Home > Intel Communities > Open Port IT Community > The Server Room > Blog > Authors > JGreene
Up to Blog Posts in The Server Room

The Server Room Blog

2 Posts authored by: JGreene
JGreene
1

Do you ever wonder where Spam comes from?  I have no idea where the meat-like version of Spam comes from (nor do I wish to ponder that mystery). But it is pretty well established that a huge component of the e-mail and IM Spam that we all know and hate is generated by automated programs (bots) installed on thousands or even millions of unsuspecting systems.  These bots are remotely controlled via command-and-control or even peer-to-peer networks (botnets) to do the bidding of the bot developer—such as propagate Spam or other malicious software or generate denial of service attacks against designated targets.  And all of this could happen without most people even knowing their system is doing anything. 

Botnets are the end result of many malware exploits—as viruses, worms, Trojans, drive-by or click-through attacks may deliver and propagate the bot payload. They are also a crystal clear example of how the objective of attacks have changed from hit-and-run high-profile grabs for fame to instead focus on stealth and establishing and retaining control of assets. Botnets are an ideal tool for the nefarious—they can command huge numbers of widely distributed systems at trivial costs.  While it is hard to estimate how many systems are part of a botnet, the potential is staggering.  For example, the much-publicized Conficker worm is estimated* to have placed more than 4 million unique IP addresses under the control of “bot-masters”. And this huge resource base allows the bot-masters to rent control of these resources to spammers or other agents looking for ways to generate attacks or other nuisances with low risk of being detected.  In essence, they are allowing criminals and spammers to outsource the generation of their malicious activities. It is a frightening business model indeed.

It is also a difficult challenge for IT. Thanks to botnets, it is possible for an IT manager or CIO to get a call from out of the blue asking why their systems are attacking some other company or government entity’s systems.  Or discover a botnets of 100’s of computers with their company.  These type of events can happen to the best IT departments (even Intel or the US Government). Clearly, IT needs tools to help prevent such scenarios, and the antivirus and intrusion detection/prevention industry is working hard to keep up with the rapid growth in the delivery vehicles for bot code.  The other weapon for IT managers is traffic analysis – looking for strange patterns of activity (such as bursts of e-mail traffic from selected systems or floods of network traffic generated against specific targets) that falls outside of business norms to determine if there is another business being conducted with their assets.  While being part of a networked world has wonderful, powerful benefits, it is not without enhanced risk. A botnet is not a network you ever want a member of.

Intel technologies like Trusted Execution Technology (TXT) and instruction set optimizations such as STTNI can be part of these solutions.  Intel® TXT can be used in solutions that help protect systems from software attacks which provide the malware payloads to compromise systems.  In fact, Intel TXT (to be available with Westmere server systems) provides an entirely new protection capability for most systems—providing evaluation of the launch environment and enforcing “known good” code execution. This is important because most malware tools execute only once the system is booted—so Intel TXT provides a valuable complementary protection. And to help with the growing burden of run-time malware and attack analysis, new (with Nehalem) instructions that accelerate string manipulation can boost content inspection software ability to detect anomalies.  And research and development will ensure Intel continues to develop and deploy building blocks to help IT address today’s challenges and tomorrow’s.

We can do that most effectively only if we’re trying to solve the right problems.  Are your systems under attack? (yes, they are). What types of solutions are most effective for you?  Where is the greatest exposure? Is the pain in stopping attacks or cleaning up after them? This is certainly worth thinking about—before some Government agency comes calling asking why your systems are sending them so much spam!

*http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionTracking

1 Comments Permalink Tags: bot, txt, malware, intel_txt, westmere, security_technology, security, control, compliance, attacks, trusted_execution_technology, sttni, nehalem
JGreene
0

IDF: Something for Everyone

Posted by JGreene Sep 16, 2009

It has been a couple of years since I’ve had the opportunity and pleasure of attending an IDF, but I remember the experience well.  While I had been in the technology industry for many years and was familiar with major tradeshows like Comdex, Interop, CeBit, etc, I recall being amazed that a single company could be the catalyst for such a huge event.  But as I experienced it, it made more sense: after all, Intel sells a very broad line of products to a huge array of customers.  And our products are among the most technologically advanced and complex in the world—yet they are only critical components to solutions that require a wide range of complementary parts—system boards, test tools, compilers, software, BIOS and integrators—to name just a few.  And IDF is the critical venue to galvanize this huge and surprisingly efficient cadre of fellow travelers that will help build upon and deliver our technologies to the world.  It is where we educate, communicate and differentiate, and it is a great showcase for Intel.

This year, I’m excited to be able to participate.  As I wrote a few weeks ago, I’m looking forward to being able to use this showcase to help establish Intel’s focus on server security. We’ve got a couple of key new features—Intel® Trusted Execution Technology (TXT) and Advanced Encryption Standard new instructions (AES-NI) for encryption processing—that promise to make secure processing for servers more complete and efficient.  You can get a glimpse of what Leslie Xu and Michael Kounavis will cover for AESNI. I’ll be working with Mahesh Natu and some friends in the fellow traveler community to help introduce TXT for servers. Like many others, we’ll be using this opportunity to: conduct training for developers (session ECTS002); show the technology in action in a really cool Server Zone demo (Booth #517), and generally help build awareness for TXT and security in general.  I’m really looking forward to the demo.  It is one thing to offer a cool feature, but it is a whole new level of anticipation when one can so clearly visualize how this technology can be deployed to make users’ environments better.

I know that we’re eager to share our enthusiasm and engage the developers and customers that will make our technologies a success.  I’m also keen to get to see other great things coming out of Intel and our fellow travelers. What are you eager to see and hear about at IDF?

0 Comments Permalink Tags: and, server, technology, txt, execution, idf_30in30, idf_2009, trusted, security

Popular Blog Posts

Filter Blog

By author: By date: By tag: