SYS-CON MEDIA Authors: Pat Romanski, Gary Arora, Zakia Bouachraoui, Yeshim Deniz, Liz McMillan

Blog Feed Post

Making vPro Work For You

Logo of Intel, Jul 1968 - Dec 2005

Image via Wikipedia

vPro is a suite of high-impact technology that has just begun to make its presence known in mainstream IT organizations.  vPro can help you bring your organization’s security structure into shape with features that make a dramatic positive difference.

vPro technologies are implemented in the hardware and firmware of the Intel chipset in Intel Core 2 Duo computers and above (at the bottom of this post is a link to a list of vPro-enabled processors) which can provide everything from secure remote management to hardware-assisted virtualization.  This suite of technologies holds many computer security advantages for the corporations willing and able to take advantage of them.

When you hear vPro think of Active Management Technology (AMT) and Trusted Execution Technology (TXT).  There are other capabilities in vPro but these are the first two we recommend implementing to dramatically enhance your enterprise security.

Active Management Technology

AMT is the Intel implementation of the open DASH standard (DASH stands for Desktop and Mobile Architecture for System Hardware) of the Distributed Management Task Force (DMTF). Consider an enterprise where computers may need to have a significant amount of reliable up-time through business hours. Most of the machines when they are left for the night are shut off, which means that at 1:00am, the only time that IT has to push security updates, most of the computers are off and only receive updates when turned on the next day by students, causing up-time issues.

By utilizing AMT with vPro-enabled chipsets, the enterprise IT shop could turn on all the computers on the network, allow them to receive the update, and then turn them back off when it is finished. This saves the organization time, money, and vulnerability exposure from the thousands of users browsing the internet from the machines each day.

Other AMT technologies that have security uses/implementations are remote KVM at BIOS and the ability to remotely isolate PC’s from the network at a hardware level

Trusted Execution Technology (TXT):

The Intel Trusted Execution Technology is instrumental in detecting and preventing malware from running on a vPro-enabled computer. At boot-time, the computer checks the validity of the configurations against stored configurations in protected memory in the processor. If the two don’t match, then it can be safely assumed that some tampering has occurred.

The same sort of approach is also taken with encryption key management. The keys are encrypted within hardware, but will only be decrypted when the environment is the same as when the keys were first encrypted. Thus preventing key theft in the event of exploitation.

The TXT system also allows for increased protection with the both the display and the input of data to a system with TXT-developed software. USB keyboards can be configured to have encrypted communications with the system, and software applications can be developed using more secure system calls to the computer display, preventing applications that sniff internal communications from stealing sensitive information.

Theft Protection:

Theft protection is one of the biggest and most-developed areas of the vPro technology suite.  By utilizing the out-of-band communication capabilities built-in the to vPro system, some proprietary Intel technologies, and a 3G wireless connection built into the laptop, fears about stolen laptops and desktops can be alleviated quickly and efficiently using a “poison pill”.

The poison pill is a code that can be sent remotely by system administrators from an asset management console to the device to render it inaccessible and useless by deleting encryption keys and disabling key boot processes. This code can be sent via wireless 3G, wired, WiFi, or SMS to the target device. When the poison pill is sent, the target computer. Different conditions can be set for the computer to activate its theft mode locally as well, such as a specified number of login failures, or failure to check in with the remote server after a designated time interval.

Beyond the Boundaries:

Today’s businesses are more and more often placing people outside of the relative safety of the internal corporate network and into unknown and sometimes even dangerous locales. By setting up a secure method of communications with the corporate network, companies can be more assured of the integrity, confidentiality, and accessibility of their data. But how does a company go about implementing this?

By building a network from the ground-up with compliant hardware, and utilizing a vPro gateway, properly configured clients will be able to establish highly secured and encrypted communications throughout their travels. By combining the security and management features with the roaming security tunnels, a fairly secure system with high accessibility could be achieved by a determined organization.

Comparisons to “Current” Tech:

Most of the issues with current tech is the lack of high-level integration with the hardware, firmware, and software of a computer in the sense that usually a software breach can compromise firmware and sometimes hardware. What the vPro system has done is reduced the available information to be gained from exploiting the operating system, automatically disabled infected and stolen computers, and created a remote viewing and on/off switch that has a high degree of manageability.

Current solutions generally don’t stand up to the same kinds of tasks because the solutions require complex hardware solutions that Intel is offering here in the form of AMT and their Third Party Protected Storage system. Sure, a company could continue to use full disk encryption, VPN’s, and Active Directory, but these solutions lack Out-of-Band communications with hardware, and are all software solutions with their own separate flaws and vulnerabilities that could each be exploited to affect the others (even the full disk encryption has methods for being defeated.  vPro technologies could mitigate or negate many current attacks).

More Resources for vPro technology application:

List of processors supporting vPro: http://www.intel.com/support/vpro/sb/CS-030703.htm#core17m

Intel vPro Whitepaper: http://www.intel.com/technology/vpro/pdf/intelcorevprowhitepaper.pdf

More about AMT and its features: http://cache-www.intel.com/cd/00/00/32/09/320960_320960.pdf

 

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Latest Stories
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business outcomes to drive data, analytics and technology decisions that underpin an organization's digital transformation strategy. Bill has a very impressive background which includes ...
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomp...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure and you demand more visibility and operational control. Fortunately, data center management tools keep a vigil on memory contestation, power, thermal consumption, server health, and utilization, allowing better control no matter your cloud's shape. In this session, learn how Intel software tools enable real-time monitoring and precise management to lower operational costs and optimize infrastructure...
While a hybrid cloud can ease that transition, designing and deploy that hybrid cloud still offers challenges for organizations concerned about lack of available cloud skillsets within their organization. Managed service providers offer a unique opportunity to fill those gaps and get organizations of all sizes on a hybrid cloud that meets their comfort level, while delivering enhanced benefits for cost, efficiency, agility, mobility, and elasticity.
Most organizations are awash today in data and IT systems, yet they're still struggling mightily to use these invaluable assets to meet the rising demand for new digital solutions and customer experiences that drive innovation and growth. What's lacking are potent and effective ways to rapidly combine together on-premises IT and the numerous commercial clouds that the average organization has in place today into effective new business solutions. New research shows that delivering on multicloud e...
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City. Our Silicon Valley 2019 schedule will showcase 200 keynotes, sessions, general sessions, power panels, and...
Moving to Azure is the path to digital transformation, but not every journey is effective. Organizations that start with a cohesive, well-planned migration strategy can avoid common mistakes and stay a step ahead of the competition. Learn from Atmosera CEO, Jon Thomsen about the opportunities and challenges found in three pivotal phases of the journey to the cloud: Evaluation and Architecting, Migration and Management, and Optimization & Innovation. In each phase, there are distinct insights tha...
Cloud is the motor for innovation and digital transformation. CIOs will run 25% of total application workloads in the cloud by the end of 2018, based on recent Morgan Stanley report. Having the right enterprise cloud strategy in place, often in a multi cloud environment, also helps companies become a more intelligent business. Companies that master this path have something in common: they create a culture of continuous innovation. In his presentation, Dilipkumar Khandelwal outlined the latest...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS, PaaS... it's an availability, security, performance and integration nightmare even for the best of the best IT experts. Organizations realize the tremendous benefits of everything the digital transformation has to offer. Cloud adoption rates are increasing significantly, and IT budgets are morphing to follow suit. But distributing applications and infrastructure around increases risk, introdu...
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), while reinvention of IT Ops has lagged. However, new approaches like Site Reliability Engineering, Observability, Containerization, Operations Analytics, and ML/AI are driving a resurgence of IT Ops. In this session our expert panel will focus on how these new ideas are [putting the Ops back in DevOps orbringing modern IT Ops to DevOps].
Over the course of two days, in addition to insightful conversations and presentations delving into the industry's current pressing challenges, there was considerable buzz about digital transformation and how it is enabling global enterprises to accelerate business growth. Blockchain has been a term that people hear but don't quite understand. The most common myths about blockchain include the assumption that it is private, or that there is only one blockchain, and the idea that blockchain is...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
Where many organizations get into trouble, however, is that they try to have a broad and deep knowledge in each of these areas. This is a huge blow to an organization's productivity. By automating or outsourcing some of these pieces, such as databases, infrastructure, and networks, your team can instead focus on development, testing, and deployment. Further, organizations that focus their attention on these areas can eventually move to a test-driven development structure that condenses several l...
SUSE is a German-based, multinational, open-source software company that develops and sells Linux products to business customers. Founded in 1992, it was the first company to market Linux for the enterprise. Founded in 1992, SUSE is the world's first provider of an Enterprise Linux distribution.