Can Intel vPro help combat Conficker worm?
Perhaps a better question is - How can the current Intel vPro Technology combined with existing management\security solutions help protect client systems?
This is not an attempt to scare or over-generalize the reality of security threats such as the Conficker worm. The intent is directed to how a real-world situation can be addressed. The suggestions below assume Intel vPro Technology is already configured within your environment - thus you are ready and able to use the out-of-band management technology in connection with existing "in-band" management tools.
An overview of the Conficker worm is available online. The following are a few examples:
- http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm (there’s a 60 minute interview video)
There are a mix of good\bad reports on preventing, detecting, removing, and basically addressing the worm.
The following are a few suggestions on how to combine Intel vPro Technology with client management and security solutions to help protect and remediate a worm infection situation.
Interested to know if you’ve employed such tactics and how these have assisted in combating the Conficker worm threat.
- System Defense/Network Filtering to totally isolate a client - For systems that have been detected as infected on the network
- Out-of-band discovery of systems needing a patch – In searching databases\logs for clients that have not received the latest security updates, the ability to locate those system on the network even when powered-off
- Wake-up, patch and/or scan systems – using a job to reliably power-on via Intel vPro technology, distribute necessary security patches to the client, run security scans, and then power-off the client.
- Isolate and patch – For systems that have not been patched\scanned, yet to provide a security precaution before allowing them on the network. This will require a customized system defense or network filter to allow certain “in-band” actions on the targeted client. (i.e. patch, scan, etc).
If not already familiar with how to combine out-of-band and in-band management techniques as mentioned above, example demonstrations for an Altiris CMS version 6 environment are available at http://www.symantec.com/connect/articles/combining-band-and-out-band-management, with the same material (including lab documents) also posted at http://communities.intel.com/docs/DOC-2347
The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries.