open the Policy Editor, the default policy file's advanced rules and options appear. To open the Policy Editor: • On the image-building system, click Start|All Programs|Sygate|HP Sygate
  • HP t5710 | HP Sygate Security Agent User Guide - Page 13
    you immediately. To configure your Agent or review logs of potential attacks on your Agent, HP Sygate Security Agent. Any method opens the main console, or the main screen that is the control center for the Agent. Option Alert: You can only open the Agent if you have logged on using an Administrator
  • HP t5710 | HP Sygate Security Agent User Guide - Page 14
    HP Sygate Security Agent User Guide Figure 1. Main Console The Agent interface is resizable, so you can view it as a full-screen or part-screen image. Menus and Toolbar Buttons The
  • HP t5710 | HP Sygate Security Agent User Guide - Page 15
    sent to every device in a particular subnet, and thus is not directed specifically to your device. If you do not want to see this traffic, display of system services by clicking Hide Windows Services above the Running Applications field. There are a number of services running at any given time, and
  • HP t5710 | HP Sygate Security Agent User Guide - Page 16
    of the Agent is located below the Running Applications field on the main console. It provides a real-time update of your Agent's communication status. The Message Console is, by default, hidden. To show or hide the Message Console: 1. Below the Running Applications field, click Show Message Console
  • HP t5710 | HP Sygate Security Agent User Guide - Page 17
    and click Normal. • Normal-Blocks only selective traffic. This is the default configuration, and is a prudent choice. Tools • Logs-Opens the Logs set very specific rules for implementing security on your Agent. • Update Signature-Not enabled for the Agent. • Automatically Start Service-Not enabled
  • HP t5710 | HP Sygate Security Agent User Guide - Page 18
    HP Sygate Security Agent User Guide application path, and more. • Hide Windows Services-Toggles the display of Windows Services in the Running Applications field. • Hide arrow is incoming traffic. These arrows give you a real-time update of your device's traffic flow. You might not see a constant
  • HP t5710 | HP Sygate Security Agent User Guide - Page 19
    is in Alert Mode. This means that an attempted attack against your device has been recorded in your Security Log. To make the icon stop flashing, double-click the icon. The Security Log will open, displaying a new log entry. The Agent is in Block All mode. Incoming traffic is flowing uninterrupted
  • HP t5710 | HP Sygate Security Agent User Guide - Page 20
    HP Sygate Security Agent User Guide ; the Agent is disabled. What Does the Flashing System Tray Icon Mean? The system tray icon sometimes flashes on and off. The icon stops flashing after one minute. For users with an Administrator account, you can also stop the icon from flashing by opening
  • HP t5710 | HP Sygate Security Agent User Guide - Page 21
    Table 4. System Tray Icon Menu Menu Option Description HP Sygate Security Agent Block All Normal Opens the Agent's the Advanced Rules dialog box, where you can write specific rules for allowing or blocking network access. Disable/Enable Disables and reenables the Agent. The Agent is running but
  • HP t5710 | HP Sygate Security Agent User Guide - Page 22
    HP Sygate Security Agent User Guide 3. Enter your new password in the New Password and Confirm New Password fields. Note: You can disable password protection by making no entry in the New Password field and confirming that in the Confirm New Password field. 4. To have the Agent prompt you for a
  • HP t5710 | HP Sygate Security Agent User Guide - Page 23
    ) directly. 2. On the web page, click Scan Now. The Sygate Online Services scanner scans your computer and attempts to determine your IP address, operating system, web browser, and other information about your system. 3. For a specific type of scan, click one of the following web pages: o Quick Scan
  • HP t5710 | HP Sygate Security Agent User Guide - Page 24
    HP Sygate Security Agent User Guide o UDP Scan o ICMP Scan 4. Click Scan Now. A brief document of frequently asked questions about Sygate Online Services active Trojan horse programs that you or someone else may have inadvertently downloaded. The Trojan scan takes about 10 minutes to complete. A list
  • HP t5710 | HP Sygate Security Agent User Guide - Page 25
    Testing Your System's Vulnerability and proxies for users connecting to the web site through such a device. The scan takes about 10 minutes and should be logged in the Security Log as a port scan from Sygate. ICMP Scans When an ICMP scan has completed scanning a user's device, it displays a page
  • HP t5710 | HP Sygate Security Agent User Guide - Page 26
    HP Sygate Security Agent User Guide 16
  • HP t5710 | HP Sygate Security Agent User Guide - Page 27
    to systematically allow or block incoming and outgoing traffic from specific applications, ports, and IP addresses during designated time 80 is allowed." The Agent supports advanced rules, which exhibit complex relationships between applications, IP addresses, and services. For example, an advanced
  • HP t5710 | HP Sygate Security Agent User Guide - Page 28
    HP Sygate Security Agent User Guide To set up click the Browse button to locate it. 5. To create a rule with the default settings, click OK. Or, to change these settings on the other tabs, information that you enter on each tab, the more specific the rule will be. 6. Click the Move Up or Move Down
  • HP t5710 | HP Sygate Security Agent User Guide - Page 29
    Working With Rules Rules are applied in the order they are listed. For example, if a rule that blocks all traffic is listed first, followed by a rule that allows all traffic, the Agent blocks all traffic at all times. 7. To enable a rule on the Agent, make sure the check mark appears in the
  • HP t5710 | HP Sygate Security Agent User Guide - Page 30
    HP Sygate Security Agent User Guide Apply Rule to Network Interface Specifies which network interface card this rule will apply to. If you have multiple network cards, select one from the
  • HP t5710 | HP Sygate Security Agent User Guide - Page 31
    Working With Rules All addresses Applies rule to all addresses. MAC addresses Applies rule to the MAC address of the traffic. IP Address(es) Applies rule to the IP address or address range of the traffic. Subnet Applies rule to the subnet address and subnet mask of the traffic. Rule Summary field
  • HP t5710 | HP Sygate Security Agent User Guide - Page 32
    Guide Protocol Specifies a protocol for the rule. All Protocols Applies to all protocols on all ports, for both incoming and outgoing traffic. TCP Displays two more list boxes in which you can specify which ports (remote and/or local) should be affected by the rule. You can type the port numbers
  • HP t5710 | HP Sygate Security Agent User Guide - Page 33
    Working With Rules all ports will be affected by the rule. If you enter a port number for the local port entry, but not for the remote port entry, then the local port you entered and ALL remote ports will be affected
  • HP t5710 | HP Sygate Security Agent User Guide - Page 34
    HP Sygate Security Agent User Guide Enable Scheduling Enables the scheduling feature. During the that the scheduling begins, including a month, day, hours, and minutes. You can also leave the default settings, which apply the schedule all day, every day, all year. Duration If you have specified
  • HP t5710 | HP Sygate Security Agent User Guide - Page 35
    Working With Rules Applications Tab You can specify applications that will be affected by advanced rules. The Applications tab provides a list of all applications that have accessed your network connection. Display selected applications only Displays only the applications that you have selected to
  • HP t5710 | HP Sygate Security Agent User Guide - Page 36
    HP Sygate Security Agent User Guide Browse Opens the Open dialog box so you can search for applications that are not displayed in the table. Rule Summary field Provides a description of the rule and what traffic it will affect on your system. 26
  • HP t5710 | HP Sygate Security Agent User Guide - Page 37
    scanning, that is aimed at your device. They also help you troubleshoot connectivity problems or possible network attacks. The Agent's logs can also do back such as the starting and stopping of services, detection of network applications, software configuration modifications, and software execution errors.
  • HP t5710 | HP Sygate Security Agent User Guide - Page 38
    HP Sygate Security Agent User Guide the View menu and click either Local View, the default setting, or Source View. Depending on whether you wish. 5. Click Refresh or press F5 to update the log that you are viewing. 6. Click as port scanning, or denial of service attacks. The Security Log is probably
  • HP t5710 | HP Sygate Security Agent User Guide - Page 39
    Other attacks, like Trojan horses, are programs that have been downloaded to your device and therefore are already present; they are considered Name of the remote computer (only appears in Local View - this is the default) Remote MAC MAC address of the remote device. If outside the subnet, it is
  • HP t5710 | HP Sygate Security Agent User Guide - Page 40
    HP Sygate Security Agent User Guide Table 6. Security Log Parameters and Description Name of Parameter MAC Description Application Name Name of the application associated with the attack User Name User or Computer client that sent or received the traffic Domain Domain of the user Security
  • HP t5710 | HP Sygate Security Agent User Guide - Page 41
    or outgoing) Protocol Type of protocol - UDP, TCP, and ICMP Remote Host Name of the remote computer (only appears in Local View - this is the default) Remote MAC MAC address of the remote device. If outside the subnet, it is the MAC address of the router. (only appears in Local View
  • HP t5710 | HP Sygate Security Agent User Guide - Page 42
    HP Sygate Security Agent User Guide Table 8. Traffic Log Parameters and Description Name of Parameter Local Port/ICMP Code Description Port and ICMP code used on the Agent device (only appears in Local View - this is the default User Login name of the attack Occurrences Number of packets
  • HP t5710 | HP Sygate Security Agent User Guide - Page 43
    Monitoring and Logging Packet Log The Packet Log captures every packet of data that enters or leaves a port on your device. The Packet Log is disabled by default in the Agent because of its potentially large size. You must enable the Packet Log first. Icons for the Packet Log There is only one
  • HP t5710 | HP Sygate Security Agent User Guide - Page 44
    HP Sygate Security Agent User Guide starting and stopping of services, detection of network Console. The System Log is especially useful for troubleshooting the Agent. Icons for the System Log When log indicates a problem with the source; a Warning log indicates a potential problem; and an
  • HP t5710 | HP Sygate Security Agent User Guide - Page 45
    and Clearing Logs The Security, Traffic, and System Logs are enabled by default. You must enable the Packet Log before you can view the contents. of the maximum size for the log file. 256 KB is the default setting. 5. Click OK. To set the number of days to save the log: 1. On the Tools menu, click
  • HP t5710 | HP Sygate Security Agent User Guide - Page 46
    HP Sygate Security Agent User Guide Back Tracing Logged Events Back tracing enables you to pinpoint the source of data from a logged event. Like retracing a criminal's path at a crime scene, back
  • HP t5710 | HP Sygate Security Agent User Guide - Page 47
    panel unless you are experiencing a high number of security logs in which the attacks originate but is it more likely that you do this for security review, or to import them into a tool such as Microsoft Excel specific amount of time (the default is 10 minutes). If you don't want to wait the default
  • HP t5710 | HP Sygate Security Agent User Guide - Page 48
    HP Sygate Security Agent User Guide To stop an active response: 1. On the main console, click Tools|Logs|Security. 2. Select the row for the application or service you want to unblock. Blocked traffic is specified as Blocked in the Action column. 3. On the Action menu, click Stop Active Response to
  • HP t5710 | HP Sygate Security Agent User Guide - Page 49
    Chapter 6. Configuring the Agent's Settings You can set and import security options for the Agent, including e-mail notification of attacks, customizable pop-up messages, heartbeat settings, log file configuration, file sharing options, computer control settings, and advanced security measures such
  • HP t5710 | HP Sygate Security Agent User Guide - Page 50
    Sygate Security Agent User Guide Automatically load HP Sygate Agent service at startup Automatically launches the Agent at disables the Beep before notify, Hide blocking notification, and Hide application popup check boxes. By default, this option is not checked. Beep before notify Allows audio
  • HP t5710 | HP Sygate Security Agent User Guide - Page 51
    appears for 15 seconds, by default. Click Yes to allow the password every time you access the Agent main console. Ask password while exiting Prompts you to enter your password when closing the Agent. Network Neighborhood Tab The Network Neighborhood tab provides multiple interface support
  • HP t5710 | HP Sygate Security Agent User Guide - Page 52
    Agent User Guide Network Interface Specifies the network you want to access. Allow to browse Network Neighborhood files and printer(s) Enables you to browse other computers, devices, and printers on the selected network. This allows you to access other files on your network. If you disable this, you
  • HP t5710 | HP Sygate Security Agent User Guide - Page 53
    , cannot be detected by port scans or communication attempts, such as ping. By default, this option is disabled on the Agent. Enable DoS detection Causes the Agent to check incoming traffic for known Denial of Service (DoS) attack patterns. DoS attacks are characterized by an explicit attempt by an
  • HP t5710 | HP Sygate Security Agent User Guide - Page 54
    HP Sygate Security Agent User Guide default, this option is enabled in the Agent. Block all traffic while the service if you download a patch each application uses specific DLLs. Often, default, this option is disabled in the Agent. Reset all fingerprints for all applications Clears the Agent's memory
  • HP t5710 | HP Sygate Security Agent User Guide - Page 55
    request was made to that specific host. It blocks all other unexpected ARP traffic and logs it in the Security Log. By default, this option is enabled on 139, 445, and 1026. Be aware that this can cause a problem with Outlook if connecting to an Exchange server that is on a different subnet. If
  • HP t5710 | HP Sygate Security Agent User Guide - Page 56
    HP Sygate Security Agent User Guide rule specifically allowing access to that server. By default, this option is disabled on the Agent. Naming Service (WINS) requests only if they were solicited. If the traffic was not requested, the WINS reply is blocked. By default, this option is disabled in
  • HP t5710 | HP Sygate Security Agent User Guide - Page 57
    first three options set the frequency of the message. Do Not Notify Disables the e-mail notification option. Notify Immediately Sends an e-mail message immediately following email address. This can be an administrator's email address, or your email address, if you are accessing email remotely. 47
  • HP t5710 | HP Sygate Security Agent User Guide - Page 58
    HP Sygate Security Agent User Guide Cc: Specifies an e-mail address to send a courtesy copy of each email Address: Specifies the address of the authentication server. User Name/Password: Specifies your username and password for the authentication server in the appropriate fields. Test E-Mail
  • HP t5710 | HP Sygate Security Agent User Guide - Page 59
    is ... KB Specifies the maximum size for the log file in kilobytes. The default setting is either 512 KB or 1024 KB. Save log file for the past ... days For the log you want to configure, specifies the number of days to save the log. Clear Logs Clears the selected log. 49
  • HP t5710 | HP Sygate Security Agent User Guide - Page 60
    HP Sygate Security Agent User Guide 50
  • HP t5710 | HP Sygate Security Agent User Guide - Page 61
    the IP address of a known intruder for a specific amount of time. The amount of time that added on an Agent to enforce a security policy. Advanced Rules can exhibit complex relationships between applications, IP addresses, and services. See also firewall rule, simple rule. Agent: A device running HP
  • HP t5710 | HP Sygate Security Agent User Guide - Page 62
    HP Sygate Security Agent User Guide fingerprint: A 128-bit number that is generated by performing The process of granting or denying access to a specific network resource or domain based on the user's identity memory, or buffers, for use as storage, frequently setting aside a finite amount of memory
  • HP t5710 | HP Sygate Security Agent User Guide - Page 63
    In the context of the Agent, client refers to a Sygate Security Agent running a company that can host Internet services and has devices accessible to the specific dynamic link libraries (DLLs) and ensure the integrity of applications. An Agent can be instructed to allow or block known DLLs. An added
  • HP t5710 | HP Sygate Security Agent User Guide - Page 64
    . DoS attack: See Denial of Service (DoS). driver-level protection: A Sygate software feature that blocks protocol drivers from gaining access to the network unless a user gives permission. If a protocol driver attempts to gain access to the network through a client running the Sygate Security Agent
  • HP t5710 | HP Sygate Security Agent User Guide - Page 65
    and block incoming traffic from specific IP addresses and ports. administrator can make changes to it at any time. See also Computer Group, Users Group, Global Group. GUID passwords and code. Another type of hijacking involves an active attack done by forcing the user offline (with a Denial of Service
  • HP t5710 | HP Sygate Security Agent User Guide - Page 66
    the default log server, port numbers, administrator console timeout, encrypted web console communication, and console access. Other initialization files are SetAid.ini (for Agent installation settings and AutoLocation method) and SyLink.xml (specifying Agent administrative details such as client vs
  • HP t5710 | HP Sygate Security Agent User Guide - Page 67
    , custom library. Lightweight Directory Access Protocol (LDAP): A standard directory access protocol for searching and updating information directories containing, for example, email addresses, phone numbers, and computer names and addresses. LDAP is the primary protocol used to access directory
  • HP t5710 | HP Sygate Security Agent User Guide - Page 68
    , service, or operating system. The information is used to track the operations performed. Sygate Secure Enterprise provides extensive logging capabilities that track events such as security violations, changes to security policies, network traffic, client connections, and administrator activities
  • HP t5710 | HP Sygate Security Agent User Guide - Page 69
    Secure Enterprise, each packet is evaluated for specific patterns that indicate known attacks. If a Ports are numbered from 0 to 65535. Ports 0 to 1024 are reserved for use by certain privileged services. See by default, have a priority of 10. Advanced Rules, by default, have a priority of 5.
  • HP t5710 | HP Sygate Security Agent User Guide - Page 70
    Guide Profile Serial Number: A number that the Policy Editor automatically generates every time an Agent's security policy changes. A system administrator can check the serial number on the Help|About menu of the Agent to verify that an Agent is running an up-to-date security policy. protocol driver
  • HP t5710 | HP Sygate Security Agent User Guide - Page 71
    downloading the latest version from the Sygate Technologies web site to your Sygate Management Server. Administrators Name System (DNS) client to resolve a domain name WINS: Allows Windows Internet Naming Service (WINS) requests only if they number on which the traffic originated. See also port. 61
  • HP t5710 | HP Sygate Security Agent User Guide - Page 72
    HP Sygate Security Agent User Guide within a subnet use the same first three sets of numbers (such as 192.168.1 in 192.168.1.180 and and block known Trojans and Denial of Service attacks, and also protects against new or to alert users and system administrators of potential attacks, while maintaining
  • HP t5710 | HP Sygate Security Agent User Guide - Page 73
    Sygate Security Agent. See also IP address. U UDP: See User Datagram Protocol (UDP). unicast: Sending a message to one specific computer. See also broadcast, multicast. unique ID: A 128-bit hexadecimal number, also called the GUID, assigned to uniquely identify a client running Agent software. 63
  • HP t5710 | HP Sygate Security Agent User Guide - Page 74
    network and perform destructive tasks such as using up computer memory resources. Worms do not infect other files as viruses typically do, but instead worms make copies of themselves over and over depleting system resources (hard drive space) or depleting bandwidth (by spreading over shared network
  • HP t5710 | HP Sygate Security Agent User Guide - Page 75
    Packet Log 33 Security Log 28 System Log 34 Traffic Log 30 viewing 28 M menu commands 6 N Network Neighborhood tab 41 O options creating 39 defined 1, 39 P password protection, enabling 11, 39 Policy Editor 1 65
  • HP t5710 | HP Sygate Security Agent User Guide - Page 76
    HP Sygate Security Agent User Guide policy file 1 Ports and Protocols tab 21 protecting your system 13, 17, 39 S scanning your system 13 Scheduling tab 23 security options creating 39 defined 1,
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
HP Sygate Security Agent 4.0
User Guide
Documentation Build 1004
Published: May 1, 2005