Home > Intel Communities > Open Port IT Community > Intel® vPro™ Expert Center > Blog > Tags > conficker
Up to Blog Posts in Intel® vPro™ Expert Center

Intel vPro Expert Center Blog

3 Posts tagged with the conficker tag
Justin Van Buren
0

While at Symantec ManageFusion 2009, we had a chance to talk to IT executives and managers from Disney International, Fox Interactive Media, Blue Cross Blue Shield and McCormick Spice Company and industry analysts from Enterprise Management Associates and Ptak, Noel & Associates LLC. In this video, they talk about the security benefits of Intel vPro technology - which include the ability to deploy software patches faster into the installed PC base, and the ability to quarantine infected PCs and remotely remediate them.

To learn more about Intel's presence at Symantec ManageFusion 2009, go to: http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: vpro, intel, security, managefusion, 2009, bluecrossblueshield, disney, fox, mccormick, ptak, ema, pc, refresh, viruses, malware, quarantine, pcs, system, defense, isolate, recover, patching, faster, patches, conficker, altiris, centrino_pro, client_management, symantec, amt
Michele Gartner
0

On the eve of April Fools' Day, Terry Cutler blogged about the Conficker worm and Intel vPro technology, posing the question "Can Intel vPro help combat Conficker worm?" In his post, Terry was looking for community feedback on what the IT community is doing to prevent such attacks from occurring. Are you taking advantage of the use cases on your activated vPro boxes? System Defense is your best friend here - it allows you to isolate infected clients from the network. You can also use vPro technology to do things like drastically improve patch saturation - whether the systems are powered on or out of band.

 

I just uploaded a paper with more information on this topic - please read and see how you can protect your network from attacks from worms like the Conficker.

 

Conficker Worm, Response Times, & Intel vPro Technology

0 Comments Permalink Tags: vpro, remote_remediation, system_defense, security, conficker, agent_presence
Terry Cutler
0
Perhaps a better question is - How can the current Intel vPro Technology combined with existing management\security solutions help protect client systems?

 

This is not an attempt to scare or over-generalize the reality of security threats such as the Conficker worm.  The intent is directed to how a real-world situation can be addressed.  The suggestions below assume Intel vPro Technology is already configured within your environment - thus you are ready and able to use the out-of-band management technology in connection with existing "in-band" management tools.
An overview of the Conficker worm is available online. The following are a few examples:
·         http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm (there’s a 60 minute interview video)
There are a mix of good\bad reports on preventing, detecting, removing, and basically addressing the worm.
The following are a few suggestions on how to combine Intel vPro Technology with client management and security solutions to help protect and remediate a worm infection situation.
Interested to know if you’ve employed such tactics and how these have assisted in combating the Conficker worm threat.
·         System Defense/Network Filtering to totally isolate a client - For systems that have been detected as infected on the network
·         Out-of-band discovery of systems needing a patch – In searching databases\logs for clients that have not received the latest security updates, the ability to locate those system on the network even when powered-off
·         Wake-up, patch and/or scan systems – using a job to reliably power-on via Intel vPro technology, distribute necessary security patches to the client, run security scans, and then power-off the client.
·         Isolate and patch – For systems that have not been patched\scanned, yet to provide a security precaution before allowing them on the network. This will require a customized system defense or network filter to allow certain “in-band” actions on the targeted client. (i.e. patch, scan, etc).
If not already familiar with how to combine out-of-band and in-band management techniques as mentioned above, example demonstrations for an Altiris CMS version 6 environment are available at http://www.symantec.com/connect/articles/combining-band-and-out-band-management, with the same material (including lab documents) also posted at http://communities.intel.com/docs/DOC-2347
0 Comments Permalink Tags: virus, vpro, symantec, worm, conficker

Popular Blog Posts