HP t5710 HP Sygate Security Agent and Symantec Embedded Security:Frequently As - Page 10

10

Intrusion detection

Q:

What is the functionality of an Intrusion Detection System (IDS)?

A:

An IDS detects and identifies known Trojans, port scans, and other common attacks, and selectively

enables or blocks the use of various networking services, ports, and components. The agent also

provides deep packet inspection, further enhanced intrusion detection and prevention capabilities,

including alerts when another user attempts to compromise your system. The end result is a system

that analyzes network packets and compares them with known attacks and known behavioral

patterns of attack, and then intelligently blocks the malicious attacks.

Q:

How do I deploy modified policies with Altiris?

A:

To deploy modified policies to terminals, perform the following:

•

See question “How do I modify the ports against the applications already specified by HP?”

on page 8 to make policy updates.

•

See question “Are there best practices for automating deployment?” on page 10 for instruc-

tions on deploying the updates.

•

See question “How do I make IDS files persistent?” on page 10 for instructions on retaining

policy updates across reboots.

Q:

Are there best practices for automating deployment?

A:

Example scripts for Altiris remote deployment are available as a Softpaq for the general public with

the Policy Editor.

Q:

How do I make IDS files persistent?

A:

Using the script with the IDS Softpaq will allow the administrator to make IDS files persistent. To

manually configure the files, the administrator must disable the enhanced write filter (EWF). For

additional information about the EWF, please refer to the Using the Enhanced Write Filter white

paper at:

http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00101105/c00101105.pdf

For more information

For additional information about HP Compaq t5000 thin clients, refer to the following:

http://h18004.www1.hp.com/products/thinclients/index_t5000.html

© 2006 Hewlett-Packard Development Company, L.P. The information in this document is subject to change without notice. The

only warranties for HP products and services are set forth in the express warranty statements accompanying such products and

services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or

editorial errors or omissions contained herein.

Microsoft, MS-DOS, Windows, and Windows NT are trademarks of Microsoft Corporation in the U.S. and other countries.

382993-003, 3/2006

Section	Page
HP Sygate Security Agent and Symantec Embedded Security: Frequently Asked Questions	1
Question and answers	2
Overview	2
Q: Are thin clients susceptible to viruses or worms?	2
1. With the HP thin client computing model, your exposure to virus attack on the thin client system is less than a standard Wind...	2
2. The HP thin client computing model utilizes PC blades and/or servers located in the data center. You can protect and monitor ...	2
3. Since no user data resides on the thin client, there is no risk of user data loss due to a virus or worm on the thin client.	2
4. If a thin client’s image is compromised or corrupted, the recovery time is typically measured in minutes instead of hours. You can often perform recovery with a simple reboot of the client.	2
Q: What does HP deliver in the factory image?	2
Q: What is the free functionality?	3
Q: How can I get signature updates for the Sygate firewall to ensure protection from the latest threats?	3
Q: How can I obtain antivirus support for my thin clients?	3
Q: How do I buy Symantec Embedded Security?	3
Firewall questions	4
Q: What approach has HP taken to secure my thin client?	4
Q: How is the HP Sygate Security Agent different than Microsoft Windows Firewall?	4
Q: What is the difference between a whitelist and a blacklist approach?	4
Q: What viruses, worms, or vulnerabilities will HP Sygate Security Agent block?	5
Q: How do I use the SOS scanner?	6
1. Double-click the Sygate icon to launch the HP Sygate Security Agent GUI.	6
2. Select Tools > Test Your System Security to automatically launch Internet Explorer and links to SOS at http://scan.sygate.com.	6
3. From the Sygate site, select the tests you want to perform.	6
Q: Which inbound and outbound ports has HP allowed?	6
Q: What is the HP Sygate Policy Editor and what does it do?	7
Q: Where do I obtain the HP Sygate Policy Editor?	8
Q: Is there a fee associated with the HP Sygate Policy Editor?	8
Q: Who do I contact for technical support on the HP Sygate Policy Editor?	8
Q: How do I modify the ports against the applications already specified by HP?	8
1. Log on as Administrator.	8
2. Right-click on the Sygate systray icon.	8
3. Select Advanced Rules.	8
Q: Is there a limitation to which ports and/or applications that I can add?	8
Q: What if my application uses a range of ports?	8
Q: Can I or do I need to specify whether my application uses UDP or TCP?	8
Q: Is there a risk to opening all ports for an application?	8
Q: Is there a limit to the number of rules I can add?	8
Q: Is there a list of well-known ports and their respective applications?	8
Log files	9
Q: How do I view the log files while at the thin client?	9
1. Log in as Administrator.	9
2. Right-click the Sygate icon in the system tray.	9
3. Select Logs.	9
Q: How do I retrieve the log files remotely?	9
Q: What does the log file reveal?	9
Q: How do I know that a port or application has been blocked?	9
Q: What should I do when an application is blocked?	9
Intrusion detection	10
Q: What is the functionality of an Intrusion Detection System (IDS)?	10
Q: How do I deploy modified policies with Altiris?	10
Q: Are there best practices for automating deployment?	10
Q: How do I make IDS files persistent?	10

HP t5710 HP Sygate Security Agent and Symantec Embedded Security:Frequently As - Page 10

Intrusion detection, For more information - thin client manual

Page 10 highlights