HP t5710 HP Sygate Security Agent and Symantec Embedded Security:Frequently As - Page 6

6

•

Trojan Scan: Scans all of a device’s 65,535 ports for active Trojan horse programs that you

or someone else may have inadvertently downloaded. The Trojan scan takes about 10 min-

utes to complete. A list of common Trojans is available on the Sygate Web site.

•

TCP Scan: Examines the 1,024 ports that are mainly reserved for TCP services, such as

instant messaging services, to see if these ports are open to communication. Open ports can

indicate a dangerous security hole that malicious hackers can exploit.

•

UDP Scan: Uses various methods and protocols to probe for open ports utilizing UDP. The

UDP scan will scan ports on your device that are connected to devices such as routers and

proxies for users connecting to the Web site through such a device. The scan takes about 10

minutes and should be logged in the Security Log as a port scan from Sygate.

•

ICMP Scan: Scans a user’s device and displays a page with the results of the scan. If a user

is running the Agent, all scans are blocked.

Q:

How do I use the SOS scanner?

A:

To perform the SOS scan, log in as an administrator and perform the following steps:

1.

Double-click the Sygate icon to launch the HP Sygate Security Agent GUI.

2.

Select

Tools > Test Your System Security

to automatically launch Internet Explorer and links

to SOS at

http://scan.sygate.com.

3.

From the Sygate site, select the tests you want to perform.

Q:

Which inbound and outbound ports has HP allowed?

A:

The following table provides detailed information about ports:

Inbound/outbound port table

Application

TCP ports allowed

UDP ports allowed

Remote ports

NT Kernel & System (ntoskrnl.exe)

1723

53, 67, 68, 123, 137, 138

NDIS User Mode I/O Driver (ndisuio.sys)

53, 67, 68, 123, 137, 138

TCP/IP Protocol Driver (tcpip.sys)

53, 67, 68, 123, 137, 138

IPv6 Driver (tcpip6.sys)

53, 67, 68, 123, 137, 138

NWLINK2 IPX Protocol Driver (nwlnkipx.sys)

53, 67, 68, 123, 137, 138

Internet Explorer (iexplore.exe)

20, 21, 22, 80, 443,

8080, 8000

Windows Media Player (wmplayer.exe)

20, 21, 22, 80, 443,

8080, 8000

FTP Application (ftp.exe)

20, 21, 22, 80, 443,

8080, 8000

Remote Desktop Application (mstsc.exe)

1380, 3360 - 4020

1024 - 4900

Section	Page
HP Sygate Security Agent and Symantec Embedded Security: Frequently Asked Questions	1
Question and answers	2
Overview	2
Q: Are thin clients susceptible to viruses or worms?	2
1. With the HP thin client computing model, your exposure to virus attack on the thin client system is less than a standard Wind...	2
2. The HP thin client computing model utilizes PC blades and/or servers located in the data center. You can protect and monitor ...	2
3. Since no user data resides on the thin client, there is no risk of user data loss due to a virus or worm on the thin client.	2
4. If a thin client’s image is compromised or corrupted, the recovery time is typically measured in minutes instead of hours. You can often perform recovery with a simple reboot of the client.	2
Q: What does HP deliver in the factory image?	2
Q: What is the free functionality?	3
Q: How can I get signature updates for the Sygate firewall to ensure protection from the latest threats?	3
Q: How can I obtain antivirus support for my thin clients?	3
Q: How do I buy Symantec Embedded Security?	3
Firewall questions	4
Q: What approach has HP taken to secure my thin client?	4
Q: How is the HP Sygate Security Agent different than Microsoft Windows Firewall?	4
Q: What is the difference between a whitelist and a blacklist approach?	4
Q: What viruses, worms, or vulnerabilities will HP Sygate Security Agent block?	5
Q: How do I use the SOS scanner?	6
1. Double-click the Sygate icon to launch the HP Sygate Security Agent GUI.	6
2. Select Tools > Test Your System Security to automatically launch Internet Explorer and links to SOS at http://scan.sygate.com.	6
3. From the Sygate site, select the tests you want to perform.	6
Q: Which inbound and outbound ports has HP allowed?	6
Q: What is the HP Sygate Policy Editor and what does it do?	7
Q: Where do I obtain the HP Sygate Policy Editor?	8
Q: Is there a fee associated with the HP Sygate Policy Editor?	8
Q: Who do I contact for technical support on the HP Sygate Policy Editor?	8
Q: How do I modify the ports against the applications already specified by HP?	8
1. Log on as Administrator.	8
2. Right-click on the Sygate systray icon.	8
3. Select Advanced Rules.	8
Q: Is there a limitation to which ports and/or applications that I can add?	8
Q: What if my application uses a range of ports?	8
Q: Can I or do I need to specify whether my application uses UDP or TCP?	8
Q: Is there a risk to opening all ports for an application?	8
Q: Is there a limit to the number of rules I can add?	8
Q: Is there a list of well-known ports and their respective applications?	8
Log files	9
Q: How do I view the log files while at the thin client?	9
1. Log in as Administrator.	9
2. Right-click the Sygate icon in the system tray.	9
3. Select Logs.	9
Q: How do I retrieve the log files remotely?	9
Q: What does the log file reveal?	9
Q: How do I know that a port or application has been blocked?	9
Q: What should I do when an application is blocked?	9
Intrusion detection	10
Q: What is the functionality of an Intrusion Detection System (IDS)?	10
Q: How do I deploy modified policies with Altiris?	10
Q: Are there best practices for automating deployment?	10
Q: How do I make IDS files persistent?	10

HP t5710 HP Sygate Security Agent and Symantec Embedded Security:Frequently As - Page 6

Double-click the Sygate icon to launch the HP Sygate Security Agent GUI.

Page 6 highlights