HP 8000 - Elite Convertible Minitower PC User Manual
Security software, version 5.0
Hide thumbs
Also See for 8000 - Elite Convertible Minitower PC:
- Overview (80 pages) ,
- Quickspecs (77 pages) ,
- Software configuration manual (9 pages)
Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for HP 8000 - Elite Convertible Minitower PC
Summary of Contents for HP 8000 - Elite Convertible Minitower PC
- Page 1 HP ProtectTools Security Software, Version 5.0 User Guide...
- Page 2 No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of Hewlett-Packard Company. HP ProtectTools Security Software User Guide HP Compaq Business PC First Edition: September 2009 Document Part Number: 581746-001...
-
Page 3: About This Book
About This Book This guide provides basic information for upgrading this computer model. WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily harm or loss of life. CAUTION: Text set off in this manner indicates that failure to follow directions could result in damage to equipment or loss of information. - Page 4 About This Book ENWW...
-
Page 5: Table Of Contents
Table of contents 1 Introduction to security HP ProtectTools features ........................2 Accessing HP ProtectTools Security ....................3 Achieving key security objectives ......................3 Protecting against targeted theft ..................4 Restricting access to sensitive data ..................4 Preventing unauthorized access from internal or external locations ........5 Creating strong password policies .................. - Page 6 Logging in after Security Manager is configured ................15 Managing passwords ......................... 16 Setting credentials ..........................16 Changing your Windows password ................... 16 Setting up a Smart Card ....................16 Managing communication privacy ...................... 17 Shredding or bleaching files ....................... 17 Viewing drive encryption status ......................
- Page 7 Managing Privacy Manager Certificates ................31 Requesting and installing a Privacy Manager Certificate ..........31 Requesting a Privacy Manager Certificate ............31 Installing a Privacy Manager Certificate ............31 Viewing Privacy Manager Certificate details ..............32 Renewing a Privacy Manager Certificate ................32 Setting a default Privacy Manager Certificate ..............
- Page 8 Viewing the log files ......................51 8 Java Card Security for HP ProtectTools Assigning a Java Card PIN ........................ 52 9 Embedded Security for HP ProtectTools Setup procedures ..........................54 Enabling the embedded security chip in Computer Setup ..........54 Installing Embedded Security for HP ProtectTools ............
-
Page 9: Introduction To Security
Introduction to security HP ProtectTools security software provides security features that help protect against unauthorized access to the computer, networks, and critical data. Enhanced security functionality is provided by several HP ProtectTools software modules. HP ProtectTools provides two versions that can be utilized: HP ProtectTools Security Manager Administrative Console and HP ProtectTools Security Manager (for general users). -
Page 10: Hp Protecttools Features
HP ProtectTools features The following table details the key features of HP ProtectTools modules: Module Key features ● HP ProtectTools Security Manager Administrative The Security Manager setup wizard is used by administrators to Console set up and configure levels of security and security logon methods. ●... -
Page 11: Accessing Hp Protecttools Security
Module Key features ● Embedded Security for HP ProtectTools Uses a Trusted Platform Module (TPM) embedded security chip to help protect against unauthorized access to sensitive user data or credentials stored locally on a PC. ● Allows creation of a personal secure drive (PSD), which is useful in protecting user file and folder information. -
Page 12: Protecting Against Targeted Theft
● Creating strong password policies ● Addressing regulatory security mandates Protecting against targeted theft An example of this type of incident would be the targeted theft of a computer or its confidential data and customer information. This can easily occur in open office environments or in unsecured areas. The following features help protect the data if the computer is stolen: ●... -
Page 13: Preventing Unauthorized Access From Internal Or External Locations
Preventing unauthorized access from internal or external locations Unauthorized access to an unsecured business PC presents a very tangible risk to critical data such as information from financial services, an executive, or R&D team, and to private information such as patient records or personal financial records. -
Page 14: Additional Security Elements
Additional security elements Assigning security roles In managing computer security, one important practice is to divide responsibilities and rights among various types of administrators and users. NOTE: In a small organization or for individual use, these roles may all be held by the same person. For HP ProtectTools, the security duties and privileges can be divided into the following roles: ●... -
Page 15: Creating A Secure Password
HP ProtectTools password Set in this HP ProtectTools Function module Owner password Embedded Security, by IT Protects the system and the TPM chip from administrator unauthorized access to all owner functions of Embedded Security. Java™ Card PIN Java Card Security Can be used as a multifactor authentication option. -
Page 16: Backing Up Credentials And Settings
Backing up credentials and settings You can back up credentials in the following ways: ● Use Drive Encryption for HP ProtectTools to select and back up HP ProtectTools credentials. You can also register for Online Drive Encryption Key Recovery Service to store a backup copy of your encryption key, which will enable you to access your computer if you forget your password and do not have access to your local backup. -
Page 17: Hp Protecttools Security Manager Administrative Console
HP ProtectTools Security Manager Administrative Console About HP ProtectTools Administrative Console Administration of HP ProtectTools Security Manager is provided through the Administrative Console. Using the console, the local administrator can: ● Enable or disable security features ● Manage users of the computer ●... -
Page 18: Getting Started - Setup Wizard
● Computer - Provides advanced security options to selectively disallow various types of devices that could compromise PC security and set access permissions for various users and groups. ● Management Tools - Opens your default browser to a web page where you can discover additional management applications and tools that extend the features of Security Manager as well as a means to stay notified when new applications and updates are available. -
Page 19: Enabling Security Features
The following applications are included in the System group. ● Security - Manage security features, authentication policies and other settings that govern how users authenticate when logging on to the computer or HP ProtectTools applications. ● Users - Set up, manage and enroll users of this computer. ●... -
Page 20: Session Tab
Session tab To define policies governing the credentials required to authenticate a user when logging on to HP ProtectTools applications during a Windows session: In the left pane of the Administrative Console, expand Security and click on Authentication. On the Session tab, select a category of user. In the Policy section, specify the authentication credential(s) required for the selected category of user by clicking the check box or boxes next to the listed credentials. -
Page 21: Removing A User
Click a user to be added to the list and then click OK. Click OK in the Select Users dialog box. Type the Windows password for the selected account, and then click Finish. NOTE: You must use an existing Windows account and type it exactly. You cannot modify or add a Windows user account using this dialog box. -
Page 22: Encrypting Drives
On the General tab, choose the general settings for HP ProtectTools Security Manager, then click the Apply button. On the Applications tab, select the applications you want to enable or disable, then click the Apply button. NOTE: Enabling or disabling an application may not take effect until the computer is restarted. Encrypting Drives Drive Encryption for HP ProtectTools allows you to encrypt computer hard drives, making the hard drive unreadable and inaccessible to any unauthorized person who might try to access it even if the drive has... -
Page 23: Hp Protecttools Security Manager
HP ProtectTools Security Manager HP ProtectTools Security Manager allows you to significantly increase the security of your computer. Through the use of Security Manager applications, you can: ● Manage your logon and passwords ● Easily change your Windows password ● Set up authentication credentials, including a smart card ●... -
Page 24: Managing Passwords
● If the HP Password Manager level of security has been configured and all of the security login methods are required, users must log in using all of the configured methods when the Password Manager login screen opens. This action logs the user in to Windows. ●... -
Page 25: Managing Communication Privacy
If a smart card was selected as the device type, make sure that smart card is inserted. NOTE: If the smart card is not connected, the Next button is disabled in Select Token dialog box. On the Set up smart card page, type and confirm a PIN and then click Save. Managing communication privacy Privacy Manager for HP ProtectTools enables you to use advanced security login (authentication) methods to verify the source, integrity, and security of communication when using e-mail, Microsoft... -
Page 26: Activating Theft Recovery
Activating theft recovery HP ProtectTools utilizes LoJack Pro by Absolute Software to remotely monitor, manage, and track your computer. If your computer is lost or stolen, Absolute's Recovery Team will partner with law enforcement towards recovery. For more information on using LoJack Pro, refer to LoJack Pro for HP ProtectTools on page Adding applications Additional applications may be available to add new features to this program. -
Page 27: Backing Up Your Data
Backing up your data When you back up your data, you are saving your logons and credential information to an encrypted file, protected by a password that you enter. To back up your data: Click Start, click All Programs, and then click HP ProtectTools Security Manager. In the Security Manager left pane, click Advanced, and then click Backup and Restore. - Page 28 To change your picture, click the Choose Picture button and browse to select a picture. Click the Save button to save your changes. Chapter 3 HP ProtectTools Security Manager ENWW...
-
Page 29: Password Manager For Hp Protecttools
Password Manager for HP ProtectTools Logging on to Windows, websites and programs is easier and more secure when you use Password Manager. Password Manager allows you to set up the logon screens of websites and programs for quick and secure access. First, Password Manager learns about your logons and the specific data that you type in the input boxes of each logon screen. -
Page 30: Adding Logons
The following options are shown on the context menu. ● Fill in logon data - places your logon data in the logon fields and then submits the page (if submission was specified when the logon was created or last edited). ●... -
Page 31: Editing Logons
Editing logons To edit a logon: Open the logon screen for a website or program. Click the arrow on the Password Manager icon, and select Edit logon to display a dialog where you can edit your logon information. Logon fields on the screen, and their corresponding fields on the dialog, are identified with a bold orange border. -
Page 32: Managing Your Logons
Drag the logon into the list of categories. Categories will become highlighted as you move your mouse over them. Release the mouse button when the desired category is highlighted. Your logons are not moved to the category, but only copied to the selected category. That means that you can add the same logon to more than one category. - Page 33 The following settings are configurable: ● Always prompt - Select this option to have Password Manager prompt you to add a logon whenever a logon screen displays that does not already have a logon set up for it. ● Do not prompt for this screen - Select this option so that Password Manager will not prompt you again to add a logon for this specific logon screen.
-
Page 34: Drive Encryption For Hp Protecttools
Drive Encryption for HP ProtectTools NOTE: Drive Encryption for HP ProtectTools is available on some models only. In today’s world, a computer belonging to you or anyone on your staff could be stolen, and critical information about your company could be seriously compromised. Encrypting everything on your computer hard drive makes it unreadable and inaccessible to any unauthorized person who might try to access it even if the drive has been removed from the computer or sent to a data recovery service. -
Page 35: Setup Procedures
Various tasks can be performed in Drive Encryption for HP ProtectTools: ● Manage Drive Encryption ◦ Activate a TPM-protected password ◦ Encrypt or decrypt individual drives ● Backup and Recovery ◦ Create backup keys ◦ Register for online recovery ◦ Manage an existing online recovery account ◦... -
Page 36: Advanced Tasks
Advanced tasks Managing Drive Encryption (administrator task) The Drive Encryption window allows Windows administrators to view and change the status of Drive Encryption (active or inactive) and to view the encryption status of all of the hard drives on the computer. Activating a TPM-protected password Use Embedded Security for HP ProtectTools to activate the TPM. - Page 37 Read the information on the next page that is displayed, and then click Next. The encryption key is saved on the storage device you selected. Click OK when the confirmation dialog box opens. NOTE: Refer to the Drive Encryption for HP ProtectTools Help file for information on managing and performing a recovery.
-
Page 38: Privacy Manager For Hp Protecttools
Privacy Manager for HP ProtectTools Privacy Manager is a tool used to obtain Certificates of Authority, which verify the source, integrity, and security of communication when using Microsoft mail, Microsoft Office documents, and Instant Messenger. Privacy Manager leverages the security infrastructure provided by HP ProtectTools Security Manager, which includes the following security logon methods: ●... -
Page 39: Setup Procedures
Setup procedures Managing Privacy Manager Certificates Manager Certificates protect data and messages using a cryptographic technology called public key infrastructure (PKI). PKI requires users to obtain cryptographic keys and a Privacy Manager Certificate issued by a certificate authority (CA). Unlike most data encryption and authentication software that only requires you to authenticate periodically, Privacy Manager requires authentication each time you sign an e-mail message or a Microsoft Office document using a cryptographic key. -
Page 40: Viewing Privacy Manager Certificate Details
Authenticate using your chosen security logon method. If you choose to begin the Trusted Contact invitation process, follow the on-screen instructions. – or – If you click Cancel, refer to Managing Trusted Contacts for information on adding a Trusted Contact at a later time. -
Page 41: Restoring A Privacy Manager Certificate
To delete a Privacy Manager Certificate: In the Security Manager left pane, expand Privacy Manager and click Certificate Manager. Click the Privacy Manager Certificate you want to delete, and then click Advanced. Click Delete. When the confirmation dialog box opens, click Yes. Click Close, and then click Apply. -
Page 42: Adding Trusted Contacts
Adding Trusted Contacts You send an e-mail invitation to a Trusted Contact recipient. The Trusted Contact recipient responds to the e-mail. You receive the e-mail response from the Trusted Contact recipient, and click Accept. You can send Trusted Contact e-mail invitations to individual recipients or you can send the invitation to all the contacts in your Microsoft Outlook address book. -
Page 43: Adding Trusted Contacts Using Your Microsoft Outlook Address Book
Adding Trusted Contacts using your Microsoft Outlook address book In the Security Manager left pane, expand Privacy Manager, click Trusted Contacts, and then click the Invite Contacts button. – or – In Microsoft Outlook, click the down arrow next to Send Securely on the toolbar, and then click Invite All My Outlook Contacts. -
Page 44: Checking Revocation Status For A Trusted Contact
Checking revocation status for a Trusted Contact In the Security Manager left pane, expand Privacy Manager and click Trusted Contacts Manager. Click a Trusted Contact. Click the Advanced button. The Advanced Trusted Contact Management dialog box opens. Click Check Revocation. Click Close. - Page 45 When the confirmation dialog box opens, click Yes, and continue working. When you have completed your editing, sign the document again. Adding a signature line when signing a Microsoft Word or Microsoft Excel document Privacy Manager allows you to add a signature line when you sign a Microsoft Word or Microsoft Excel document: In Microsoft Word or Microsoft Excel create and save a document.
- Page 46 Adding a suggested signer's signature line When suggested signers open the document, they will see their name in brackets, indicating that their signature is required. To sign the document: Double-click the appropriate signature line. Authenticate using your chosen security logon method. The signature line will be shown according to the settings specified by the owner of the document.
-
Page 47: Using Privacy Manager In Microsoft Outlook
You may attach an encrypted Microsoft Office document to an e-mail message without signing or encrypting the e-mail itself. To do this, create and send an e-mail with a signed or encrypted document just as you normally would a regular e-mail with an attachment. However, for optimum security, it is recommended that you encrypt the e-mail when attaching a signed or encrypted Microsoft Office document. -
Page 48: Using Privacy Manager In Windows Live Messenger
Configuring Privacy Manager for Microsoft Outlook In the Security Manager left pane, expand Privacy Manager and click Settings, and then click the E-mail tab. – or – On the main Microsoft Outlook toolbar, click the down arrow next to Privacy, and then click Settings. - Page 49 Live Messenger requires both parties to establish secure e-mail first and use the same e-mail accounts in Live Messenger. Adding Privacy Manager Chat activity To add the Privacy Manager Chat feature to Windows Live Messenger, follow these steps: Log in to Windows Live Home. Click Activities, and then click Safety and Security.
- Page 50 Configuring Privacy Manager Chat for Windows Live Messenger In Privacy Manager Chat, click the Settings button. – or – In the Security Manager left pane, expand Privacy Manager and click Settings, and then click the Chat tab. – or – In Privacy Manager History Viewer, click the Settings button.
- Page 51 shown for all e-mail accounts that you have set up. You can use the Display history for menu to select only specific accounts to view. Starting the Chat History viewer Click Start, click All Programs, and then click HP ProtectTools Security Manager. Click Privacy Manager: Sign and Chat, and then click Chat History Viewer.
- Page 52 Search sessions for specific text You can only search for text in revealed (decrypted) sessions that are displayed in the viewer window. These are the sessions where the Contact Screen Name is shown in plain text. In the Chat History Viewer, click the Search button. Enter the search text, configure any desired search parameters, and then click OK.
-
Page 53: Advanced Tasks
Enter the folder location, or click Browse to search for a folder. Click OK. Advanced tasks Migrating Privacy Manager Certificates and Trusted Contacts to a different computer You can securely migrate your Privacy Manager Certificates and Trusted Contacts to a different computer. -
Page 54: File Sanitizer For Hp Protecttools
File Sanitizer for HP ProtectTools File Sanitizer is a tool that allows you to securely erase critical files and folders (personal information or files, historical or Web-related data, or other data components) on your computer and periodically bleach your hard drive. NOTE: File Sanitizer currently operates only on the hard drive. -
Page 55: Setup Procedures
Setup procedures Opening File Sanitizer To open File Sanitizer: Click Start, click All Programs, and then click HP ProtectTools Security Manager. In the Security Manager left pane, click File Sanitizer. – or – ● Double-click the File Sanitizer icon. – or – ●... -
Page 56: Selecting Or Creating A Shred Profile
● Web browser quit — Choose this option to shred all selected Web-related assets, such as browser URL history, when you close a Web browser. ● Key sequence — Choose this option to initiate shredding using a key sequence. ● Scheduler —... -
Page 57: Customizing A Simple Delete Profile
Under Shred the following, select the check box next to each asset that you want to confirm before shredding. NOTE: To remove an asset from the shred list, click the asset, and then click Remove. Under Do not shred the following, click Add to select the specific assets that you want to exclude from shredding. -
Page 58: Using The File Sanitizer Icon
NOTE: Be sure to select a key sequence that is different from other key sequences you have configured. To initiate shredding using a key sequence: Hold down the Ctrl, Alt, or Shift key (or whichever combination you specified) while pressing your chosen character. -
Page 59: Manually Shredding All Selected Items
Manually shredding all selected items Right-click the HP ProtectTools icon in the notification area, at the far right of the taskbar, highlight File Sanitizer, and then click Shred Now. When the confirmation dialog box opens, click Yes. – or – Right-click the File Sanitizer icon on the desktop, and then click Shred Now. -
Page 60: Java Card Security For Hp Protecttools
Java Card Security for HP ProtectTools Java Card Security for HP ProtectTools manages the Java Card setup and configuration for use with the HP Smart Card keyboard. HP's Java Card is a personal security device that protects authentication data requiring both the card and a PIN number to grant access – like using an ATM card with a PIN. The Java Card can be used to access Password Manager, Drive Encryption, HP BIOS, or any number of third party access points. -
Page 61: Embedded Security For Hp Protecttools
Embedded Security for HP ProtectTools NOTE: The integrated Trusted Platform Module (TPM) embedded security chip must be installed in your computer to use Embedded Security for HP ProtectTools. Embedded Security for HP ProtectTools protects against unauthorized access to user data or credentials. -
Page 62: Setup Procedures
Setup procedures CAUTION: To reduce security risk, it is highly recommended that your IT administrator immediately initialize the embedded security chip. Failure to initialize the embedded security chip could result in an unauthorized user, a computer worm, or a virus taking ownership of the computer and gaining control over the owner tasks, such as handling the emergency recovery archive, and configuring user access settings. -
Page 63: Initializing The Embedded Security Chip
Initializing the embedded security chip In the initialization process for Embedded Security, you will perform the following tasks: ● Set an owner password for the embedded security chip that protects access to all owner functions on the embedded security chip. ●... -
Page 64: General Tasks
General tasks After the basic user account is set up, you can perform the following tasks: ● Encrypting files and folders ● Sending and receiving encrypted e-mail Using the Personal Secure Drive After setting up the PSD, you are prompted to type the Basic User Key password at the next logon. If the Basic User Key password is entered correctly, you can access the PSD directly from Windows Explorer. -
Page 65: Advanced Tasks
Advanced tasks Backing up and restoring The Embedded Security backup feature creates an archive that contains certification information to be restored in case of emergency. Creating a backup file To create a backup file: Click Start, click All Programs, and then click HP ProtectTools Security Manager. In the left pane, click Embedded Security, and then click Backup. - Page 66 For details on migration, refer to the Embedded Security software Help. Chapter 9 Embedded Security for HP ProtectTools ENWW...
-
Page 67: Device Access Manager For Hp Protecttools
10 Device Access Manager for HP ProtectTools This security tool is available to administrators only. Device Access Manager for HP ProtectTools has the following security features that protect against unauthorized access to devices attached to your computer system: ● Device profiles that are created for each user to define device access ●... -
Page 68: Device Class Configuration (Advanced)
To deny access to a class of device for all non-Device Administrators: Click Start, click All Programs, and then click HP ProtectTools Administrative Console. In the left pane, click Device Access Manager, and then click Simple Configuration. In the right pane, select the check box of a device to deny access. Click the Save icon. -
Page 69: User Access Settings (Advanced)
User access settings (advanced) User Access Settings allows administrators to specify which users and groups are allowed to use the Simple Configuration and Device Class Configuration views. A user or group must be granted View (Read-only) Configuration Settings access in order to view the Simple Configuration and Device Class Configuration information. -
Page 70: 11 Lojack Pro For Hp Protecttools
11 LoJack Pro for HP ProtectTools LoJack Pro for HP ProtectTools is a tool that can remotely monitor, manage, and track your computer. Once activated, LoJack Pro for HP ProtectTools is configured from the Absolute Software Customer Center. From the Customer Center, the administrator can configure LoJack for HP ProtectTools to monitor or manage the computer. -
Page 71: Glossary
Glossary activation. The task that must be completed before any of the Drive Encryption features are accessible. Drive Encryption is activated using the HP ProtectTools Security Manager Administrative Console setup wizard. Only an administrator can activate Drive Encryption. The activation process consists of activating the software, encrypting the drive, creating a user account, and creating the initial backup encryption key on a removable storage device. - Page 72 digital certificate. Electronic credentials that confirm the identity of an individual or a company by binding the identity of the digital certificate owner to a pair of electronic keys that are used to sign digital information. digital signature. Data sent with a file that verifies the sender of the material, and that the file has not been modified after it was signed.
- Page 73 Public Key Infrastructure (PKI) Standard that defines the interfaces for creating, using, and administering certificates and cryptographic keys. reboot. Process of restarting the computer. reveal. A task that allows the user to decrypt one or more chat history sessions, displaying the Contact Screen Name(s) in plain text and making the session available for viewing.
- Page 74 trusted sender. A Trusted Contact who sends signed and/or encrypted e-mails and Microsoft Office documents. TXT. Trusted Execution Technology. Hardware and firmware that provides security against attacks on a computer's software and data. user. Anyone enrolled in Drive Encryption. Non-administrator users have limited rights in Drive Encryption. They can only enroll (with administrator approval) and log in.
-
Page 75: Index
Index user or group, denying access emergency recovery token access to 60 password controlling 59 user or group, removing 60 definition 6 preventing unauthorized 5 Drive Encryption for setting 55 accessing HP ProtectTools HP ProtectTools enabling Security 3 activating 27 TPM chip 54 account activating a TPM-protected... -
Page 76: Password Manager For Hp Protecttools Adding Logons
LoJack Pro for adding trusted contacts using Getting started HP ProtectTools 62 Microsoft Outlook address administrators 10 book 35 chatting in the Privacy Manager objectives, security 3 Chat window 42 HP ProtectTools features 2 owner password checking revocation status for a HP ProtectTools Security Manager changing 57 trusted contact 36... - Page 77 requesting a Privacy Manager certificate 31 restricting restoring a Privacy Manager access to sensitive data 4 certificate 33 device access 59 reveal all sessions 43 reveal sessions for a specific security account 43 key objectives 3 revoking a Privacy Manager levels 10 certificate 33 logging in 15...