If you have not read parts 1 and 2, please read these before reading this part as this is a continuation of the story begun previously. Altiris and Intel vPro Use Cases
From the OS level vPro has tools to help quarantine and remediate compromised systems as demonstrated in part 2. This section explores the capabilities at the hardware layer, completely below the OS and any related dependencies. Can the IT staff continue to respond well to threats and avoid outages and threats to the businesses wellbeing? When the gloves come off sometimes even the most secure networks are vulnerable to threats.
Mighty Modern Marketing HQ - Boston, Massachusetts
"This is Jessica, how can I help you?"
The voice that spoke through the headset caused her to flinch, and she moved the earpiece two inches away from her ear.
"This can't be happening now!" the voice exclaimed loudly.
"What's the problem?" she responded calmly, hoping the user would match her volume.
He didn't. "The timing is the worst possible, since the end of quarter is only two days away! I need my computer up and running two hours ago!"
"Let me see... I'm speaking to Mitch Cavanaugh, correct?"
"Yes," he responded, his voice dropping a trifle. "My computer isn't booting, and I have sales to approve and record. If I don't get this up quick, we may not be able to add this revenue this quarter!"
"I understand," she said as she used the Altiris Console under the All Computers Collection to find his computer. She double-clicked on it, bring up Resource Manager.
"I see you're using an HP 7800..." she began.
"I need this problem fixed pronto," he interrupted.
"Of course," she said, clicking on the 'Real-Time' tab. "Give me just a moment."
She smiled, feeling a warmth from the fact that she'd made sure those with the most business critical functions got the vPro systems first. The Real-time tab loaded, revealing the function tree in the left-hand pane. She noted immediately that only the AMT functions loaded, and that the system's powerstate was on.
"I can see," she said when she heard a sound of irritation on the other line, "that while there is power to your computer, the operating system is not loading."
A pause followed her comment. "Really?" Mitch responded, the edge on his voice disappearing. "You can tell me that already? Usually I have to tell you IT people everything... that's great. So do you know what's going on?"
"Give me another moment," she said in her most pleasant voice. She clicked on the Hardware Management node in the left tree. After the page loaded, she choose the reboot radial under the Remote power management section. Under Redirection options she check the box, "Display task progress and remotely control computer". Next she clicked "Run Task Now". When the page began to refresh a new window popped up, showing her the boot of the computer.
"Wait, my computer just rebooted..." Mitch said, sounding suspicious.
"Yes, I just initiated a reboot," she responded. "I'm going to watch the boot from here."
"You can do that? I thought I had to be in Windows for that to work." When the boot verified devices on the system she noticed that no hard drive was detected. The message "No boot device" appeared.
"Okay Mitch, the computer isn't recognizing the hard drive for some reason. Give me a moment to check a few more things."
"Is that fixable?" Mitch inquired.
"I don't know yet. Give me a moment."
She rebooted again, but also added the "Enter BIOS on startup" option by checking the box. The remote window reappeared, this time entering the BIOS. She looked under the IDE channels, but no hard drive was listed.
"Okay Mitch, I've determined that your hard drive isn't being detected at all by the computer. Since you have critical work to perform, we'll immediately image and restore your data to a backup system using Deployment Server and Symantec's Backup Exec. It should take about 30 minutes. Tevita Tatafu will bring it by then. It's about lunchtime. Can you take a short break?"
"Well... it is a little early for lunch, but that should work."
"Alright Mitch. Anything else?"
"No... I just hope the backup had all my files on it."
"It should."
"Thanks."
She leaned back as she hung her headset by the phone. "Tevita?"
He swung out of his cube, a huge smile on his face. "Mr. Cavanaugh having problems?"
"Yeah," she responded.
"He's such a joy. Did you know he was the one who got impatient waiting in line at the vending machine so he ran to the nearest Dunkin Donuts, opening the door fast enough to knock Edgar flat on his back?"
"You be nice," scolded Jessica with a stern look. "He may have anxiety issues, but he's a spot on accountant."
Tevita laughed richly. "Spot on, eh? And what do you know about Accounting?"
"I got a Masters from University of Chicago's Graduate School of Business, in Accounting."
"You did?"
"Yes. Now don't make me a liar and get that machine to Mitch 'pronto'."
Tevita laughed, but got up and headed to the equipment room. Jessica sorted through her email. She wanted to clear out her inbox but only halfway through the process Tevita returned, no longer smiling. His mouth bent down in a frown she rarely saw, and usually only when he was about to explode with anger. His eyes didn't seethe, but looked down at a computer in his hands. He sat down and rolled his chair over towards her cube.
"It really is missing the hard drive," he said, expertly using the buttons on the side to open the case. He pointed to an empty bay. "It should be in here, but... well... the IDE cable was cut, right here. Seems stupid, since they had to unscrew the drive, but..."
She stared at the empty bay. "Someone stole his hard drive?"
Tevita nodded. "It looks that way. Mitch said he only left to take a restroom break, and when he came back the system was off and wouldn't boot."
"This isn't good..." Jessica started to say.
"Guys!" Bobby said loudly, his voice piercing through the area like a gunshot. They both stood up, staring at the gangly developer loping towards them from the door to the server room.
"The sky must be falling," Tevita said, but despite the amusement in his voice his mouth only twitched once in an upward smile.
"What's wrong?" Jessica asked.
Bobby took a deep breath. "It's a ninja. I swear by my grandma's heirloom earrings that a ninja just showed up in the server room!"
"A ninja!!?" Jessica exclaimed.
Tevita looked down a the computer he held. "Bobby, that's not funny..."
Bobby threw his hands up. "You know I don't have an imagination, or much of a sense of humor. Didn't you used to call me Cardboard Boy?"
"Yeah, but I stopped after you randomly locked out my user account at the worst possible moments..."
"I'm not kidding."
Jessica, feeling like she'd just stepped off a rollercoaster, reached out and put a hand on the wall. "Bobby, you mean to tell me there's a ninja loose in the building?"
"Well.. no. He's lying unconscious in the server room."
Tevita gave her a quick look, then bee-lined towards the door to the server room. Jessica wanted to run the other way, but Bobby gave her a helpful shove on the back towards the room. She glanced behind at him, and he blushed.
"Sorry, but the more witnesses the better."
The figure sprawled out on the floor clutched a hard drive in his back-gloved hands. He didn't look like a real ninja, but a black ski mask that looked similar to a ninja wrap covered his face. A goose-egg on his forehead the size of a golf ball, halfway hidden by the mask, seemed to say loudly why he wasn't conscious. Jessica found herself staring, her mouth hanging open and her hand moving up to cover it.
"Oh my gosh," she said, her voice embarrassingly high-pitched. Her heart hammered in her chest as if she'd just jumped off a cliff
Tevita gave Bobby a searching look. "Do you know martial arts or something?" he asked.
"No. I thought I heard something while I was bringing back the two new demo laptops, so I went to check it out. When I saw him, I just reacted."
"What did you do?"
"Well... I had a MacBook Air in my left hand, and a Panasonic Toughbook in the right. The MacBook might be thin enough to decapitate a ninja, but more likely it would have bounced off his skull without slowing him down, so I threw the Toughbook."
Tevita reached out with his toe and nudged the intruder.
"We should leave and call the police," Jessica said, edging towards the door.
"He's out cold," Tevita said, reaching down to pick up the Toughbook. The screen gleamed beautifully, no sign of damage despite being used as a blunt weapon. "Too bad these aren't vPro yet," he said.
"I called the police," Bobby said. "They should be here soon."
The next half-hour moved as if in a dream. Jessica felt like she'd stepped out of the real world and into some crazy movie. Slowly the facts of the intruder came to light, and like wiping away the mist on a foggy window things didn't seem as ridiculous as they first seemed.
The man had been hired to steal a specific hard drive. He was fully cooperative with police, apologetic for getting caught and worrying everyone. He indicated he wore the mask not as an intimidation method, but to remain incognito to security cameras. The policy cuffed him and off he went, leaving everyone standing there in disbelief.
"Is that Mitch's hard drive?" she finally asked Tevita, who had retrieved the hard drive the "ninja" held.
Tevita pointed to connector of a cut IDE cable sticking out the back. "It looks like it..."
Bobby took the drive, hefting it, his small eyes squinting. "No, this is a RAID drive. He 'raided' a server..."
Jessica stared at him as he chuckled. Tevita stared for a moment, and broke into a wide grin.
"And you say you have no sense of humor," he said with a laugh.
"My Dad told me puns don't count," Bobby responded.
"What about the data on Mitch's hard drive?" Jessica inquired. "I know he had confidential, sensitive information on it."
Bobby shrugged. "Nothing we can do about it unless we can find it. It wouldn't be the first time."
She shook her head. "Too bad vPro doesn't have disk encryption yet. I know they're working on it."
Bobby's head perked up. "vPro with disk encryption? Nice."
The receptionist motioned to Jessica, and she walked over.
"Mr. Johnson has called a meeting in the executive briefing room," she explained, a phone held between her ear and her raised shoulder. "He says it's urgent, but not to worry."
"Not to worry," she echoed, feeling a surreal sense of amusement at the statement. "Right."
She rounded up Tevita and Bobby and they headed upstairs. The executive briefing room flooded with light, with the impeccable CEO standing by the floor to ceiling window showing the bottom half of the skyline to downtown Boston. He smiled casually, his hands clasped behind his back. When they'd all entered and sat down, he turned around, his smiling increasing.
"The mighty defenders arrive," he said. "I had a call from Mitch Cavanaugh concerning your ability to quickly resolve the theft of his hard drive. I commend you on a lightning-fast response. I can tell by your expressions that you're a bit shaken."
He paused, the smile abating. "Let me assure you that we are permanently stepping up our security. I blame myself for not taking steps against blatant thievery. I guess I'd hoped my former colleague had gotten past that type of criminality."
Bobby raised his hand, and Mr. Johnson gestured at him. He cleared his throat, folding his skinny arms.
"So don't we have enough evident now to get the police involved?"
Mr. Johnson shook his head. "No, and even with the thief in hand I doubt they'll be able to link this to New Nifty Networks. For all we know this isn't related to them, though our situation and the probability point in that direction. No, we won't be making any effort to link the thief with Nifty. Your job is to continue tightening our security."
"First, let me commend you, Tevita, for your mastery of providing mirror systems to people when theft occurs. Second, I commend you, Bobby, for always delivering when issues arrive. Lastly, I commend you, Jessica, for your insistence on vPro. I know Edgar and others have given you are hard time about it, but it seems you prove it's worth daily."
"Thank you," she said.
"Our next step is to find out if any other systems have had their hard drives stolen. I'll leave this task in your capable hands. If you have any questions or concerns, please come see me in my office."
As quickly as the meeting started, it ended.
When they reached their cube area, Tevita didn't sit down at his, but followed her into hers. He stared at the Altiris Console idling on her screen, his arms folded and his expression pinched in thought. She sat down, eyeing him, as she reached for her keyboard.
"Let me guess," Tevita said, "you already have a plan?"
She let her hands fall into her lap. "Well... yeah. It shouldn't difficult to find out which systems no longer have HDDs even if the systems have been off for a while. I just..."
Her voice faded away. She stared at Tevita, trying to sort through her emotions.
"You're freaked," Tevita offered.
"No... well... yeah. I kind of am. Cyber attacks are one thing, but Bobby's ninja..."
Tevita retrieved his chair from his cube, sitting down and leaning back at the entrance of her cube. "With computers thieves usually only break into places for the hardware. Some of the servers Bobby runs cost more than a new BMW. Stealing the hard drives means they're after data. It's really no different, except we're using software to block software attacks, and we use guards, locks, and other such things for the hardware attacks. You heard Johnson. I don't think you have to worry."
She sighed. "We should get occupational hazard pay. I'll get over it, though I may bring pepper spray tomorrow."
"That'll work.".
She cracked her knuckles by clasping her fingers and pushing her arms out. "Let's get into this. First off, we can't rely on Inventory Solution to know if the hard drive is there or not, since the OS obviously has to be up and running to get an updated Inventory. We might be able to use the Altiris Agent's last check-in time to note those systems that are no longer reporting, but that won't tell us if those machines are simply off or something similar."
Tevita nodded. "Fun. Without the hard drive we have no manageability capability."
"Except for the one thing that runs outside of the hard drive."
"Intel vPro."
"Exactly. All capabilities are still available even when the hard drive's been yanked."
"So we can use RTSM to remote into those systems not responding in Altiris using Serial-Over-LAN to see if the hard drive is there, like you did for Mitch."
Jessica nodded, smiling. "That would work, but I have a faster, much easier way."
Tevita rolled closer as she put her hand on the mouse and started using the Altiris Console, his eyes focused on the screen. "I like easy," he said.
She browsed under Manage and clicked on Jobs. When the left-pane tree loaded, she browsed under Tasks and Jobs, Server Tasks, Real-Time Console Infrastructure, and clicked on 'Get Intel® AMT Inventory'. She clicked the Run Now button.
On the resulting window that popped up she gave the Run name: Ninja stolen hard drive, and clicked on the 'Select computers' link. Within the 'Select Computers' dialog in the left-most pane, she browsed in the tree from Collections, Out of Band Management, Provisioning, and double-clicked on 'Provisioned Intel® AMT Computers. The middle pane showed a list of all vPro capable systems in the environment, and the right-most pane showed the Provisioned collection she'd selected. She clicked OK. She then clicked the Run Now button.
"That's it," she said, leaning back. "In the next minute or two we should have inventory from all vPro capable systems."
The Tongan shook his head. "You're going to outsmart us all out of a job," he said.
She raised an eyebrow at him. "Are you kidding? We might, just might, get to all the stuff on our plates we normally leave forever on the backburner."
She browsed in the Altiris Console under View, Reports, Incident Management, Real-Time Console Infrastructure, and selected Intel® AMT Hardware Inventory. When the report home page loaded, she clicked the Run this report link. For the parameters she left 'System' to --Any--, and changed 'Hardware Type' to 'Media'. She clicked the 'Refresh' button to load the report.
"Okay, this shows us all systems that have a hard drive reported with AMT Inventory. We could manually compare the list, but why not create a new report that shows us systems that do not have anything in the Media table?"
She right-clicked on the 'Real-Time Console Infrastructure' folder and choose New, Report. She gave it the name: Intel vPro Computers Without a Hard Drive. She choose 'Enter SQL Directly' and then rolled back from her desk.
"Alright SQL guru, I'll give you what I need and you can figure out the query."
He scooted around her, reaching for the keyboard. "Alright. Shoot."
"Okay, we need to have a list of all computers that either do not have an entry within the table Inv_AMT_Media_Device. That's it."
"That's it? That's easy enough..."
Tevita entered in the SQL, and saved the report. When they ran it, only two systems showed up. Jessica looked at the names of the computers. "These are both from accounting, but Joe is in New York doing his accounting work on his laptop, and this other... he's here, but hasn't reported anything yet."
Tevita stood, dragging his chair back to his cube. "I'll take care of these two. Why don't you go home?"
"And leave you here..."
He laughed. "I'll be fine. It's almost five, and you probably want to take a nice relaxing evening trying not to think about thieves and ninjas."
"Thanks for that," she commented dryly, but with no conviction. "Only if you're sure..."
"I'm sure. I'll see you tomorrow."
"Thanks. Have a good evening."
End Part III
Recognizing the need for better physical security, and using vPro to minimize the effects of theft, the IT team continue to rise to meet the challenges facing them.
Altiris and Intel vPro Use Cases, Part 2: Antivirus
Altiris and Intel vPro Use Cases, Part 4: Auditing and Software Remediation