Intel,Altiris Group

Perhaps a better question is - How can the current Intel vPro Technology combined with existing management\security solutions help protect client systems?

This is not an attempt to scare or over-generalize the reality of security threats such as the Conficker worm.  The intent is directed to how a real-world situation can be addressed.  The suggestions below assume Intel vPro Technology is already configured within your environment - thus you are ready and able to use the out-of-band management technology in connection with existing "in-band" management tools.

 An overview of the Conficker worm is available online. The following are a few examples:

• http://en.wikipedia.org/wiki/Conficker
• http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm (there’s a 60 minute interview video)

There are a mix of good\bad reports on preventing, detecting, removing, and basically addressing the worm.

The following are a few suggestions on how to combine Intel vPro Technology with client management and security solutions to help protect and remediate a worm infection situation.

Interested to know if you’ve employed such tactics and how these have assisted in combating the Conficker worm threat.

• System Defense/Network Filtering to totally isolate a client - For systems that have been detected as infected on the network
• Out-of-band discovery of systems needing a patch – In searching databases\logs for clients that have not received the latest security updates, the ability to locate those system on the network even when powered-off
• Wake-up, patch and/or scan systems – using a job to reliably power-on via Intel vPro technology, distribute necessary security patches to the client, run security scans, and then power-off the client.
• Isolate and patch – For systems that have not been patched\scanned, yet to provide a security precaution before allowing them on the network. This will require a customized system defense or network filter to allow certain “in-band” actions on the targeted client. (i.e. patch, scan, etc).

If not already familiar with how to combine out-of-band and in-band management techniques as mentioned above, example demonstrations for an Altiris CMS version 6 environment are available at http://www.symantec.com/connect/articles/combining-band-and-out-band-management, with the same material (including lab documents) also posted at http://communities.intel.com/docs/DOC-2347

The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries.