HP Sygate Security Agent and Symantec Embedded Security:Frequently Asked Questions

ManualsBrandsHP ManualsDesktopHP Compaq t5700 Thin Client

HP Sygate Security Agent and Symantec Embedded Security:

Frequently Asked Questions

Question and answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Firewall questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Intrusion detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

For more information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Summary of content (10 pages)

PAGE 1
HP Sygate Security Agent and Symantec Embedded Security: Frequently Asked Questions Question and answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Firewall questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Log files . . . . . . . . . .
PAGE 2
Question and answers This paper provides answers to commonly asked questions about the HP Sygate Security Agent and the Symantec Embedded Security subscription service. Currently, the firewall in Symantec Embedded Security is the same as in the HP Sygate Security Agent. Overview Q: Are thin clients susceptible to viruses or worms? A: Server Based Computing with HP Compaq Thin Clients is, by nature, less susceptible to virus and worm attack than a PC with Windows XP Professional.
PAGE 3
Q: What is the free functionality? A: The HP Sygate Security Agent provides a customizable firewall that helps protect your computer from intrusion and misuse, whether malicious or unintentional. It detects and identifies known Trojans, port scans, and other common attacks, and in response selectively allows or blocks the use of various networking services, applications, ports, and components.
PAGE 4
Firewall questions Q: What approach has HP taken to secure my thin client? A: In addition to following strict security-centric image design policies, HP provides Sygate Firewall software on all new t57x0 series thin clients with Windows XPe SP2 preinstalled. HP provides Windows XPe SP2 as a Web deliverable for existing t57x0 series thin clients, which provides endusers with restricted firewall control and administrators with full agent access privileges to the agent software.
PAGE 5
The following table compares the advantages of the whitelist and blacklist policies: Policy Advantages Disadvantages Blacklist Firewall Policy • Building and managing a firewall policy can be a time-consuming and frustrating process for both the administrators and the users. A firewall with a default blacklist can be installed without first defining a security policy for access through the firewall.
PAGE 6
• Trojan Scan: Scans all of a device’s 65,535 ports for active Trojan horse programs that you or someone else may have inadvertently downloaded. The Trojan scan takes about 10 minutes to complete. A list of common Trojans is available on the Sygate Web site. • TCP Scan: Examines the 1,024 ports that are mainly reserved for TCP services, such as instant messaging services, to see if these ports are open to communication. Open ports can indicate a dangerous security hole that malicious hackers can exploit.
PAGE 7
Inbound/outbound port table Application TCP ports allowed Remote Desktop Clip Board Monitor (rdpclip.exe) UDP ports allowed 1000 - 2000 Windows Messenger (msmsgs.exe) 1863, 6901, 8080, 8000, 80, 443, 6801 1900, 6801, 6901 Altiris (aclient.exe, aclntusr.exe) All All All 402 Citrix Metaframe (wfica32.exe, pn.exe) 2598, 1494. 80, 8080, 8000, 443, 2512, 2513 TeemNT (teemnt.exe) 23, 515 Generic Host Process for Win32 Services (svchost.exe) 389, 1025 - 1030 Microsoft Management Console (mmc.
PAGE 8
Q: Where do I obtain the HP Sygate Policy Editor? A: The HP Sygate Policy Editor is available on the HP Help and Support Web site in standard Softpaq format. Q: Is there a fee associated with the HP Sygate Policy Editor? A: No, the HP Sygate Policy Editor is provided to all customers at no charge. Q: Who do I contact for technical support on the HP Sygate Policy Editor? A: For HP and Compaq products, call 800-HP Invent (800-474-6836).
PAGE 9
Log files Q: How do I view the log files while at the thin client? A: A log viewer is built into the Sygate Agent on every system. To access this functionality, 1. Log in as Administrator. 2. Right-click the Sygate icon in the system tray. 3. Select Logs. Q: How do I retrieve the log files remotely? A: You can save log files only to the local default location. You cannot currently remotely store log files to a network share.
PAGE 10
Intrusion detection Q: What is the functionality of an Intrusion Detection System (IDS)? A: An IDS detects and identifies known Trojans, port scans, and other common attacks, and selectively enables or blocks the use of various networking services, ports, and components. The agent also provides deep packet inspection, further enhanced intrusion detection and prevention capabilities, including alerts when another user attempts to compromise your system.