Intel vPro: Three Generations Of Remote Management

Status
Not open for further replies.

cngledad

Distinguished
Nov 11, 2010
11
0
18,510
Can I suggest an article comparing different remote access tools we can use? From the freeware TeamViewer, VNC Viewer to such things like WebEx? I think that would be a very good topic.
 
G

Guest

Guest
One correction: DQ57TM *does* contain a v1.2 TPM, the same as found on DQ67SW and DQ67EP. It's required to be vPro compliant (necessary for Intel TXT).
 

jhansonxi

Distinguished
May 11, 2007
1,262
0
19,280
Nifty but I don't like the single-vendor lock-in. I can see real improvements in IT efficiency if this was combined with AoE. Would like to see SSH support, however.
 

extremepcs

Distinguished
May 6, 2008
380
0
18,790
Hopefully they have improved the activation mechanism. Kind of a PITA if you don't buy a certificate from a trusted CA. I used an internal cert and had to activate each machine by booting from a flash drive.
 

chovav

Distinguished
Apr 27, 2008
27
0
18,530
If my hard drive is encrypted using TrueCrypt pre-boot authentication, would I be able to fill in the password using Intels vPro?
 

cangelini

Contributing Editor
Editor
Jul 4, 2008
1,878
9
19,795
[citation][nom]cdw-vpro[/nom]One correction: DQ57TM *does* contain a v1.2 TPM, the same as found on DQ67SW and DQ67EP. It's required to be vPro compliant (necessary for Intel TXT).[/citation]

Fixed, thanks!
 

pjkenned

Distinguished
Aug 6, 2011
12
0
18,510
[citation][nom]chovav[/nom]If my hard drive is encrypted using TrueCrypt pre-boot authentication, would I be able to fill in the password using Intels vPro?[/citation]

Generally you don't want to do this. Pre-boot authentication on encrypted drives is a security measure so that someone gaining access to a shut-down PC cannot cold boot onto the contents of the disk. For example, one shuts down a notebook that is subsequently stolen in an airport.

In that scenario (actually fairly common) the user that now has the notebook can boot to the contents of the disk if a password was pre-filled.
 

kevikom

Distinguished
Jan 30, 2009
15
0
18,510
HP insight manager is better. Weird thing is I found out about it from a whitepaper on Dells site. I thought HP and Dell hated each other?? but we use it for PCs, servers, and it has a plugin for Vmware.... AND IT IS FREE.
 
G

Guest

Guest
[citation][nom]pjkenned[/nom]For example, one shuts down a notebook that is subsequently stolen in an airport. In that scenario (actually fairly common) the user that now has the notebook can boot to the contents of the disk if a password was pre-filled.[/citation]

So you saying that's a bad idea for the owner that he typed the pre-filled the password using vPro?

 
G

Guest

Guest
Hi, does anybody know if Intel Dq67sw motherboard Support 8Gb ddr3 Single Modules . Because Intel Technical product specification states " Support for 32GB of System Memory with four DIMMS using 4GB memory technology ".

Are there any other Intel boards which support vPro ( VT-X , VT-D ) with 32GB for i7 2nd Generation.

As i want to build one myself for VM.
 

omerl

Distinguished
Jan 29, 2012
3
0
18,510
[citation][nom]pjkenned[/nom]Generally you don't want to do this. Pre-boot authentication on encrypted drives is a security measure so that someone gaining access to a shut-down PC cannot cold boot onto the contents of the disk. For example, one shuts down a notebook that is subsequently stolen in an airport. In that scenario (actually fairly common) the user that now has the notebook can boot to the contents of the disk if a password was pre-filled.[/citation]
[citation][nom]dj christian[/nom]So you saying that's a bad idea for the owner that he typed the pre-filled the password using vPro?[/citation]

Chovav, pjkenned and dj christian - yes, you can use Intel vPro AMT to fill the Pre-Boot Authentication. You can do this either with AMT KVM (which is the simple way, but requires AMT 6 and above) or with AMT SOL (assuming TrueCrypt allows SOL.
pjkenned - there are several scenarios which it would makes much sense to send the password for PBA remotely: 1. Support agent trying to recover a user's password. 2. Trying to boot to a computer you left in the office. The idea is not that the password is pre-filled, it is filled on real-time.
It's actually can be a very powerful tool for the service-desk at your organization.

 

omerl

Distinguished
Jan 29, 2012
3
0
18,510
[citation][nom]qwer5678[/nom]So you saying that's a bad idea for the owner that he typed the pre-filled the password using vPro?[/citation]
I didn't really understand what you mean. If you utilize this feature correctly you can gain real value to your organization. Note my 2 suggestion of usage. If you have it kept in a DB or something similar, you must make sure this DB is encrypted and secured properly, since this is sensitive information, but you can still get it and send it to your computer using vPro encrypted over TLS/SSL channel.
 

omerl

Distinguished
Jan 29, 2012
3
0
18,510
okokpkpk - I'm saying DO NOT PRE-FILL THE PASSWORD. This is not what's vPro is all about.
I'm saying, create a solution for your organization that allow real time password push to your clients, in case a password is forgotten. Passwords are stored securely inside the organization and are only used in case of password forgotten. Nothing else. Do no bypass the pre-boot authentication mechanism.
 

masi87

Honorable
Aug 10, 2012
1
0
10,510
Why does noboy complain about the missing SSL for the logon page of the Web-Interface? (even thought not only logon but everything after that should also be encrypted to prevent cookie theft).
 

michealPW

Honorable
Aug 3, 2012
5
0
10,510
I'm not sure what's more unsettling... The fact that this technology's being rolled out in so many mainstream Intel CPUs and Chipsets or the fact that I seem to be the only one that sees this as a major attack vector :|

Good gawd what a frightening world we're marching into. Security and Privacy is becoming an unattainable dream.
 
G

Guest

Guest
Use on of the worst 500 passwords for extra security............................................................................
 
Status
Not open for further replies.