HP Compaq t5700 User Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. T5700 - compaq thin client
  6. User manual
HP Compaq t5700 User Manual

HP Compaq t5700 User Manual

Hp compaq t5700: supplementary guide
Hide thumbs Also See for Compaq t5700:
Table of Contents

Advertisement

Quick Links

See also: Troubleshooting Manual , Instruction Manual
HP Sygate Security Agent 4.0

User Guide

Documentation Build 1004
Published: May 1, 2005

Advertisement

Table of Contents
loading

Related Manuals for HP Compaq t5700

Summary of Contents for HP Compaq t5700

  • Page 1: User Guide

    HP Sygate Security Agent 4.0 User Guide Documentation Build 1004 Published: May 1, 2005...
  • Page 2 Copyright Information Copyright© 2003-2005 by Sygate Technologies, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic, mechanical, or otherwise, without prior written permission of Sygate Technologies, Inc. Information in this document is subject to change without notice and does not constitute any commitment on the part of Sygate Technologies, Inc.

  • Page 3: Table Of Contents

    Table of Contents Preface ... ix Related Documentation ... ix Intended Audience... ix Technical Support ... x Chapter 1. Overview of the Agent ... 1 Modifying the Security Policy... 1 Using the Policy Editor... 1 Chapter 2. Getting Around... 3 Starting the Agent ...
  • Page 4 Rule Summary field ... 20 Hosts Tab ... 20 All addresses ... 21 MAC addresses... 21 IP Address(es) ... 21 Subnet... 21 Rule Summary field ... 21 Ports and Protocols Tab ... 21 Protocol...22 All Protocols ... 22 TCP ... 22 UDP ...22 ICMP...
  • Page 5 Stopping an Active Response... 37 Chapter 6. Configuring the Agent’s Settings ... 39 General Tab ... 39 Automatically load HP Sygate Agent service at startup ... 40 Block Network Neighborhood traffic while in screensaver mode... 40 Hide all notification messages... 40 Beep before notify ...
  • Page 6 To: ... 47 Cc: ... 48 Subject:... 48 SMTP Server Address:... 48 My E-Mail Server Requires Authentication ... 48 Authentication Server Address:... 48 User Name/Password: ... 48 Test E-Mail Notification... 48 Log Tab ... 48 Enable ... Log ... 49 Maximum log file size is ...
  • Page 7 List of Tables Table 1. Menus...7 Table 2. System Tray Icon Colors... 9 Table 3. System Tray Icon Appearance... 9 Table 4. System Tray Icon Menu ... 11 Table 5. Security Log Icons... 29 Table 6. Security Log Parameters and Description ... 29 Table 7.
  • Page 8 List of Figures Figure 1. Main Console ... 4 Figure 2. Traffic History Graph... 5 Figure 3. Security Log... 30 viii...

  • Page 9: Preface

    Related Documentation • HP Sygate Security Agent User Guide (online Help)—The online Help is a subset of information in this document. Click Start|All Programs|Sygate|HP Sygate Security Agent. The Agent starts and displays the user interface. You can then choose Help|Help topics...

  • Page 10: Technical Support

    3. On the Support & Drivers page, under Or Select a product category, click Desktops & Workstations. 4. Click Thin Clients and then the specific product. Note: You can also click the Contact HP link for additional contact and resources links. web site.

  • Page 11: Chapter 1. Overview Of The Agent

    Chapter 1. Overview of the Agent The HP Sygate Security Agent (the Agent) is security software that is installed on embedded devices, such as ATMs and thin clients, that run the Windows XP Embedded operating system. Once installed, the Agent provides a customizable firewall that protects the device from intrusion and misuse, whether malicious or unintentional.
  • Page 12 When you install Policy Editor, the default policy file is automatically installed with it. When you open the Policy Editor, the default policy file’s advanced rules and options appear. To open the Policy Editor: On the image-building system, click Start|All Programs|Sygate|HP Sygate • Policy Editor.

  • Page 13: Chapter 2. Getting Around

    You can open the Agent in two ways: System tray icon—Double-click the icon • right-click it and click HP Sygate Security Agent. Start menu—Click Start|All Programs|Sygate|HP Sygate Security Agent. • Any method opens the main console, or the main screen that is the control center for the Agent.

  • Page 14: Menus And Toolbar Buttons

    HP Sygate Security Agent User Guide Figure 1. Main Console The Agent interface is resizable, so you can view it as a full-screen or part-screen image. Menus and Toolbar Buttons The top of the screen displays a standard menu and toolbar. The toolbar buttons can be used to quickly access logs, view the Help file, or test your system.

  • Page 15: Broadcast Traffic

    Getting Around Figure 2. Traffic History Graph The Traffic History graphs are broken into three sections. On the left side of the graphs section are the Incoming and Outgoing Traffic History graphs. These provide a visual assessment of the current traffic that is entering and leaving your device through a network interface.

  • Page 16: Message Console

    since they are often crucial to the operation of your device, you most likely want to allow them. To change the display of application names, either click the View menu or right-click the Running Applications field and select the desired view. You can stop an application or service from running by right-clicking the application in the Running Applications field and clicking Terminate.

  • Page 17: Table 1. Menus

    Table 1. Menus Menu Menu choices Close—Closes the Agent main console. • File • Exit Sygate Agent—Exits the Agent, effectively turning off security on your machine. • Block All—Blocks all network traffic on your machine. If you use this command but then want to unblock the traffic, click the system tray icon on the taskbar and click Normal.

  • Page 18: Toolbar Buttons

    Table 1. Menus Menu Menu choices • Connection Details—Provides further information on the type of connection being made by an each application accessing the network adapter, as well as the protocol, local and remote ports and IP addresses being used, the application path, and more. Hide Windows Services—Toggles the display of Windows Services in •...

  • Page 19: Table 2. System Tray Icon Colors

    Table 2. System Tray Icon Colors If the color of the ...then... arrow is..traffic is being blocked by the Agent. BLUE ...traffic is flowing uninterrupted by the Agent GRAY ...no traffic is flowing in that direction. The following table illustrates the different appearances that the system tray icon may have, and what they mean.

  • Page 20: What Does The Flashing System Tray Icon Mean

    Table 3. System Tray Icon Appearance Icon Description Both incoming and outgoing traffic are blocked. There is no incoming traffic; outgoing traffic is blocked. Incoming traffic is flowing uninterrupted; outgoing traffic is blocked. No traffic is flowing in either direction. Both incoming and outgoing traffic flows uninterrupted;...

  • Page 21: Enabling Password Protection

    Table 4. System Tray Icon Menu Menu Option Description HP Sygate Opens the Agent’s main console. Security Agent Block All Blocks all network traffic. Normal Provides your preconfigured list of advanced rules and applies them. Logs Opens the Agent logs.
  • Page 22 3. Enter your new password in the New Password and Confirm New Password fields. Note: You can disable password protection by making no entry in the New Password field and confirming that in the Confirm New Password field. 4. To have the Agent prompt you for a password before exiting the Agent, on the General tab, click Ask password while exiting.

  • Page 23: Chapter 3. Testing Your System's Vulnerability

    Chapter 3. Testing Your System’s Vulnerability This chapter describes ways to test the vulnerability of your system to outside threats by scanning your system. The test is available directly from Sygate using an online connection. Scanning Your System Assessing your vulnerability to an attack is one of the most important steps that you can take to ensure that your device is protected from possible intruders.

  • Page 24: Types Of Scans

    o UDP Scan o ICMP Scan 4. Click Scan Now. A brief document of frequently asked questions about Sygate Online Services is also available from the main scan page. Click Scan FAQ at the bottom left side of the screen. Types of Scans On the Sygate Technologies web site, you can choose from one of the following types of scans.

  • Page 25: Icmp Scans

    Testing Your System's Vulnerability and proxies for users connecting to the web site through such a device. The scan takes about 10 minutes and should be logged in the Security Log as a port scan from Sygate. ICMP Scans When an ICMP scan has completed scanning a user’s device, it displays a page with the results of the scan.
  • Page 26 HP Sygate Security Agent User Guide...

  • Page 27: Chapter 4. Working With Rules

    Chapter 4. Working With Rules This chapter describes how to protect your system by creating security rules for applications that you have running on your system. About Rules A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users from accessing a private network.
  • Page 28 To set up an advanced rule: 1. On the Tools menu, click Advanced Rules. The Advanced Rules dialog box opens. 2. Click Add. The Advanced Rule Settings dialog box opens with the General tab displayed. 3. Enter a name for the rule in the Rule Description text box, and click Block this traffic or Allow this traffic.

  • Page 29: General Tab

    Rules are applied in the order they are listed. For example, if a rule that blocks all traffic is listed first, followed by a rule that allows all traffic, the Agent blocks all traffic at all times. 7. To enable a rule on the Agent, make sure the check mark appears in the Description column.

  • Page 30: Apply Rule To Network Interface

    Apply Rule to Network Interface Specifies which network interface card this rule will apply to. If you have multiple network cards, select one from the list box, or select All network interface cards to apply the rule to every card. Apply this rule during Screensaver Mode Activates the rule even if your device’s screensaver is on (if applicable).

  • Page 31: All Addresses

    Working With Rules All addresses Applies rule to all addresses. MAC addresses Applies rule to the MAC address of the traffic. IP Address(es) Applies rule to the IP address or address range of the traffic. Subnet Applies rule to the subnet address and subnet mask of the traffic. Rule Summary field Provides a summary of the rule’s functionality.

  • Page 32: Protocol

    HP Sygate Security Agent User Guide Protocol Specifies a protocol for the rule. All Protocols Applies to all protocols on all ports, for both incoming and outgoing traffic. Displays two more list boxes in which you can specify which ports (remote and/or local) should be affected by the rule.

  • Page 33: Icmp

    Working With Rules all ports will be affected by the rule. If you enter a port number for the local port entry, but not for the remote port entry, then the local port you entered and ALL remote ports will be affected by the rule.

  • Page 34: Enable Scheduling

    HP Sygate Security Agent User Guide Enable Scheduling Enables the scheduling feature. During the period below Enables scheduling to take place during a certain time period. Excluding the period below Enables scheduling to take place outside of a certain time period.

  • Page 35: Applications Tab

    Working With Rules Applications Tab You can specify applications that will be affected by advanced rules. The Applications tab provides a list of all applications that have accessed your network connection. Display selected applications only Displays only the applications that you have selected to be controlled by this rule. Applications Lists the traffic coming in and out of all ports and protocols.

  • Page 36: Browse

    HP Sygate Security Agent User Guide Browse Opens the Open dialog box so you can search for applications that are not displayed in the table. Rule Summary field Provides a description of the rule and what traffic it will affect on your system.

  • Page 37: Chapter 5. Monitoring And Logging

    Chapter 5. Monitoring and Logging This chapter describes how you can monitor your system by using the logs that are present in the Agent. It begins with an overview of logs, their types, and the tasks you can do with logs, such as back tracing logged events.

  • Page 38: Viewing Logs

    Viewing Logs To view logs on the Agent: 1. Do one of the following: o Click Tools|Logs. o On the toolbar, click the drop-down arrow next to the Logs icon. Note: Click the Logs icon to display the most recently viewed log. 2.

  • Page 39: Security Log Parameters And Description

    Table 5. Security Log Icons Icon Description Critical attack Major attack Minor attack Information Security Log Parameters and Description The columns for logged events are: Table 6. Security Log Parameters and Description Name of Description Parameter Time The exact date and time that the event was logged Security Type Type of Security Alert (for example: DoS attack, executable file, Ping of Death)

  • Page 40: Description And Data Fields For The Security Log

    Table 6. Security Log Parameters and Description Name of Description Parameter Application Name of the application associated with the attack Name User Name User or Computer client that sent or received the traffic Domain Domain of the user Security Security level for the Agent, set to either Block All or Normal. Occurrences Number of occurrences of the attack method Begin Time...

  • Page 41: Icons For The Traffic Log

    Icons for the Traffic Log When you open a Traffic Log, icons are displayed at the left side of the first column. They are graphical representations of the kind of traffic logged on each line and provide an easy way to scan the Traffic Log. Traffic Log includes information about incoming and outgoing traffic.

  • Page 42: Description And Data Fields For The Traffic Log

    Table 8. Traffic Log Parameters and Description Name of Description Parameter Local Port and ICMP code used on the Agent device (only appears in Local View Port/ICMP - this is the default) Code Source Host Name of the source computer (only appears in Source View) Source MAC MAC address of the source computer (only appears in Source View) Source...

  • Page 43: Packet Log

    Packet Log The Packet Log captures every packet of data that enters or leaves a port on your device. The Packet Log is disabled by default in the Agent because of its potentially large size. You must enable the Packet Log first. Icons for the Packet Log There is only one icon displayed in the Packet Log.

  • Page 44: Packet Decode And Packet Dump For The Packet Log

    Packet Decode and Packet Dump for the Packet Log Below the Log Viewer are two additional data fields that provide further detail regarding the selected event. In the Packet Log, these fields are labeled Packet Decode, which provides data on the type of packet logged, and Packet Dump, which records the actual data packet. System Log The System log records all operational changes, such as the starting and stopping of services, detection of network applications, software configuration modifications, and software...

  • Page 45: Description And Data Fields For The System Log

    Description and Data Fields for the System Log Below the rows of logged events are the Description and Data fields. When you click on an event row, the entire row is highlighted. A description of the event, such as “Install WsProcessSensor successful...,”...

  • Page 46: Back Tracing Logged Events

    Back Tracing Logged Events Back tracing enables you to pinpoint the source of data from a logged event. Like retracing a criminal’s path at a crime scene, back tracing shows the exact steps that incoming traffic has made before reaching your device and being logged by the Agent. Back tracing is the process of following a data packet backwards, discovering which routers the data took to reach your device.

  • Page 47: Saving Logs

    The Trace route field provides details, such as IP address, on each hop made by the data packet that was logged by the Agent. A hop is a transition point, usually a router, that a packet of information travels through at as it makes its way from one computer to another on a public network, such as the Internet.
  • Page 48 To stop an active response: 1. On the main console, click Tools|Logs|Security. 2. Select the row for the application or service you want to unblock. Blocked traffic is specified as Blocked in the Action column. 3. On the Action menu, click Stop Active Response to block the selected application, or click Stop All Active Response if you want to unblock all blocked traffic.

  • Page 49: Chapter 6. Configuring The Agent's Settings

    Chapter 6. Configuring the Agent’s Settings You can set and import security options for the Agent, including e-mail notification of attacks, customizable pop-up messages, heartbeat settings, log file configuration, file sharing options, computer control settings, and advanced security measures such as Smart DHCP and Anti-MAC spoofing.

  • Page 50: Automatically Load Hp Sygate Agent Service At Startup

    HP Sygate Security Agent User Guide Automatically load HP Sygate Agent service at startup Automatically launches the Agent at startup. Block Network Neighborhood traffic while in screensaver mode Automatically sets your security level to Block All when your device’s screensaver is activated.

  • Page 51: Hide Application Popup

    Configuring the Agent's Settings Hide application popup Hides a dialog box that appears when you open an application that has been modified since you first installed it. For example, if Internet Explorer 5.0 was installed on the device and then you install Internet Explorer 6.0, the device assumes that Internet Explorer 6.0 is a new application with no associated rule to allow it.

  • Page 52: Network Interface

    HP Sygate Security Agent User Guide Network Interface Specifies the network you want to access. Allow to browse Network Neighborhood files and printer(s) Enables you to browse other computers, devices, and printers on the selected network. This allows you to access other files on your network. If you disable this, you cannot copy files from network locations.

  • Page 53: Enable Port Scan Detection

    Configuring the Agent's Settings analyzes network packets and compares them with both known attacks and known patterns of attack, and then blocks those attacks. One of the key capabilities of the Intrusion Prevention System is its capability to do deep packet Inspection. By default, this option is enabled on the Agent.

  • Page 54: Automatically Block Attacker's Ip Address For

    HP Sygate Security Agent User Guide Automatically block attacker’s IP address for... second(s) Blocks all communication from a source host once an attack has been detected. For instance, if the Agent detects a DoS attack originating from a certain IP address, the Agent will block any and all traffic from that IP for the duration specified in the seconds field.

  • Page 55: Automatically Allow All Known Dlls

    Configuring the Agent's Settings Automatically allow all known DLLs Automatically allows DLL modules that are commonly loaded by the network application. Disabling this feature will cause the engine to prompt for permission on all new DLLs that are loaded, and may cause very frequent prompting when using a complex network application, such as an Internet browser.

  • Page 56: Anti-Application Hijacking

    HP Sygate Security Agent User Guide rule specifically allowing access to that server. By default, this option is disabled on the Agent. Anti-Application Hijacking Causes the Agent to check for malicious applications that work by interjecting DLLs and Windows hooks into Windows applications, and to block those malicious applications when found.

  • Page 57: Do Not Notify

    Configuring the Agent's Settings The first three options set the frequency of the message. Do Not Notify Disables the e-mail notification option. Notify Immediately Sends an e-mail message immediately following an attack on your device. After Every . . . Minutes Sends an e-mail message at regular intervals following an attack, the intervals specified in the After Every ...

  • Page 58: Subject

    HP Sygate Security Agent User Guide Specifies an e-mail address to send a courtesy copy of each email message. Subject: Describes the subject of the e-mail message. SMTP Server Address: Specifies your SMTP Server Address. My E-Mail Server Requires Authentication Specifies whether your e-mail server requires authentication.

  • Page 59: Enable

    Configuring the Agent's Settings Enable ... Log Enables the Security, Traffic, System, and Packet Logs. The Packet Log is not enabled by default. Maximum log file size is ... KB Specifies the maximum size for the log file in kilobytes. The default setting is either 512 KB or 1024 KB.
  • Page 60 HP Sygate Security Agent User Guide...

  • Page 61: Glossary

    Advanced Rules can exhibit complex relationships between applications, IP addresses, and services. See also firewall rule, simple rule. Agent: A device running HP Sygate Security Agent software is also called an Agent device. Anti-IP Spoofing: An advanced setting that prevents an intruder from taking advantage of the ability to forge (or spoof) an individual’s IP address.
  • Page 62 antivirus: Software and technology that is used to detect malicious computer applications, prevent them from infecting a system, and clean files or applications that are infected with computer viruses. Sygate software works together with, but does not include, antivirus software. application authentication: Authenticating an application that is running on a network is accomplished by taking the entire binary of an application and performing an MD5 hash and then comparing it with the application fingerprint stored on an Agent.
  • Page 63 client: A device or program that uses shared resources from another computer, called a server. In the context of the Agent, client refers to a Sygate Security Agent running on a device that reports to a server. computers: A personal computer, laptop, or workstation on which users perform work. In an enterprise environment, computers are connected together over a network.
  • Page 64 The use of an algorithm to convert typically sensitive data into a form that is unreadable except by authorized users. See also Communications Channel Encryption. endpoint: Any network device that connects to the enterprise network and runs network- based applications. Network devices can include laptops, desktop computers, servers, and PDAs. See also access point.
  • Page 65 (with a Denial of Service attack) and taking over the session. The intruder begins acting like the user, executing commands, and sending information to the server. HP Sygate Security Agent: See Sygate Security Agent. ICMP: See Internet Control Message Protocol (ICMP).
  • Page 66 icon: A small visual image displayed on a computer screen to represent an application, a command, an object, or to indicate status. On the Sygate Management Server, icons show when Agents are online and represent groups, users, and computers. Icons shown on screens in Sygate software are also used to display status.
  • Page 67 Intrusion Prevention System (IPS): A device or software used to prevent intruders from accessing systems from malicious or suspicious activity. This is contrast to an Intrusion Detection System (IDS), which merely detects and notifies. Sygate Security Agent is both an IDS and an IPS product since the Agent includes both an IDS and firewall functionality making it capable of not only detecting but also blocking an attack.
  • Page 68 logs: Files that store information generated by an application, service, or operating system. The information is used to track the operations performed. Sygate Secure Enterprise provides extensive logging capabilities that track events such as security violations, changes to security policies, network traffic, client connections, and administrator activities.
  • Page 69 OS Fingerprint Masquerading: An option that keeps programs from detecting the operating system of a computer running the Agent. When OS Fingerprint Masquerading is enabled, the Agent modifies TCP/IP packets so it is not possible to determine its operating system. outbound traffic: Traffic that was initiated from the local computer.
  • Page 70 Profile Serial Number: A number that the Policy Editor automatically generates every time an Agent’s security policy changes. A system administrator can check the serial number on the Help|About menu of the Agent to verify that an Agent is running an up-to-date security policy.
  • Page 71 signature library: A set of IDS signatures. Sygate provides a library of known signatures in the System Library, which can be kept up-to-date by downloading the latest version from the Sygate Technologies web site to your Sygate Management Server. Administrators can also specify new attack signatures of their own choosing in custom libraries.
  • Page 72 spoofing: A technique used by an intruder to gain unauthorized network access to a computer system or network by forging known network credentials. IP spoofing is a common method for intruders to gain unauthorized network access to a computer systems or network. Stealth Mode Browsing: An option that detects all HTTP traffic on port 80 from a web browser and removes information such as the browser name and version, the operating system, and the reference web page.
  • Page 73 Sygate periodically posts an updated System Library for download on the Sygate web site. See also custom library, signature library. system tray: The lower right section of the taskbar on the Windows desktop that displays a clock and icons representing certain programs, such as volume control, network connection status, and antivirus software.
  • Page 74 User Datagram Protocol (UDP): A communications protocol for the Internet network layer, transport layer, and session layer that uses the Internet Protocol (IP) when sending a datagram message from one computer to another. UDP does not guarantee reliable communication or provide validated sequencing of the packets. virtual private network (VPN): A secure network connection that connects different corporate network sites, allows remote users to connect to an enterprise network, and allows controlled access to different corporate networks.

  • Page 75: Index

    Index Active Response 37 advanced rules creating 17 defined 17 Agent configuring 39 opening 3 allowing traffic 17, 19 Applications tab 25 blocking traffic 17, 19 configuring the Agent 39 E-Mail Notification tab 46 General tab advanced rules 19 options 39 Hosts tab 20 Log tab 48 logs...
  • Page 76 policy file 1 Ports and Protocols tab 21 protecting your system 13, 17, 39 scanning your system 13 Scheduling tab 23 security options creating 39 defined 1, 39 security policies creating 1 defined 1 Security tab 42 settings advanced rules 17 options 39 starting the Agent 3 system tray icon...

This manual is also suitable for:

Compaq t5710Compaq t5730T5720 - compaq thin clientSygate security agent 4.0

Table of Contents