HP 3000 Manuals HP 3000 Manuals
User Security
This chapter focuses on the security measures users need take to ensure
higher levels of security. Most of the information, in this chapter is
also covered in HP DeskManager User Reference Guide.
Protecting Filed Items
Users can authorize other users (designates) to work on their behalf. A
user who authorizes others in this way is called a principal.
A principal can specify which of the following capabilities their
designates can have:
* Read any mail or Calendar items except for those marked Private.
* Open the principal's Filing Cabinet and file items.
* Delete items.
* Compose and mail messages.
* Edit items in the principal's Out Tray, List Area, or Work Area.
Passwords on Packages and Folders
Principals might want one designate to be able to read some of their HP
Desk items, another designate to read other items, and have some items
which no-one can read except themselves. They can do this by setting
passwords on the relevant folders or packages and only giving the
password for a particular item to the designate they want to read it.
Private Items
If a principal wants to secure an item against all designates, they can
mark it as private. Messages, packages, folders and Calendar entries can
all be made private. Designates cannot see the subject of a Private
item, neither can they read the contents.
Protecting Messages
Users may encrypt items they create in HP Desk using the ENCRYPT command.
This command can be used in any area where items can be edited (for
example, the Work Area, Out Tray and so on). After typing the ENCRYPT
command, HP Desk asks for a key (up to 32 characters) which will be used
to decrypt the item. The intended recipient must be told what the key is
before they can read the message. As an additional security measure, the
details of the encryption key should not be sent via HP Desk.
You should recommend that your users always encrypt items containing
sensitive or company confidential information. However, you should be
aware that although the encryption system provides a high degree of
security, it will not stop someone with a high level of technical
knowledge who is determined to break the code.
You cannot send encrypted messages through an FSC gateway.
Protecting User's Desks
Encourage users to sign off or lock their HP Desk accounts when leaving
their terminal. This is because someone may gain access to HP Desk by
using a terminal which is already running HP Desk, or by logging on as an
existing user.
The following subsections examine user security:
User Passwords How to set up a new user with passwords.
Controlling User How to control users passwords by using the
Passwords Configurator.
Locking Your Desk How users lock their HP Desk accounts.
Logging Off HP Desk User Profile enhancements to maintain account
security.
User Passwords
Whenever you add users to the HP Desk system you should give them a
password. Tell them what it is and how they can change it if they want
something different. Passwords are most effective if they are unique to
a particular user and, if possible, unusual (that is, not something which
is easy to guess, like the name of a spouse or close family relative).
You should encourage users to keep their passwords secret and not to
write them down anywhere obvious (on a piece of paper on their desk, for
example).
You should also make sure that users know to contact you if they forget
their passwords. Although you cannot find out what the existing password
is, you can allow them to enter a new one.
________________________________________________________________________
| |
| To change a user's password: |
| |
| 1. Type MAILCONFIG. |
| |
| 2. At the Configurator Main Menu, press Config HP DESK. |
| |
| 3. Press Directory Menu, followed by User menu. |
| |
| 4. At the User Information screen, type in the user's name, |
| location code and sublocation code. Press Get. |
| |
| 5. If you want to remove the old password, type over the asterisks|
| in the password field with blanks. This removes the existing |
| password, allowing the user to log on to HP Desk and type a new|
| one. |
| |
| If you want to give the user a new password yourself, type in |
| the new password over the asterisks. The user can still set |
| their own password later if they want to. |
| |
| 6. Press Modify. |
| |
| 7. Press Exit to leave the Configurator. |
________________________________________________________________________
Controlling User Passwords
You can use the User Password Composition screen in the Configurator to
control user passwords and ensure higher levels of security.
This allows you to:
* Ensure users set a password.
* Specify the password composition requirements.
* Control the length of time users passwords are valid before they
must be changed again.
The User Password Composition Screen is described in full in Chapter 12
(*).
Sign on Controls Limitations
The sign on password checks are not exercised if:
* HP Desk is running batch sessions.
* Users sign on to HP Desk using AdvanceMail or NewWave Mail
(version A.03.00 and previous versions).
The user in these cases uses their old passwords as normal. To sign onto
HP Desk users will have to change their old password to conform to the
new requirements. Once this is completed it also effects changes in
AdvanceMail and NewWave Mail.
Locking the Desk
If users tend to be away from their terminals for long periods of time,
encourage them either to sign off of HP Desk or to "lock" their Desk.
If users have already set up an HP Desk password, they can lock their
Desks by using the LOCK command. To unlock their Desk, they simply type
their HP Desk password.
Logging Off HP Desk
You should encourage your users to change their personal profile so that
the screen is cleared when they leave HP Desk. This will prevent anyone
scrolling the screen display and reading whatever HP Desk items are still
in screen memory.
Educate HP Desk users who are likely to be away their open accounts for
long periods of time, to log off.
To ensure that idle accounts are shutdown after a set amount of time it
is possible to automatically log users off. Be aware to set the limit at
an appropriate level, is the limit is set too low it can annoy users, if
the limit is set to high it may be a security risk.