Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intel Active Management Technology

Published byIngegerd Sandström Modified over 5 years ago

Similar presentations

Presentation on theme: "Intel Active Management Technology"— Presentation transcript:

1 Intel Active Management Technology
Operating System Intel Hardware

2 Intel Active Management Technology
Operating System Intel Hardware Intel AMT

3 Intel Active Management Technology
Operating System Intel Hardware Intel AMT

4 Intel® Active Management Technology
Core™2 Duo

5 Changing the Game: Intel® Active Management Technology
Out-of-band system management Remote management regardless of power on/off state or OS state Direct connection via TCP/IP firmware stack Tamper-resistance Hardware/firmware solution Persistence Nonvolatile storage of state Survives power outages and system rebuilds

6 Out-of-band system management
Discover PCs and their configuration on the network independent of their operational state Remote hardware/software inventories Securely wake & update PCs Remote troubleshooting and recovery Remotely repair a PC Prevent critical security code from being disabled Process monitoring (e.g. anti-virus) Detect & block anomalous network behavior Network packet filtering for inbound/outbound traffic Proactive alerting

7 WS-Management for In-band and Out-of-band
Machine Boundary Management Applications WS-Man Listener WS-Man (OS Running) WDM provider User Intel® AMT Driver Kernel Hardware Intel® AMT Controller WS-Man (pre-boot, post crash) Intel, Microsoft and other industry players have announced WS-Management to help address the cost and complexity of IT management

8 Intel Active Management Technology

9 Intel AMT architecture

10 Intel® Active Management Technology Discover Your Assets
? IT Management Console PCs on Network Discover: Intel® AMT downloads HW & SW asset information from the BIOS and OS into non-volatile memory during boot, which can be accessed by IT anytime because users can’t remove or prevent IT access to the information.

11 NAC Framework Solutions: Client Security
Example solution built with Intel CTA = Cisco Trust Agent NAC = Network Admission Control Intel® AMT provides configuration state information to CTA Intel® AMT is granted access to enterprise network 3 Posture Plug-In CTA NAC-Enabled Network Intel Platform Intel AMT communicates platform HW / SW state to NAC and supports remediation of quarantined platforms The main attribute of Intel AMT is that it works independently of the operating system, which allows new methods of discovery, healing, and protection on your network. Intel calls this ability out-of-band management. With Intel AMT, administrators can discover networked systems in their environments, regardless of the system power state or operating system condition. The administrators can use the remote control capabilities to heal a networked system, even if the operating system (OS) has failed. Intel will provide a posture plug-in for Cisco Trust Agent. The plug-in will provide platform configuration information to CTA, allowing Intel AMT to meaningfully participate in the Cisco NAC infrastructure. The data sent to the Cisco Trust Agent includes: BIOS revision level Intel AMT firmware revision level Intel AMT status Intel AMT configuration settings Other NAC-compliant plug-ins will also report their posture levels to the NAC Access Control Server (ACS). In the event that a given plug-in reports a noncompliant configuration setting, Cisco ACS will block access to the corporate network. Intel AMT can be used for updating/healing the system to a compliant posture. For example, if the OS firewall policies on a platform were noncompliant, the IT administrator could use the Intel AMT third-party data store to push an updated policy on to the platform for remediation of it. The firewall posture plug-in would recognize this change and initiate a new NAC exchange to let the platform onto the corporate network. 1 Intel® AMT NAC Policy Server assess AMT posture and grants network access based on IT policy 2

12 Management Console from ISV partners
Embedded IT: Proof of concept for wireless manageability and Security demo Management Console from ISV partners Enterprise Intranet Mobile Concept PC IT embeds rule to detect a specific network based attack in NB Client’s Manageability Engine The Manageability Engine detects specific attack and alerts IT and isolates PC from network IT then takes following actions via Out of Band Channel: Queries PC to fix issue Restores PC to network

13 Securing AMT Hardware/firmware solution
Only firmware images digitally signed by Intel are allowed to run OOB communication done via TLS with RSA keys of length 1536 bits Server authentication Optional client authentication Maximum of 4 sessions HTTP Digest authentication RFC 2617 for authenticating users Access controlled storage of critical data to non-volatile data store in AMT hardware Random number generator in firmware to generate high-quality keys Hardware acceleration of cryptographic primitives

14 Extra slides

15 EDS Pilot of Intel® Active Management Technology

16 Hardware Enhanced Manageability Intel® Active Management Technology with Microsoft* System Management Server 2003 plug-in Discover & Wake Up the PC (Even if Powered Down) Heal: Use Serial Over LAN (SOL) to Configure BIOS if PC is Not Responding Protect Against Malicious Software Attacks Intel® Active Management Technology requires the platform to have an Intel® AMT-enabled chipset, network hardware and software.  The platform must also be connected to a power source and an active LAN port.

Download ppt "Intel Active Management Technology"

Similar presentations

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
This document is the intellectual property of Acer Inc. and may not be used, reproduced, modified, or re-utilized in any way without permission by Acer.

This document is the intellectual property of Acer Inc. and may not be used, reproduced, modified, or re-utilized in any way without permission by Acer.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.

WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Intel ® vPro™ Expert Training 1 Module 2: Overview of Intel® vPro™ Features.

Intel ® vPro™ Expert Training 1 Module 2: Overview of Intel® vPro™ Features.
1 Webinar Calendar for Q3 ’09 TopicAgenda/ContentPrerequisite (Click on links in presentation mode) Time & Registration Link Introduction to Intel® vPro™

1 Webinar Calendar for Q3 ’09 TopicAgenda/ContentPrerequisite (Click on links in presentation mode) Time & Registration Link Introduction to Intel® vPro™
Wally Mead Senior Program Manager Microsoft Corporation.

Wally Mead Senior Program Manager Microsoft Corporation.
April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.

April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Module 8: Configuring Network Access Protection

Module 8: Configuring Network Access Protection
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
Managing the Windows Vista* Transition on Intel ® Professional Business Platforms Justin Van Buren Digital Office Platform Marketing Business Client Group,

Managing the Windows Vista* Transition on Intel ® Professional Business Platforms Justin Van Buren Digital Office Platform Marketing Business Client Group,

Similar presentations

Ads by Google