Intel Centrino Pro, vPro Using LANDesk* Out-of-Band Monitor Amtmon Features, System Defense SD

Page 14

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

Once AP starts on the client (default startup time is 6 minutes after the client is powered on), if the COLLECTOR.EXE process is killed or the LANDesk Management Agent service is stopped, an AP alert is generated. AP start and stop alerts are displayed in the LSM log, not the Intel AMT Event Log.

Note: If the COLLECTOR.EXE process is killed, restart it by running RESTARTMON.EXE, which is located in the LDCLIENT folder on the client system.

LANDesk Management Suite 8.8 has the ability to have Agent Presence trigger a System Defense policy to isolate the client system from the network. This can be done by creating an Intel AMT Agent Presence alert in the LSM console (under the Core Ruleset) with the action of “Place in the Intel AMT Remediation Queue.” With this alert rule in place, if a monitored process on the client is stopped, an Agent Presence alert is generated by Intel AMT and sent to the LANDesk core server. The core server will then issue a System Defense policy to the client that will stop all network traffic except for LANDesk management traffic, Intel AMT traffic, DNS traffic, and DHCP traffic, thus isolating the client system from the network except for system management functions.

Using LANDesk* Out-of-Band Monitor (AMTMON) Features:

LANDesk 8.8 has the ability to disable the network on the client at the OS level. This is not done through the System Defense feature, but rather through LANDesk agents and communication via the Intel AMT non-volatile memory (NVM) area. When you select to disable or enable the network on that client, a flag is set in NVM on the client, which is monitored by the service LANDesk* Out-of-Band Monitor (AMTMON.EXE). The AMTMON service disables or enables the network on the client based on the value of the flag in NVM. AMTMON can also run a vulnerability scan on the client at the next restart, if that flag is set. A message dialog is displayed on the client system whenever these three operations are performed.

Note: Do not ping the Intel AMT client to test if the network is disabled. Intel AMT will still respond to pings.

System Defense (SD):

System Defense (SD) does not require any agents to be installed on the Intel AMT client machine. System Defense policies may be configured on a per-machine basis.

There are four pre-defined SD policies:

An FTP access policy which will trigger SD if an FTP access is made either to or from the Intel AMT client machine.

A UDP flood policy which will trigger SD if Intel AMT sees at least 20,000 UDP packets per second and will monitor for a Denial-of-service attack.

An SYN flood policy which will trigger SD if Intel AMT sees at least 20,000 IP packets per second and will monitor for a Denial-of-service attack.

14

Image 14
Contents Centrino Pro Processor Technology Quick Start Guide GuideContents What This Document Contains PrefaceIntended Audience Process Overview Deciding Which Provisioning Mode to Use Where do I go from here?Deploying Intel vPro Using SMB Basic Mode Provisioning Process FlowchartChoose Dhcp or Static IP Addressing for Client Systems Configure Existing IT InfrastructureVerify Intel vPro Client Windows Drivers Set Firewall/Router PortsSet Password Ensure Management Console Has the Correct Intel AMT SupportConfirm You Have the Latest Bios and Firmware Version Configure Intel vPro Client BiosSelect TLS or non-TLS mode Change the Intel MEBx PasswordSelect an IP Addressing Scheme Set Additional Intel MEBx ParametersDiscover Intel vPro Clients Through the Management Console Discovery Without the LANDesk Agent Installed on the ClientDiscovery With the LANDesk Agent Installed on the Client Test Intel vPro Client FunctionalityPage Using Agent Presence AP Post ConfigurationUpdating Procedures to Include Intel AMT Features Adding New DevicesUsing LANDesk* Out-of-Band Monitor Amtmon Features System Defense SDPage Process Flowchart Intel vPro Enterprise Setup and Configuration Flow SetupSQL DB Dhcp DNS Set Firewall/Router Ports Open for Management Traffic Database Server IntegrationSet Intel vPro Password and TLS mode in Management Console Select TLS Advanced mode or non-TLS Standard mode Configure Intel vPro Client Authentication SettingsSet Intel MEBx Password Page OEM Pre-configuration Factory State to Configured State Management console Page Page Discover Intel vPro Clients through the Management Console Test Intel vPro Client Functionality From LANDesk Network Settings o User Accounts Using LANDesk* Out-of-Band Monitor Amtmon Features Page Appendix a Troubleshooting PIDPage An example of Successful Provisioning Page An example of an unsuccessful Provisioning Page Page Appendix B Glossary of Terms used in this guide

Centrino Pro, vPro specifications

Intel vPro and Centrino Pro are advanced technologies designed to enhance business computing environments, providing a blend of performance, security, and manageability. These technologies are specifically aimed at IT professionals and organizations looking to streamline their operations and protect sensitive data.

Intel vPro technology is built for today’s enterprise needs, incorporating a set of hardware and software features that allow for advanced security, remote management, and increased performance. One of the core features of Intel vPro is its Hardware Shield, which provides security at the firmware level, helping to protect against threats before they even reach the operating system. This feature enhances the overall security posture of devices while enabling IT departments to respond more effectively to potential threats.

Another prominent aspect of Intel vPro is its remote management capabilities, which include Intel Active Management Technology (AMT). AMT allows IT administrators to manage devices even when they are powered off or have a corrupted operating system. This capability significantly reduces downtime and improves productivity, as IT support can troubleshoot and resolve issues remotely without needing physical access to the machine.

Centrino Pro, on the other hand, focuses on delivering performance and power efficiency for mobile computing. It integrates Wi-Fi capabilities with advanced security features, enabling users to stay connected securely while on the move. Centrino Pro technology includes Intel's power management capabilities, which optimize battery life and enhance the performance of mobile devices.

The combination of Intel vPro and Centrino Pro offers features like Intel Trusted Execution Technology (TXT), which helps to protect virtual machines and sensitive data from attacks. Additionally, these technologies support enhanced multitasking capabilities, powered by Intel's robust processors, ensuring that business applications run smoothly and efficiently.

Both Intel vPro and Centrino Pro are designed with scalability in mind, allowing organizations to easily deploy and manage multiple devices across various locations. This scalability is an essential characteristic for businesses that require flexibility in their IT infrastructure without compromising performance or security.

In summary, Intel vPro and Centrino Pro represent a powerful suite of technologies tailored for enterprise environments. With features focused on security, remote management, and efficient mobile computing, they help organizations optimize their IT strategies and foster a secure and productive workplace.