Can Intel vPro help combat Conficker worm?

 

 

Feed: Intel vPro Expert Center Blog
Posted on: Monday, March 30, 2009 5:36 PM
Author: communityadmin@intel.com
Subject: Can Intel vPro help combat Conficker worm?

Perhaps a better question is – How can the current Intel vPro Technology combined with existing management\security solutions help protect client systems?

 

This is not an attempt to scare or over-generalize the reality of security threats such as the Conficker worm.  The intent is directed to how a real-world situation can be addressed.  The suggestions below assume Intel vPro Technology is already configured within your environment – thus you are ready and able to use the out-of-band management technology in connection with existing "in-band" management tools.

An overview of the Conficker worm is available online. The following are a few examples:

·         http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm (there’s a 60 minute interview video)

There are a mix of good\bad reports on preventing, detecting, removing, and basically addressing the worm.

The following are a few suggestions on how to combine Intel vPro Technology with client management and security solutions to help protect and remediate a worm infection situation.

Interested to know if you’ve employed such tactics and how these have assisted in combating the Conficker worm threat.

·         System Defense/Network Filtering to totally isolate a client – For systems that have been detected as infected on the network

·         Out-of-band discovery of systems needing a patch – In searching databases\logs for clients that have not received the latest security updates, the ability to locate those system on the network even when powered-off

·         Wake-up, patch and/or scan systems – using a job to reliably power-on via Intel vPro technology, distribute necessary security patches to the client, run security scans, and then power-off the client.

·         Isolate and patch – For systems that have not been patched\scanned, yet to provide a security precaution before allowing them on the network. This will require a customized system defense or network filter to allow certain “in-band” actions on the targeted client. (i.e. patch, scan, etc).

If not already familiar with how to combine out-of-band and in-band management techniques as mentioned above, example demonstrations for an Altiris CMS version 6 environment are available at http://www.symantec.com/connect/articles/combining-band-and-out-band-management, with the same material (including lab documents) also posted at http://communities.intel.com/docs/DOC-2347


View article…

Published with BlogMailr

Leave a Reply

Your email address will not be published. Required fields are marked *