HP Security Manager - User Guide

1y ago
647.38 KB
61 Pages
Last View : 8d ago
Last Download : 3m ago
Upload by : Julia Hutchens

HP Security Manager User GuideSUMMARYHP Security Manager is a security compliance solution to create a security policy that assesses and monitorsthe security settings for a fleet of HP products.

Legal informationCopyright and LicenseTrademark Credits Copyright 2022 HP DevelopmentCompany, L.P.Microsoft , Windows , and Windows Server are U.S. registered trademarks of MicrosoftCorporation.Reproduction, adaptation, or translationwithout prior written permission isprohibited, except as allowed under thecopyright laws.The information contained herein is subjectto change without notice.The only warranties for HP products andservices are set forth in the expresswarranty statements accompanying suchproducts and services. Nothing hereinshould be construed as constituting anadditional warranty. HP shall not be liablefor technical or editorial errors or omissionscontained herein.Applicable product: J8023AAEdition 20.0, 07/29/22 (version 8.0)Adobe , Acrobat , and PostScript aretrademarks of Adobe Systems Incorporated.VMware is a registered trademark ofVMware, Inc.

Table of contents1 Introduction. 12 Getting started with Security Manager. 2Access the Security Manager application . 2Features of the Security Manager. 2Common controls and notifications. 53 Setting up Security Manager. 6Configure the Security Manager settings . 6Configure General settings. 6Install licenses. 8Set up Instant On Security. 9Configure the email server settings. 12Set up global credentials . 13Set up HP Flexworker security . 144 Create a security policy .16Policies page navigation.16Create a policy.17Edit a policy.17Policy editor icons .18Edit a policy .18Default policy options for HP Flexworker Security.19Set severity, remediation, and unsupported behavior to policy items in Quick Settings.19Set policy options for a single item . 20Set policy options for all the items or for a category. 20Set policy options for Firmware Security Assessment Reporting . 21Export and Import policies. 21Export a policy. 21Import a policy . 225 Using Security Manager. 23Add and edit device information. 23Create a group. 23Create a Manual Group.24iii

Create an Automatic Group.24Discover devices. 25Use Automatic Discovery to add or modify devices to a group. 25Use Manual Discovery to add or modify devices to a group. 26Edit a discovery task .27Devices page navigation . 28Export device details. 29Edit device and group information. 29Manage Groups. 29Add, remove, or delete a device from a group. 31Assign a license manually. 31Set device credentials. 32Set SSL/TLS enforcement . 34Assess and remediate. 34Run or Schedule an assessment or remediation . 35Task page navigation.36Modify a task.37Start a task.37Edit a task.37Stop a task.38Delete a task .38View assessment results .38View results from the Devices page.38View results from the Reports page.38Setup alert subscriptions. 39Alert (subscriptions) page navigation. 39Create an alert subscription . 39Edit, rename, or delete an alert subscription.40Run reports. 41Export and Schedule reports. 41Generate reports and instantly export the reports . 41Create a schedule to export reports. 42Edit or delete a created schedule. 436 Use the Security Manager certificate management solution . 44Appendix A Legal statements. 45End User License Agreement . 45Copyrights.48log4net license .48nhibernate license . 51iv

1IntroductionHP Security Manager (Security Manager) is a security compliance solution for a fleet of HP products.It enables administrators to create a security policy to reduce network risks and monitor security for afleet of printers.The key benefits of using Security Manager are the following: Easily and quickly create device security policies. Intelligent prompts guide you through the processby providing advice and recommendations as you configure the policy. Add device IP addresses or hostnames using the following methods:–Import a text or XML file that contains the device information.–Automatically or manually discover devices. Automatically assess/remediate devices when they are first connected to the network using theSecurity Manager Instant-On Security feature and allowing automatic remediation. Create a schedule to run assessments or assess/remediate devices at preset intervals.To learn more about Security Manager see the following topics: Getting started with Security Manager on page 2 Setting up Security Manager on page 6 Using Security Manager on page 23Introduction1

2Getting started with Security ManagerHP Security Manager is a web-based application supported by the following browsers: Internet Explorer (IE) 11 or newer Edge 79 or newer (Chromium based) Chrome 60 or newer versions.To view the main topics in Security Manager Home page, see Introduction on page 1The following sections will help you to get started with Security Manager:Access the Security Manager applicationFollow these steps to log into Security Manager:1.Install Security Manager.NOTE: For Security Manager installation instructions, see the HP Security Manager Installationand Setup Guide.2.Make sure you have a supported web browser, and then open HP Security Manager.3.Make sure to add the user name to any of the following HPIPSC group for remote access to the webservice:4. HPIPSC HPIPSC Guest HPIPSC AnalystType your username (Domain\username), password, and then click Login.NOTE: If the login operation fails, Security Manager displays an error notification message. Amaximum of 5 invalid password attempts will lock the account for 30 minutes.Features of the Security ManagerThe HP Security Manager features are always present on the top menu tabs, allowing easy access toeach function.The top menu tabs include:2Chapter 2 Getting started with Security Manager

DashboardThe Dashboard tab is the default page that displays after a successful login. It provides a graphicaloverview of the device fleet in the following tabs:––Current Fleet Status: Displays the current Flexworker and on-site devices in the fleet, andprovides following information: Number of devices: The total number of devices in the fleet and the number of licensed andunlicensed devices. The number of licenses for the devices. Assessment status of the devices. Not assessed status of the devices. The number of days remaining for license to expire.Historical Fleet Status: Displays the history of the devices in the fleet depending on the numberof days selected in the Last Day(s) edit box.NOTE: If Flexworker security is disabled then Flexworker Devices radio button won't beshown in Dashboard Current Fleet Status.The Show data percentage option displays the percentage or number in the report.NOTE: The maximum selection for the number of days in the Last Day(s) edit box is “90”.Depending on the range selected, it provides a comparative study of the first and last date onthe range for the total number of devices, the assessment status, and not assessed status ofdevices.NOTE: To select the first date of the range, click on the bar graph. The last day of the range isusually the current date. PoliciesThe Policies tab displays information of the number of policies and the status for each policy (valid,invalid, or new). It allows you to create, edit, and import policies. DevicesThe Devices tab displays information of the number of devices on the network, device identityinformation (IP address, hostname, and model name), whether a device is supported, whether alicense is assigned, date assessed, most recent policy name used, and a group name associatedwith a device. Icons indicate whether the device passed the assessment and the device status.Use the Devices tab to perform the following tasks: –Create a group to associate devices to the group and manage these groups.–Discover devices connected to the network and add them to a group.–Create a task to assess or assess and remediate a group of devices.–Assign licenses, set credentials and verify devices.TasksFeatures of the Security Manager3

The Tasks tab displays information of the status of tasks (completed, in progress, or scheduled),name and type of a task, associated policy, group name, and the schedule of the tasks (the tasklast ran and the task schedule to run). It provides options to create and schedule new assessment /remediation tasks. You can schedule a task to run once or to repeat as necessary, such as daily,weekly, or monthly.Use the New Task icon from the Policies, Devices, or Tasks tabs to create a new task, and then viewthe assessments /remediations of devices in the Task tab. AlertsThe Alerts tab allows a user to create alerts based on set conditions for device groups and receivenotifications.Use the Alert icon to create alerts from the Devices or Alerts tabs to receive notification.NOTE: To receive alert notifications, make sure to set the SMTP Server in the Automated Emailsettings. ReportsThe Reports tab provides options to run reports that display information about devices, policies, andassessments.Use the Executive Summary report in the Reports tab to review recommendations and devicestatus. For more information about the various reports (Devices assessed, Devices not assessed,Policy items assessed, Recommendations, and Remediations), see, Run reports on page 41. Settings icon ()Displays the following options: –Settings: Allows you to configure global settings.–About HPSM: Displays a graphical overview of the software.–Help: Provides information and instructions for Security Manager.–Help (whitepapers): Displays list of Whitepaper links with additional Help information.Profile icon ()Displays the username (role assigned to a user), and a Logout button.Security Manager assigns the following roles to users:–Administrator: Enables a user to access all features and perform all operations in SecurityManager.–Analyst: Enables a user to access all features but perform limited operations in SecurityManager. This includes disabling the My Preferences and General options in Settings.–Guest: Enables a user to only view the Dashboard and Reports tabs, it does not allow anyinteractive operation.NOTE: By default, the domain user account used for installing Security Manager is the administrator.To add additional users, the administrator will add the domain user to an appropriate group based on aspecific role.4Chapter 2 Getting started with Security Manager

Common controls and notificationsThis section provides the controls and notifications consistent across all tabs in Security Manager.Common controls in the Devices, Policies and Tasks list panel Filter - Sorts or filters the contents displayed in a list panel based on filter criteria. The availablefilter options depend upon the active columns. Filter options will only appear if the correspondingcolumns (IP address, Assessment Status, Supported, Licensed, Group Membership, or DeviceStatus) are displayed. Search - Searches for strings in the list panel. Sort - Allows every column in the device list panel to be sorted. Click the arrow next to a columnheading to sort the column. To change the order of the columns, you can drag and drop the columns.Common notification typesNOTE: All notifications are dismissed after five seconds. Success message: A message displays in a green slide out for a successful operation. Information message: A message displays in a blue slide when the system provides information ofthe operation. Failure message: A message displays in a red slide out for a failed operation.Common controls and notifications5

3Setting up Security ManagerUse the instructions in this section to set up the Security Manager settings.Configure the Security Manager settingsLearn how to configure Security Manager settings.1.Log in to Security Manager and select the Settings menu icon (option.), and then select the Settings2.In the left navigation pane, select one of the following menus to configure the settings: My Preferences - To select the Time Format (12 or 24 hours) General - To configure device remediation and hostname resolution settings. Licenses - To install Security Manager licenses. Instant-On Security - To discover and configure devices when they are first connected to thenetwork. Automated Email - To set up email settings and notify recipients. Global Credentials - To set up global credentials to verify device credentials. Service Integration - To set up integration with HP Flexworker Security and Qualys PolicyCompliance.To view the main topics in Security Manager Home page, see Introduction on page 1Configure General settingsHP recommends verifying the global remediation setting that controls whether an out-of-compliancedevice is remediated (corrected) during the assessment process.NOTE: To control how individual out-of-compliance policy items are processed during remediation,use the policy's Quick Settings (Policy). For more information, see Set severity, remediation, andunsupported behavior to policy items in Quick Settings on page 19.NOTE: Security Manager resolves IP addresses to hostnames only during the initial discovery. Toresolve IP addresses to hostnames at a later time, delete the device, and then add the device again.Follow these steps to set the device remediation and hostname resolution option:6Chapter 3 Setting up Security Manager

1.Log in to Security Manager and select the Settings menu icon (option.), and then select the Settings2.On the left navigation pane, in the General menu, select the appropriate remediation option fordevices: Enable device remediation (Remediate and Report) - This is the default option selected andenables to remediate out-of-compliance devices. Disable device remediation (Report Only) - Select this option to disable remediation.NOTE: To prevent accidental changes to devices on the network, disable device remediation.When this option is selected, the setting applies to all policies and takes precedence over anindividual policy's advanced remediation settings (Quick Settings (Policy)).3.In the Hostname Resolution section, enable or disable the Resolve IP addresses to hostnameswhen devices are added option.NOTE: This option is enabled by default and allows Security Manager to resolve IP addresses tohostnames when devices are added. When set to enabled, this option requires that the DNS entryfunctions in both directions. Otherwise, the device import fails, and the hostname will not be addedduring discovery.To disable the option, select to clear the check box.4.In the Repetitive Remediation Report section, enable or disable the Enable Reporting option.By default, this option is disabled. When enabled, it reports devices that are continually out-ofcompliance and has the following reporting features: Remediation Threshold: Type the number of remediation attempts for devices that are reportedcontinually out-of-compliance. Renew Reporting: Select the time period (month, start date, and type in a start time) to reset theremediation attempts count for devices.NOTE: Repetitive Remediation Report is renewed instantly for an elapsed start date and time.5.In the Device Assessment History section, enable or disable the Enable Reporting option. Bydefault, this option is set to enabled and allows to set Save Assessment data.6.Select an option under the Remove historical data section to remove Recommendation andRemediation data older than specified days to free up disk space.NOTE: The latest report will not be removed.7.Under Remove network communication error devices, select an option to remove networkcommunication error devices older than specified days to free up disk space or to remove thelicense alone.8.Under Zebra Printers, enable or disable the option to display new Zebra Stand-Alone Policies.9.Click Save.NOTE: If the default selections have not been changed, the Save button will remain disabled.Configure General settings7

Install licensesLicenses are provided using a license file. To create a policy, or to assess and remediate the deviceson the network, install a Security Manager device license. Without a device license, all other actions areavailable, such as sorting, filtering, and verifying.NOTE: Security Manager is installed with a demonstration license that allows a limited assessmentfor up to 50 devices. Only a demonstration policy is available for use and the Policy Editor is limited to afew items. This license is overridden when a trial or full license is installed. Contact your HPrepresentative for more information.NOTE: If HP Security Manager service is not running, an error message will display on the SecurityManager application.The purchase of Security Manager should include device licenses. Licenses are node locked using the HPSM's server MAC address. After licenses are installed, devices are automatically licensed when the following actions occur: –when adding devices using a text or xml file. For more information, see Use Manual Discovery toadd or modify devices to a group on page 26.–when discovering devices using the Instant-On Security feature. For more information, see Setup Instant On Security on page 9.If there are insufficient licenses available during an import, the devices are added but not licensed.For devices that are not licensed, add licenses in the Settings page, and then use the AssignLicenses icon located in the device toolbar in the Devices page.NOTE: To reduce the risk of depleting all the licenses, make sure that there are enough licensesbefore importing. To return licenses to the license pool, delete the licensed device.NOTE: Deleting a licensed devi

HP Security Manager (Security Manager) is a security compliance solution for a fleet of HP products. It enables administrators to create a security policy to reduce network risks and monitor security for a fleet of printers. The key benefits of using Security Manager are the following: Easily and quickly create device security policies.

Related Documents:

Identity, Credential, and Access Management (ICAM) Identity Manager User Guide - Access Role User: OCIO MobileLinc_IT-Support-OCIO-IT 5 P a g e USDA For Official Use Only 2. Log into Identity Manager 2.1 Access the Identity Manager User Interface To access EEMS Identity Manager, go to the following URL: https://www.eauth.usda.gov

IBM Security Identity server The following servers ar e supported: v IBM Security Identity Manager server V ersion 6.0 v IBM Security Identity Manager server V ersion 7.0 v IBM Security Privileged Identity Manager V ersion 2.0 v IBM Security Identity Governance and Intelligence server V ersion 5.2.2 PeopleSoft Enterprise V ersion 9.0 V ersion 9.1

IBM Security Identity server The following servers ar e supported: v IBM Security Identity Manager server V ersion 6.0 v IBM Security Identity Manager server V ersion 7.0 v IBM Security Privileged Identity Manager V ersion 2.0 v IBM Security Identity Governance and Intelligence server V ersion 5.2.2 T ivoli Dir ectory Integrator adapters .

The Cisco Unified Communications Manager Adapter pr ovides connectivity between the IBM Security Identity server and the Cisco Unified Communications Manager server . The adapter r uns as a service, independent of whether you ar e logged on to IBM Security Identity Manager . The Cisco Unified Communications Manager Adapter automates the following

ShoreWare Call Manager Manual 1 C HA PT ER1 Introduction 1.1 Call Manager Description Call Manager is the ShoreWare client application that manages a user's calls, voice mail, and personal system settings through a graphical user interface. 1.2 Call Manager Types Five Call Manager types span the complete Call Manager feature set. Several Call .

For information about the other Access Manager devices and features, see the following: Novell Access Manager 3.1 SP5 Administration Console Guide Novell Access Manager 3.1 SP5 Identity Server Guide Novell Access Manager 3.1 SP5 Policy Guide Novell Access Manager 3.1 SP5 J2EE Agent Guide Novell Access Manager 3.1 SP5 SSL VPN Server Guide

of Astec Industries, Roadtec and Peterson Corp. product lines. Rich Dupuis, Service Manager Kevin Carlson, Parts Manager Karl Schaffeld, Territory Manager Ed James, Territory Manager John Hamlin, Territory Manager Boise, ID Jim Sandercock, Branch Manager Keith Moody, Parts Manager Ryan Rowbury, Territory Manager

a paper animal. She tried over and over until she could finally fold a paper dog and wished that she could see Son just once more even though she knew that it was not possible. Looking at the paper dog she had made, she felt so weird that the paper dog seemed smiling at her. She felt that she would make more, many more animals out of paper. She collected all the papers in the house and started .