Manuals / HP / Computer Equipment / Tablet

HP 2 Base Model manual Achieving key security objectives, Protecting against targeted theft

Models: 2

1 124

Download 124 pages 56.13 Kb

Page 16

Achieving key security objectives

The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives:

●Protecting against targeted theft

●Restricting access to sensitive data

●Preventing unauthorized access from internal or external locations

●Creating strong password policies

Protecting against targeted theft

An example of targeted theft would be the theft of a computer containing confidential data and customer information at an airport security checkpoint. The following features help protect against targeted theft:

●The pre-boot authentication feature, if enabled, helps prevent access to the operating system. Refer to the following chapters:

◦Security Manager for HP ProtectTools

◦Embedded Security for HP ProtectTools

◦Drive Encryption for HP ProtectTools

●The Personal Secure Drive feature, provided by the Embedded Security for HP ProtectTools module, encrypts sensitive data to help ensure that it cannot be accessed without authentication. Refer to the following chapter:

◦Embedded Security for HP ProtectTools

●Computrace can track the computer's location after a theft. Refer to the following chapter:

◦Computrace for HP ProtectTools

Restricting access to sensitive data

Suppose a contract auditor is working onsite and has been given computer access to review sensitive financial data; you do not want the auditor to be able to print the files or save them to a writable device such as a CD. The following feature helps restrict access to data:

●Device Access Manager for HP ProtectTools allows IT managers to restrict access to writable devices so sensitive information cannot be printed or copied from the hard drive onto removable media.

Preventing unauthorized access from internal or external locations

Unauthorized access to an unsecured business computer presents a very real risk to corporate network resources such as information from financial services, an executive, or the R&D team, and to

8	Chapter 1 Introduction to security

Image 16

HP 2 Base Model Achieving key security objectives, Protecting against targeted theft, Restricting access to sensitive data

Contents

HP ProtectTools Getting StartedCopyright 2011 Hewlett-Packard Development Company, L.P Table of contents 4 HP ProtectTools Security Manager 5 Drive Encryption for HP ProtectTools select models only 6 Privacy Manager for HP ProtectTools select models only7 File Sanitizer for HP ProtectTools 8 Device Access Manager for HP ProtectTools select models only 9 Theft recoveryChanging the owner password Resetting a user passwordMigrating keys with the Migration Wizard Features 1 Introduction to securityApplication HP ProtectTools features Key featuresChapter 1 Introduction to security ModuleModule Key featuresPrivacy Manager for HP ProtectTools select models Credential Manager for HP ProtectTools HP ProtectTools security product description and common use examplesDrive Encryption for HP ProtectTools Device Access Manager for HP ProtectTools File Sanitizer for HP ProtectToolsComputrace for HP ProtectTools formerly LoJack Pro Privacy Manager for HP ProtectToolsEmbedded Security for HP ProtectTools select models only HP ProtectTools security product description and common use examples Restricting access to sensitive data Preventing unauthorized access from internal or external locationsAchieving key security objectives Protecting against targeted theftCreating strong password policies Additional security elements Managing HP ProtectTools passwordsAssigning security roles HP ProtectTools password Additional security elementsSet in the following FunctionCreating a secure password Backing up and restoring HP ProtectTools credentials2 Getting started with the Setup Wizard 2. Read the Welcome screen, and then click Next 3 HP ProtectTools Security Manager Administrative Console Opening HP ProtectTools Administrative Console Using Administrative Console Increase system security Require strong authenticationManage HP ProtectTools users See how you can centrally manage HP ProtectToolsConfiguring your system Setting up authentication for your computerFor administrators of this computer For users who are not administratorsSettings Managing usersSession Policy Require one of the specified credentialsSpareKey CredentialsFingerprints Smart card FaceConfiguring your applications Updates and MessagesGeneral tab Applications tab4 HP ProtectTools Security Manager Opening Security Manager Using the Security Manager dashboard HP ProtectTools desktop gadget Security Applications StatusBlue-OK For Web pages or programs where a logon has not yet been created Password ManagerMy Logons For Web pages or programs where a logon has already been created For a Web site, click Add domain name to Password ManagerFor a program, click Add this logon screen to Password Manager Adding logonsEditing logons Organizing logons into categories Using the Logons menuManaging your logons Assessing your password strength Password Manager icon settingsClick Add Logon VeriSign Identity Protection VIPClick Continue Changing your Windows password SettingsCredential Manager Setting up your SpareKey Enrolling your fingerprintsSetting up a smart card 7. Click the Administration tab1. Under Central Management, click Setup Wizard Initializing the smart cardConfiguring the smart card Enrolling scenes for face logonAdvanced User Settings Click Create PINPrompt to update scenes when logon fails-If face logon is unsuccessful but you enter your password successfully, you may be prompted to save a series of images to increase the chances of successful face logon in the future Setting your preferences Your personal ID cardGeneral tab Appearance-Show icon in taskbar notification area Fingerprint tabShow scan quality feedback Backing up and restoring your data3. Click Back up data 3. Click Restore data 5 Drive Encryption for HP ProtectTools select models only 2. In the left pane, click Drive Encryption Opening Drive EncryptionOpening Drive Encryption 3. Click Features General tasksActivating Drive Encryption for standard hard drives Activating Drive Encryption for self-encrypting drivesSoftware encryption Hardware encryption3. Click Features 3. Click FeaturesLogging in after Drive Encryption is activated Deactivating Drive Encryption3. Click Features PCMCIA readers Smart cardsUSB readers 2. Click Settings Protect your data by encrypting your hard driveDisplaying encryption status 2. Under My Data, click Drive EncryptionManaging Drive Encryption administrator task 3. Click SettingsAdvanced tasks Encrypting or decrypting individual drives software encryption onlyBackup and recovery administrator task Recovering encryption keys3. Click Encryption Key Backup 6. Click Backup Keys6 Privacy Manager for HP ProtectTools select models only Opening Privacy Manager Setup procedures Managing Privacy Manager CertificatesRequesting a Privacy Manager Certificate 2. Click Request a Privacy Manager CertificateObtaining a preassigned Corporate Privacy Manager Certificate Setting up a Privacy Manager CertificateImporting a third-party certificate Setting a default Privacy Manager Certificate Viewing Privacy Manager Certificate detailsRenewing a Privacy Manager Certificate 3. Click Certificate detailsDeleting a Privacy Manager Certificate Restoring a Privacy Manager CertificateRevoking your Privacy Manager Certificate 2. Click AdvancedAdding Trusted Contacts Managing Trusted ContactsAdding a Trusted Contact Adding Trusted Contacts using Microsoft Outlook contacts Viewing Trusted Contact details Deleting a Trusted ContactChecking revocation status for a Trusted Contact 3. Click Contact detailsUsing Privacy Manager in Microsoft Outlook Configuring Privacy Manager for Microsoft OutlookSigning and sending an e-mail message General tasksSealing and sending an e-mail message Using Privacy Manager in a Microsoft Office 2007 documentViewing a sealed e-mail message Configuring Privacy Manager for Microsoft Office Signing a Microsoft Office documentEncrypting a Microsoft Office document Adding a suggested signers signature lineSending an encrypted Microsoft Office document Removing encryption from a Microsoft Office documentViewing a signed Microsoft Office document Viewing an encrypted Microsoft Office document Restoring Privacy Manager Certificates and Trusted Contacts Backing up Privacy Manager Certificates and Trusted ContactsAdvanced tasks Central administration of Privacy Manager 7 File Sanitizer for HP ProtectTools Shredding Free space bleaching Opening File Sanitizer 2. Click File SanitizerSetting a free space bleaching schedule Setting a shred scheduleSetup procedures Selecting or creating a shred profile Selecting a predefined shred profileCustomizing a shred profile High Security Medium Security Low SecurityCustomizing a simple delete profile Setup procedures 4. To protect assets from automatic deletingb. Click Open, and then click OK 5. Click ApplyGeneral tasks Using a key sequence to initiate shreddingon page Manually shredding one asset Using the File Sanitizer iconManually shredding all selected items Manually activating free space bleaching Aborting a shred or free space bleaching operationViewing the log files 2. Click Bleach Now8 Device Access Manager for HP ProtectTools select models only Opening Device Access Manager Configuring device access Setup ProceduresSimple Configuration Device Class Configuration Starting the background serviceMaintenance 2. Click Administrative Tools, and then click Services 3. Select the HP ProtectTools Device Locking/Auditing serviceSetup Procedures The Device Class Configuration view has the following sectionsProtection may also be applied to specific devices Denying access to a user or group Allowing access for a user or a groupDevice class All devices Individual device Device class All devices Individual deviceAllowing access to a specific device for one user of a group Allowing access to a class of devices for one user of a groupDevice class All devices Individual device JITA Configuration Removing settings for a user or a groupResetting the configuration Device class All devices Individual deviceCreating a JITA for a user or group Creating an extendable JITA for a user or groupDisabling a JITA for a user or group Advanced Settings Device Administrators groupeSATA Support Unmanaged Device ClassesHard disk controller HDC Human interface device HID class Power Battery Advanced power management APM support Miscellaneous ComputerDecoder Display Processor System Unknown Volume Volume snapshot Net service Net trans SCSI adapter9 Theft recovery 10 Embedded Security for HP ProtectTools select models only Enabling the embedded security chip in Computer Setup Setup proceduresInitializing the embedded security chip Setting up the basic user account Using the personal secure drive Encrypting files and foldersSending and receiving encrypted e-mail Apply changes to this folder onlyChanging the Basic User Key password Creating a backup file Restoring certification data from the backup fileBacking up and restoring Advanced tasksChanging the owner password Resetting a user passwordMigrating keys with the Migration Wizard Advanced tasks11 Localized password exceptions Password changes using keyboard layout that is also supported Special key handling BIOS Special key handlingLanguage WindowsWhat to do when a password is rejected administrator See Windows administratorauthentication background servicecryptographic service provider CSP device access control policyemergency recovery archive cryptographypower-on authentication Encryption File System EFSfingerprint free space bleachingreboot restorerevocation password SATA device modeWindows administrator suggested signertoken See security logon methodIndex J JITA F facePage