How it Works
HP
Loading...
J6D78UT
User manual
74 pgs1.94 Mb0
Table of contents
Loading...

HP J6D78UT, J6D83UT User manual

HP ProtectTools Security Software, Version 6.0
User Guide
© Copyright 2009, 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Microsoft, Windows and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
This document contains proprietary information that is protected by copyright. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of Hewlett-Packard Company.
HP ProtectTools Security Software User Guide
Third Edition: November 2010
Document Part Number: 581746-003
About This Book
This guide provides basic information for upgrading this computer model.
WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily
harm or loss of life.
CAUTION: Text set off in this manner indicates that failure to follow directions could result in
damage to equipment or loss of information.
NOTE: Text set off in this manner provides important supplemental information.
ENWW iii
iv About This Book ENWW
Table of contents
1 Introduction to security .................................................................................................................................. 1
HP ProtectTools features ..................................................................................................................... 2
HP ProtectTools security products description and common use examples ........................................ 3
Credential Manager (Password Manager) for HP ProtectTools .......................................... 3
Embedded Security for HP ProtectTools ............................................................................. 4
Drive Encryption for HP ProtectTools .................................................................................. 4
File Sanitizer for HP ProtectTools ........................................................................................ 5
Device Access Manager for HP ProtectTools ...................................................................... 5
Privacy Manager for HP ProtectTools ................................................................................. 5
Computrace for HP ProtectTools (formerly known as LoJack Pro) ..................................... 6
Accessing HP ProtectTools Security .................................................................................................... 6
Achieving key security objectives ......................................................................................................... 6
Protecting against targeted theft .......................................................................................... 7
Restricting access to sensitive data ..................................................................................... 7
Preventing unauthorized access from internal or external locations ................................... 8
Creating strong password policies ....................................................................................... 8
Additional security elements ................................................................................................................. 9
Assigning security roles ....................................................................................................... 9
Managing HP ProtectTools passwords ................................................................................ 9
Creating a secure password ............................................................................. 10
Backing up credentials and settings .................................................................................. 11
2 HP ProtectTools Security Manager Administrative Console .................................................................... 12
About HP ProtectTools Administrative Console ................................................................................. 12
Using the Administrative Console ...................................................................................................... 12
Getting Started - Setup Wizard .......................................................................................................... 13
Configuring your system ..................................................................................................................... 13
Enabling security features ................................................................................................. 14
Defining Security Manager authentication policies ............................................................ 14
Logon tab .......................................................................................................... 14
Session tab ....................................................................................................... 14
Defining Settings ................................................................................................................ 15
Managing Users ................................................................................................................. 15
Adding a user .................................................................................................... 15
Removing a user ............................................................................................... 16
Checking user status ......................................................................................... 16
ENWW v
Specifying device settings ................................................................................................. 16
Configuring Applications Settings ....................................................................................................... 16
Encrypting Drives ............................................................................................................................... 17
Managing Device Access ................................................................................................................... 17
3 HP ProtectTools Security Manager ............................................................................................................. 18
Logging in after Security Manager is configured ................................................................................ 18
Managing passwords ......................................................................................................................... 19
Setting credentials .............................................................................................................................. 19
Changing your Windows password ................................................................................... 19
Setting up a Smart Card .................................................................................................... 19
Initializing the Smart Card .................................................................................................. 20
Registering the Smart Card ............................................................................................... 20
Managing communication privacy ...................................................................................................... 20
Shredding or bleaching files ............................................................................................................... 21
Viewing drive encryption status .......................................................................................................... 21
Viewing device access ....................................................................................................................... 21
Activating theft recovery ..................................................................................................................... 21
Adding applications ............................................................................................................................ 22
Setting preferences ............................................................................................................................ 22
Backup and Restore ........................................................................................................................... 22
Backing up your data ......................................................................................................... 22
Restoring your data ........................................................................................................... 23
Changing your Windows user name and picture ................................................................................ 24
4 Password Manager for HP ProtectTools .................................................................................................... 25
Adding logons ..................................................................................................................................... 26
Editing logons ..................................................................................................................................... 26
Using the Logons menu ..................................................................................................................... 27
Organizing logons into categories ...................................................................................................... 27
Managing your logons ........................................................................................................................ 28
Assessing your password strength ..................................................................................................... 28
Password Manager Icon settings ....................................................................................................... 28
5 Drive Encryption for HP ProtectTools ........................................................................................................ 29
Setup procedures ............................................................................................................................... 30
Opening Drive Encryption .................................................................................................. 30
General tasks ..................................................................................................................................... 30
Activating Drive Encryption ................................................................................................ 30
Deactivating Drive Encryption ............................................................................................ 30
vi ENWW
Logging in after Drive Encryption is activated .................................................................... 30
Advanced tasks .................................................................................................................................. 30
Managing Drive Encryption (administrator task) ................................................................ 30
Activating a TPM-protected password .............................................................. 30
Encrypting or decrypting individual drives ......................................................... 31
Backup and recovery (administrator task) ......................................................................... 31
Creating backup keys ........................................................................................ 31
6 Privacy Manager for HP ProtectTools ......................................................................................................... 32
Opening Privacy Manager .................................................................................................................. 32
Setup procedures ............................................................................................................................... 32
Managing Privacy Manager Certificates ............................................................................ 32
Requesting and installing a Privacy Manager Certificate .................................................. 32
Requesting a Privacy Manager Certificate ........................................................ 33
Installing a Privacy Manager Certificate ............................................................ 33
Viewing Privacy Manager Certificate details ...................................................................... 33
Renewing a Privacy Manager Certificate ........................................................................... 34
Setting a default Privacy Manager Certificate .................................................................... 34
Deleting a Privacy Manager Certificate ............................................................................. 34
Restoring a Privacy Manager Certificate ........................................................................... 34
Revoking your Privacy Manager Certificate ....................................................................... 35
Managing Trusted Contacts ............................................................................................... 35
Adding Trusted Contacts ................................................................................... 35
Adding a Trusted Contact ................................................................. 36
Adding Trusted Contacts using your Microsoft Outlook address
book .................................................................................................. 36
Viewing Trusted Contact details ........................................................................ 37
Deleting a Trusted Contact ............................................................................... 37
Checking revocation status for a Trusted Contact ............................................ 37
General tasks ..................................................................................................................................... 37
Using Privacy Manager in Microsoft Office ........................................................................ 37
Using Privacy Manager in Microsoft Outlook ..................................................................... 41
Advanced tasks .................................................................................................................................. 42
Migrating Privacy Manager Certificates and Trusted Contacts to a different computer ..... 42
Exporting Privacy Manager Certificates and Trusted Contacts ......................... 42
Importing Privacy Manager Certificates and Trusted Contacts ......................... 42
7 File Sanitizer for HP ProtectTools ............................................................................................................... 43
Setup procedures ............................................................................................................................... 43
Opening File Sanitizer ....................................................................................................... 43
Setting a free space bleaching schedule ........................................................................... 44
ENWW vii
Setting a shred schedule ................................................................................................... 44
Selecting or creating a shred profile .................................................................................. 44
Selecting a predefined shred profile .................................................................................. 44
Customizing an advanced security shred profile ............................................................... 45
Customizing a simple delete profile ................................................................................... 45
General tasks ..................................................................................................................................... 46
Using a key sequence to initiate shredding ....................................................................... 46
Using the File Sanitizer icon .............................................................................................. 46
Manually shredding one asset ........................................................................................... 47
Manually shredding all selected items ............................................................................... 47
Manually activating free space bleaching .......................................................................... 47
Aborting a shred or free space bleaching operation .......................................................... 48
Viewing the log files ........................................................................................................... 48
8 Embedded Security for HP ProtectTools .................................................................................................... 49
Setup procedures ............................................................................................................................... 49
Installing Embedded Security for HP ProtectTools (if necessary) ..................................... 49
Enabling the embedded security chip in Computer Setup ................................................. 49
Initializing the embedded security chip .............................................................................. 50
Setting up the basic user account ...................................................................................... 50
General tasks ..................................................................................................................................... 51
Using the Personal Secure Drive ....................................................................................... 51
Encrypting files and folders ................................................................................................ 51
Sending and receiving encrypted e-mail ............................................................................ 51
Advanced tasks .................................................................................................................................. 52
Backing up and restoring ................................................................................................... 52
Creating a backup file ....................................................................................... 52
Restoring certification data from the backup file ............................................... 52
Changing the owner password .......................................................................................... 52
Resetting a user password ................................................................................................ 52
Migrating keys with the Migration Wizard .......................................................................... 52
9 Device Access Manager for HP ProtectTools ............................................................................................ 53
Starting background service ............................................................................................................... 53
Simple configuration ........................................................................................................................... 53
Device class configuration (advanced) ............................................................................................... 54
Adding a user or a group ................................................................................................... 54
Removing a user or a group .............................................................................................. 54
Denying or allowing access to a user or group .................................................................. 54
Just In Time Authentication (JITA) Configuration ............................................................................... 54
Creating a JITA for a user or group ................................................................................... 55
viii ENWW
Creating an extendable JITA for a user or group ............................................................... 55
Disabling a JITA for a user or group .................................................................................. 56
Advanced Settings ............................................................................................................................. 56
10 Computrace for HP ProtectTools .............................................................................................................. 57
Glossary ............................................................................................................................................................. 58
Index ................................................................................................................................................................... 62
ENWW ix
x ENWW

1 Introduction to security

HP ProtectTools security software provides security features that help protect against unauthorized access to the computer, networks, and critical data. Enhanced security functionality is provided by several HP ProtectTools software modules.
HP ProtectTools provides two versions that can be utilized: HP ProtectTools Security Manager Administrative Console and HP ProtectTools Security Manager (for general users). Both Administrator and user versions are available in the Start > All Programs > HP menu.
Function Features
HP ProtectTools Security Manager Administrative Console
HP ProtectTools Security Manager (for general users)
Requires Microsoft Windows system administrator rights to
access
Access to modules to be configured by an administrator and
not available to the general user
Allows initial security setup and configures options or
requirements for all users
Allows users to configure options provided by an administrator
Can restrict access and only allow a user limited controls of
some HP ProtectTools modules
NOTE: Password Manager, Smart Card Security, Face Recognition (some models) and Drive
Encryption are configured using the Security Manager setup wizard. HP Professional Desktop systems do not currently support fingerprint devices.
HP ProtectTools software modules may be preinstalled, preloaded, or available as a configurable option or as an after market option. Visit
http://www.hp.com for more information.
NOTE: The instructions in this guide are written with the assumption that you have already installed
the applicable HP ProtectTools software modules.
ENWW 1

HP ProtectTools features

The following table details the key features of HP ProtectTools modules:
Module Key features
HP ProtectTools Security Manager Administrative Console
HP ProtectTools Security Manager (for general users)
Credential Manager for HP ProtectTools (part of Security Manager)
The Security Manager setup wizard is used by administrators to
set up and configure levels of security and security logon methods.
Configure options hidden from basic users.
Activate Drive Encryption and configure user access.
Configure Device Access Manager configurations and user
access.
Administrator tools are used to add and remove
HP ProtectTools users and view user status.
Configure and change File Sanitizer Shred, Bleaching, and
Settings.
View settings for Encryption Status and Device Access
Manager.
Use Privacy Manager to increase security of e-mails and
documents.
Activate Computrace for HP ProtectTools
Configure Preferences and Backup and Restore options.
Organize, set up and change user names and passwords.
Configure and change user credentials such as Windows
password and Smart Card.
Acts as a personal password vault, streamlining the logon
process with the Single Sign On feature, which automatically remembers and applies user credentials.
Create and Organize single sign on user names and passwords.
Drive Encryption for HP ProtectTools
Privacy Manager for HP ProtectTools Used to obtain Certificates of Authority, which verify the source,
File Sanitizer for HP ProtectTools
Provides complete, full-volume hard drive encryption.
Forces pre-boot authentication in order to decrypt and access
the data on the hard drive.
Offers the option to activate SED drives (Self Encrypting
Drives), if equipped.
integrity, and security of communication when using Microsoft e­mail and Microsoft Office documents.
Allows you to securely shred digital assets (securely delete
sensitive information including application files, historical or Web-related content, or other confidential data) on your computer and periodically bleach the hard drive (write over data that has been previously deleted but is still present on the hard drive in order to make recovery of the data more difficult).
2 Chapter 1 Introduction to security ENWW
Module Key features
Smart Card Security (part of Security Manager)
Embedded Security for HP ProtectTools
Device Access Manager for HP ProtectTools Allows IT managers or administrators to control access to
Provides a management software interface for Smart Card.
HP ProtectTools Smart Card is a personal security device that protects authentication data requiring both the card and a PIN number to grant access. The Smart Card can be used to access Password Manager, Drive Encryption, or any number of third party access points.
Change PIN number.
Uses a Trusted Platform Module (TPM) embedded security chip
(if equipped) to help protect against unauthorized access to sensitive user data or credentials stored locally on a PC.
Allows creation of a personal secure drive (PSD), which is
useful in protecting user file and folder information.
Supports third-party applications (such as Microsoft Outlook and
Internet Explorer) for protected digital certificate operations.
devices such as USB ports, optical drives, personal music players, etc. based on user profiles.
Prevents unauthorized users from removing data using external
storage media and from introducing viruses into the system from external media.
The administrator can disable access to writeable devices for
specific individuals or groups of users.
Allows the administrator to schedule when access is provided to
hardware.
Computrace for HP ProtectTools
Provides secure asset tracking.
Can monitor user activity along with hardware and software
changes.
Remains active even if the hard drive is reformatted or replaced.
Requires separate purchase of tracking and tracing subscription
to activate.

HP ProtectTools security products description and common use examples

Most of the HP ProtectTools security products have both a user authentication (usually a password) and an administrative backup to gain access if passwords are lost, not available, forgotten, or any time corporate security requires access.
NOTE: Some of the HP ProtectTools security products are designed to restrict access to data. Data
should be encrypted when it is so important that the user would rather lose the information then have it compromised. It is recommended that all data be backed up in a secure location.

Credential Manager (Password Manager) for HP ProtectTools

Credential Manager (part of Security Manager) is a repository for user names and passwords. It is most often used to save login names and passwords for Internet access or web mail. Credential Manager can automatically log the user into a web site or mail.
ENWW HP ProtectTools security products description and common use examples 3
Example 1: A Purchasing Agent for a large manufacturer makes most of her corporate transactions over the Internet. She also frequently visits several popular web sites that require login information. She is keenly aware of security so does not use the same password on every account. The Purchasing Agent has decided to use Credential Manager to match web links with different user names and passwords. When she goes to a web site to log in, Credential Manager presents the credentials automatically. If she wants to view the user names and password, Credential Manager can be configured to reveal them.
Credential Manager can also be used to manage and organize the authentications. This tool will allow a user to select what web or network asset they choose and directly access the link. The user can also view the user names and passwords when necessary.
Example 2: A hard working CPA has been promoted and will now manage the entire accounting department. The team must log into a large number of client web accounts with each account using different login information. This login information needs to be shared with other workers so confidentiality is an issue. The CPA decides to organize all the web links, company user names, and passwords within Credential Manager for HP ProtectTools. Once complete, the CPA deploys Credential Manager to the employees so they can work on the web accounts and never know the login credentials that they are using.

Embedded Security for HP ProtectTools

Embedded Security for HP ProtectTools provides the ability to create a Personal Secure Drive. This capability allows the user to create a virtual drive partition on the PC that is completely hidden until accessed. Embedded Security could be used anywhere data needs to be secretly protected while the rest of the data is not encrypted.
Example 1: A Warehouse Manager has a computer that multiple workers access intermittently throughout the day. The Manager wants to encrypt and hide confidential warehouse data on the computer. He wants the data to be so secure that even if someone steals the hard drive, they cannot decrypt the data or read it. The Warehouse Manager decides to activate Embedded Security and moves the confidential data to the Personal Secure Drive. The Warehouse Manager can enter a password and access the confidential data just like another hard drive. When he logs off or reboots the Personal Secure Drive, it cannot be seen or opened without the proper password. The workers never see the confidential data when they access the computer.
Embedded Security protects encryption keys within a hardware TPM (Trusted Computing Module) chip located on the motherboard. It is the only encryption tool that meets the minimum requirements to resist password attacks where someone would attempt to guess the decryption password. Embedded Security can also encrypt the entire drive and e-mail.
Example 2: A Stock Broker wants to transport extremely sensitive data to another computer using a portable drive. She wants to make sure that only these two computers can open the drive, even if the password is compromised. The Stock Broker uses Embedded Security TPM migration to allow a second computer to have the necessary encryption keys to decrypt the data. During the transport process, even with the password, only the two physical computers can decrypt the data.

Drive Encryption for HP ProtectTools

Drive Encryption is most often used to restrict access to the data on the entire computer hard drive or a secondary hard drive. Drive Encryption can also manage SED (Self Encrypting Drive) drives.
Example 1: A Doctor wants to make sure only he can access any data on his computer hard drive. The Doctor activates Drive Encryption which enables preboot or requiring authentication before Windows login. Once set up, the hard drive cannot be opened without a password before it even boots to the operating system. The Doctor could further enhance drive security by choosing to encrypt the data with the SED (Self Encrypting Drive) option.
4 Chapter 1 Introduction to security ENWW
Both Embedded Security and Drive Encryption for HP ProtectTools will not allow access to the encrypted data even when the drive is removed because they are both bound to the original motherboard.
Example 2: A Hospital Administrator wants to ensure only doctors and authorized personnel can access any data on their local computer without sharing their personal passwords. The IT department adds the Administrator, doctors, and all authorized personnel as Drive Encryption users. Now only authorized personnel can boot to the computer or Domain using their personal username and password.

File Sanitizer for HP ProtectTools

File Sanitizer for HP ProtectTools is used to permanently delete data, including Internet browser activity, temporary files, previously deleted data, or any other information. File Sanitizer can be configured to run either manually or automatically on a user-defined schedule.
Example 1: An Attorney often deals with sensitive client information and wants to ensure data on deleted files cannot be recovered. The Attorney uses File Sanitizer to “Shred” deleted files so it is almost impossible to recover.
Normally when Windows deletes data, it actually does not erase the data from the hard drive. Instead, it marks the hard drive sectors as available for future use. Until the data is written over, it can be easily recovered using common tools available on the Internet. File Sanitizer overwrites the sectors with random data (multiple times when necessary) thereby making the deleted data unreadable and unrecoverable.
Example 2: A Researcher wants to shred deleted data, temporary files, browser activity, etc. automatically when she logs off. She uses File Sanitizer to schedule “Shredding” so she can select the common files or any custom files to be permanently removed automatically.

Device Access Manager for HP ProtectTools

Device Access Manager for HP ProtectTools can be used to block unauthorized access to USB flash drives where data could be copied. It can also restrict access to CD/DVD drives, control of USB devices, network connections, etc. An administrator can also schedule when or how long drives can be accessed. An example would be a situation where outside vendors need access to company computers but should not be able to copy the data to a USB drive. Device Access Manager for HP ProtectTools allows an administrator to restrict and manage access to hardware.
Example 1: A Manager of a medical supply company often works with personal medical records along with his company information. The employees need access to this data, however, it is extremely important that the data is not removed from the computer by a USB drive or any other external storage media. The network is secure, but the computers have CD burners and USB ports that could allow the data to be copied or stolen. The Manager uses Device Access Manager to disable the USB ports and CD burners so they cannot be used. Even though the USB ports are blocked, mouse and keyboards will continue to function.
Example 2: An Insurance company does not want its employees to install or load personal software or data from home. Some employees need access to the USB port on all computers. The IT Manager uses Device Access Manager to enable access for some employees while blocking external access to others.

Privacy Manager for HP ProtectTools

Privacy Manager for HP ProtectTools is used when Internet e-mail communications need to be secured. The user can create and send e-mail that can only be opened by an authenticated recipient. With Privacy Manger, the information cannot be compromised or intercepted by an imposter.
ENWW HP ProtectTools security products description and common use examples 5
Example 1: A Stock Broker wants to make sure his e-mails only go to specific clients and ensure no one can fake the e-mail account and intercept it. The Stock Broker signs himself and his clients up with Privacy Manager. Privacy Manager issues them a Certificate of Authentication (CA) to each user. Using this tool, the Stock Broker and his clients must authenticate before the e-mail is exchanged.
Privacy Manager for HP ProtectTools makes it easy to send and receive e-mail where the recipient has been verified and authenticated. The mail service can also be encrypted. The encryption process is similar to the one used during general credit card purchases on the Internet.
Example 2: A CEO wants to insure that only the members of the board of directors can view the information he sends through e-mail. The CEO uses the option to encrypt the e-mail sent and received from the directors. Privacy Manager Certificate of Authentication allows the CEO and directors to have a copy of the encryption key so only they can decrypt the confidential e-mail.

Computrace for HP ProtectTools (formerly known as LoJack Pro)

Computrace for HP ProtectTools is a service that can track the location of a stolen computer whenever the user accesses the Internet.
Example 1: A school principal instructed the IT department to keep track of all the computers at his school. After the inventory of the PCs was made, the IT Administrator registered all the computers with Computrace so they could be traced in case they were ever stolen. Recently, the school realized several computers were missing, so the IT Administrator alerted authorities and Computrace officials. The computers were located and were returned to the school by the authorities.
Computrace for HP ProtectTools can also help remotely manage and locate computers as well as monitor computer usage and applications.
Example 2: A real estate company needs to manage and update computers all over the world. They use Computrace to monitor and update the computers without having to send an IT person to each computer.

Accessing HP ProtectTools Security

To access HP ProtectTools Security Manager from the Windows Start menu:
In Windows, click Start, click All Programs, click HP, and then click HP ProtectTools Security
Manager.
To access HP ProtectTools Security Manager Administrative Console from the Windows Start menu:
In Windows, click Start, click All Programs, click HP, and then click HP ProtectTools
Administrative Console.
NOTE: After you have configured the Password Manager module, you can also open
HP ProtectTools by logging on to Password Manager directly from the Windows logon screen.

Achieving key security objectives

The HP ProtectTools modules can work together to provide solutions for a variety of security issues, including the following key security objectives:
Protecting against targeted theft
Restricting access to sensitive data
Preventing unauthorized access from internal or external locations
6 Chapter 1 Introduction to security ENWW
Creating strong password policies
Addressing regulatory security mandates

Protecting against targeted theft

An example of this type of incident would be the targeted theft of a computer or its confidential data and customer information. This can easily occur in open office environments or in unsecured areas. The following features help protect the data if the computer is stolen:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system.
See the following chapters:
Password Manager for HP ProtectTools on page 25
Embedded Security for HP ProtectTools on page 49
Drive Encryption for HP ProtectTools on page 29
DriveLock helps ensure that data cannot be accessed even if the hard drive is removed and
installed into an unsecured system.
The Personal Secure Drive feature, provided by the Embedded Security for HP ProtectTools
module, encrypts sensitive data to help ensure it cannot be accessed without authentication. See the following chapter:
Embedded Security for HP ProtectTools on page 49
Computrace can track the computer's location after a theft. See the following chapter:
Computrace for HP ProtectTools on page 57

Restricting access to sensitive data

Suppose a contract auditor is working on site and has been given computer access to review sensitive financial data; you do not want the auditor to be able to print the files or save them to a writeable device such as a CD. The following feature helps restrict access to data:
Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable devices so sensitive information cannot be printed or copied from the hard drive onto removable media. See
Device class configuration (advanced) on page 54.
ENWW Achieving key security objectives 7

Preventing unauthorized access from internal or external locations

Unauthorized access to an unsecured business PC presents a very tangible risk to critical data such as information from financial services, an executive, or R&D team, and to private information such as patient records or personal financial records. The following features help prevent unauthorized access:
The pre-boot authentication feature, if enabled, helps prevent access to the operating system.
See the following chapters:
Password Manager for HP ProtectTools on page 25
Embedded Security for HP ProtectTools on page 49
Drive Encryption for HP ProtectTools on page 29
Embedded Security for HP ProtectTools helps strengthen the protection of sensitive user data or
credentials stored locally on a PC. See the following chapter:
Embedded Security for HP ProtectTools on page 49
Password Manager for HP ProtectTools helps ensure that an unauthorized user cannot get
passwords or access to password-protected applications. See the following chapter
Password Manager for HP ProtectTools on page 25
Device Access Manager for HP ProtectTools allows IT managers to restrict access to writeable
devices so sensitive information cannot be copied from the hard drive. See the following chapter:
Device Access Manager for HP ProtectTools on page 53
The Personal Secure Drive feature encrypts sensitive data to help ensure it cannot be accessed
without authentication. See the following section:
Embedded Security for HP ProtectTools on page 49
File Sanitizer allows you to securely delete data by shredding critical files and folders or
bleaching the hard drive (write over data that has been previously deleted but is still present on the hard drive in order to make recovery of the data more difficult). See the following chapter:
File Sanitizer for HP ProtectTools on page 43
Privacy Manager allows you to obtain Certificates of Authority when using Microsoft mail, Office
documents, and Instant Messenger, making the process of sending and saving important information safe and secure. See the following chapter:
Privacy Manager for HP ProtectTools on page 32

Creating strong password policies

If a mandate goes into effect that requires the use of strong password policy for dozens of Web­based applications and databases, Password Manager for HP ProtectTools provides a protected repository for passwords and Single Sign On convenience. See the following chapter:
Password Manager for HP ProtectTools on page 25
8 Chapter 1 Introduction to security ENWW

Additional security elements

Assigning security roles

In managing computer security, one important practice is to divide responsibilities and rights among various types of administrators and users.
NOTE: In a small organization or for individual use, these roles may all be held by the same person.
For HP ProtectTools, the security duties and privileges can be divided into the following roles:
Security officer—Defines the security level for the company or network and determines the
security features to deploy, such as Drive Encryption or Embedded Security.
IT administrator—Applies and manages the security features defined by the security officer. Can
also enable and disable some features. For example, if the security officer has decided to deploy Smart Cards, the IT administrator can enable both password and Smart Card mode.
User—Uses the security features. For example, if the security officer and IT administrator have
enabled Smart Cards for the system, the user can use the card for authentication.

Managing HP ProtectTools passwords

Most of the HP ProtectTools Security Manager features are secured by passwords. The following table lists the commonly used passwords, the software module where the password is set, and the password function.
The passwords that are set and used by IT administrators only are indicated in this table as well. All other passwords may be set by regular users or administrators.
HP ProtectTools password Set in this
HP ProtectTools module
Password Manager logon password
Basic User Key password
NOTE: Also known as:
Embedded Security password
Emergency Recovery Token password
NOTE: Also known as:
Emergency Recovery Token Key password
Password Manager This password offers 2 options:
Embedded Security Used to access Embedded Security
Embedded Security, by IT administrator
Function
It can be used in a separate logon to
access Password Manager after logging on to Windows.
It can be used in place of the
Windows logon process, allowing access to Windows and Password Manager simultaneously.
features, such as secure e-mail, file, and folder encryption. When used for power-on authentication, also protects access to the computer contents when the computer is turned on, restarted, or restored from hibernation.
Protects access to the Emergency Recovery Token, which is a backup file for the embedded security chip.
Owner password Embedded Security, by IT
administrator
Protects the system and the TPM chip from unauthorized access to all owner functions of Embedded Security.
ENWW Additional security elements 9
HP ProtectTools password Set in this
HP ProtectTools module
Function
Smart Card PIN Smart Card Security Can be used as a multifactor authentication
Computer Setup password
NOTE: Also known as BIOS
administrator, F10 Setup, or Security Setup password
Power-on password BIOS Protects access to the computer contents
Windows Logon password Windows Control Panel Can be used for manual logon.
Creating a secure password
When creating passwords, you must first follow any specifications that are set by the program. In general, however, consider the following guidelines to help you create strong passwords and reduce the chances of your password being compromised:
Use passwords with more than 6 characters, preferably more than 8.
option.
Can be used as a Windows authentication.
Authenticates users of Drive Encryption, if the Smart Card token is selected.
BIOS, by IT administrator Protects access to the Computer Setup
utility.
when the computer is turned on, restarted, or restored from hibernation.
Mix the case of letters throughout your password.
Whenever possible, mix alphanumeric characters and include special characters and
punctuation marks.
Substitute special characters or numbers for letters in a key word. For example, you can use the
number 1 for letters I or L.
Combine words from 2 or more languages.
Split a word or phrase with numbers or special characters in the middle, for example,
“Mary2-2Cat45.”
Do not use a password that would appear in a dictionary.
Do not use your name for the password, or any other personal information, such as birth date,
pet names, or mother's maiden name, even if you spell it backwards.
Change passwords regularly. You might change only a couple of characters that increment.
If you write down your password, do not store it in a commonly visible place very close to the
computer.
Do not save the password in a file, such as an e-mail, on the computer.
Do not share accounts or tell anyone your password.
10 Chapter 1 Introduction to security ENWW

Backing up credentials and settings

You can back up credentials in the following ways:
Use Drive Encryption for HP ProtectTools to select and back up HP ProtectTools credentials.
You can also register for Online Drive Encryption Key Recovery Service to store a backup copy of your encryption key, which will enable you to access your computer if you forget your password and do not have access to your local backup.
Use Embedded Security for HP ProtectTools to back up HP ProtectTools credentials.
Use the Backup and Recovery tool in HP ProtectTools Security Manager as a central location
from which you can back up and restore security credentials from installed HP ProtectTools modules.
ENWW Additional security elements 11
2 HP ProtectTools Security Manager
Administrative Console

About HP ProtectTools Administrative Console

Administration of HP ProtectTools Security Manager is provided through the Administrative Console.
Using the console, the local administrator can:
Enable or disable security features
Manage users of the computer
Adjust device-specific parameters
Configure Security Manager applications
Add additional Security Manager applications

Using the Administrative Console

The Security Manager Administrative Console is the central location for administering HP ProtectTools Security Manager.
To open the console:
Select Start > All Programs > HP > HP ProtectTools Administrative Console, or
Click the Administration link in the lower-left corner of the Security Manager console.
The Administrative Console consists of two panes: a left pane and a right pane. The left pane contains the administrative tools. The right pane contains the working area for configuring the tools.
The Administrative Console left pane consists of the following:
Home - Provides easy access to commonly used tasks, including enabling security features,
specifying security credentials, and managing users.
System - Manages configuration of system-wide security features, users, and authentication
devices such as smart card readers.
Applications - Includes tools for configuring the behavior of Security Manager and its
applications.
Data - Provides tools for managing drive encryptions and backing up and recovering encryption
keys.
Computer - Device Access Manager provides advanced security options to selectively disallow
various types of devices that could compromise PC security and set access permissions for various users and groups.
Communications - Privacy Manager allows the user to manage third-party certificates for e-mail
authentication. Embedded Security allows the user to exchange TPM encrypted e-mail.
12 Chapter 2 HP ProtectTools Security Manager Administrative Console ENWW
Management Tools - Opens your default browser to a web page where you can discover
additional management applications and tools that extend the features of Security Manager as well as a means to stay notified when new applications and updates are available.
Links - Provides the following:
Setup Wizard - Launches the Setup Wizard, which guides you through the initial
configuration of Security Manager.
Help - Opens the help file, which provides information about Security Manager and its
applications.
About - Displays information about HP ProtectTools Security Manager, including the
version number and copyright notice.

Getting Started - Setup Wizard

Administration of HP ProtectTools Security Manager requires administrative privileges.
The HP ProtectTools Security Manager Setup Wizard guides you through setting up the security features of HP ProtectTools. However, there is a wealth of additional functionality available through the HP ProtectTools Security Manager Console. The same settings found in the wizard, as well as additional security features, can be configured through the console, accessed from the Windows Start menu or from a link within the Administrative console. These settings apply to the computer and all users who share the computer.
The first time that you log on to Windows, you will be prompted to set up HP ProtectTools Security Manager. Click OK to launch the Security Manager Setup wizard, which will guide you through the basic steps in configuring the program.
NOTE: You can also launch the Security Wizard by clicking Security Wizard in the bottom section
of the left pane on the Administrative Console.
Follow the on-screen instructions in the Setup Wizard until setup is complete.
If you do not complete the wizard, it will launch automatically until you click Do not show this wizard again.
To use the HP ProtectTools Security Manager applications, launch HP ProtectTools Security Manager from the Start menu or by right-clicking the Security Manager icon in the taskbar notification area (system tray). The Security Manager console and its applications are available to all users who share this computer.

Configuring your system

The System group of applications is accessed from the Tools menu on the left side of the Administrative Console.
By using the applications included in this group, you can configure and manage the policies and settings for this computer, its users and devices.
The following applications are included in the System group.
Security - Manage security features, authentication policies and other settings that govern how
users authenticate when logging on to the computer or HP ProtectTools applications.
Users - Set up, manage and enroll users of this computer.
Devices - Manage settings for security devices built-in or connected to the computer.
ENWW Getting Started - Setup Wizard 13
Loading...
+ 51 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use