IAMT_TOC
Transcript of IAMT_TOC
-
8/8/2019 IAMT_TOC
1/7
Chapter 1 - Introduction to Platform ManageabilityPlatform ManageabilitySystem ManageabilityManageability Problems
Asset InventoryComputer RepairComputer SecurityPower Savings
Possible SolutionsIn-band versus Out-of-bandManagement Agents
Out-of-band and Agent-lessManagement in Low Power States
Summary
-
8/8/2019 IAMT_TOC
2/7
Chapter 2 - History of ManageabilityProtocol and Data ModelSimple Network Management ProtocolDesktop Management InterfaceWired for ManagementIntelligent Platform Management Interface
Alert Standard FormatCommon Information ModelAbstraction and ClassificationObject InheritanceAbility to Depict Dependencies, Component and Connection AssociationsStandard, Inheritable MethodsSummary
Chapter 3 - Manageability StandardsCommon Information Model (CIM)
UML DiagramManaged Object Format (MOF)
CIM Object Manager (CIMOM)
CIM ProfilesWeb-Based Enterprise Management (WBEM)WS-ManagementSummary
Chapter 4 - Overview of Intel vPro PlatformsIntel vPro Value VectorsIntel vPro Ingredients
Intel Core2 Processor with vPro TechnologyChipsetsGigabit EthernetPlatform BIOSSoftware Applications
Key Intel vPro TechnologiesIntel Virtualization Technology (Intel VT)Intel Trusted Execution Technology (Intel TXT)
Summary
Chapter 5 - Intel Active Management Technology OverviewKey Characteristics
Out of Band AccessLow Power OperationOperation in Various System StatesOS-Independent Agent-less SolutionTamper-Resistant Solution
Discover, Heal, and Protect
Key CapabilitiesHardware InventorySoftware InventoryHardware Health and Platform SensorsRemote Power ControlBoot ControlText Console RedirectionDisk RedirectionPersistent NVRAM Log
-
8/8/2019 IAMT_TOC
3/7
AlertsThird Party Data Store (3PDS)Agent PresenceSystem DefenseEndpoint Access Control
Interfaces and ProtocolsNetwork AccessLocal Access
Intel AMT and Enterprise InfrastructureActive Directory IntegrationSetup and Configuration ServerManagement ConsolesCertificate ServerBIOSRouters, Access Points, and ServersDHCP and DNSWi-Fi Access PointsSecurity Compliance Suites
Summary
Chapter 6 - Solving End User Problems with Intel vPro ManageabilityProtect from a Worm OutbreakTracking Hardware AssetsFixing a Blue ScreenCompliance Network AlertTracking Power UsageChanging BIOS Settings RemotelyRemote Platform DiagnosticsLockup Detection and Power ControlSummary
Chapter 7 - The Components of Intel Active Management TechnologyHardware Architecture
Intel Manageability Engine (Intel ME)Memory for the Intel MENonvolatile Storage for the Intel MENetwork Access to Intel MEProtected ClockTrue Random Number GeneratorChipset Fuse Key
Firmware ArchitectureIntel ME ROMIntel ME Kernel
Intel ME Common ServicesIntel AMT Firmware Applications
Software ArchitectureIntel AMT BIOS ComponentLocal Software ComponentsRemote Software Components
Power Management States of Intel AMTSummary
-
8/8/2019 IAMT_TOC
4/7
Chapter 8 - Discovery of Platforms and InformationNetwork Scanning for Intel AMTObtaining Intel AMT FeaturesObtaining Management InformationAsset Inventory
Intel AMT Event Log
Intel AMT Network AlertsEvent Log and Alert FiltersComputers Power, Battery, and Lockup State
Third Party Data Storage (3PDS)3PDS Allocation SystemSummary
Chapter 9 - Healing the PlatformsRemote IDE (IDE-R)
IDE-R ProtocolIDE-R SpeedBooting a Recovery OS
Serial-over-LAN (SOL)
Serial-over-LAN ProtocolSerial-over-LAN SpeedBIOS Using Serial-over-LANOS Applications Using Serial-over-LANBuilding a Serial-over-LAN TerminalAdvanced Uses of Serial-over-LAN
Summary
Chapter 10 - Protecting the PlatformsSystem Defense
Network FiltersNetwork PoliciesAnti-Spoofing Filter
Rate Throttling FilterHeuristic Filter
Heuristic PolicyHeuristic Filter DemonstrationHeuristic Filter Limitations
Agent PresenceApplication HeartbeatTaking Action
Summary
Chapter 11 - Connecting and Communicating with Intel ActiveManagement Technology
Connection
Port UsagesAuthentication and AuthorizationEnvironment DetectionIntel AMT VPN Flag
Local Host AccessImplementation of the VPN Flag
Summary
-
8/8/2019 IAMT_TOC
5/7
Chapter 12 - Internet Platform ManagementEnvironment DetectionIntel Fast Call for Help ProtocolIntel Fast Call for Help Policies
Connection TriggersFast Call for Help Network Routing
Fast Call for Help Security and AuthenticationFast Call for Help ConnectionIntel vPro enabled GatewayManageability DTK and Fast Call for HelpFast Call for Help Network SpeedFast Call for Help ConsiderationsSummary
Chapter 13 Using Intel Active Management Technology in Small andMedium-Sized Businesses
InstallationManageability CommanderConnecting
Remote displayIntel System DefenseSummary
Chapter 14 - Securing Intel Active Management Technologyfrom Attacks
Threats to an Intel AMT ComputerLocal AttacksRemote AttacksIntel AMT Process and Memory IsolationIntel AMT Nonvolatile Storage IsolationFirmware SecurityIntel AMT BIOS Security
Securing the Communication with Intel AMTAuthentication to Intel AMTAccess Control in Intel AMTTrusted Time in Intel AMT
Summary
Chapter 15 - Advanced Security Mechanisms in Intel Active ManagementTechnology
True Random Number GeneratorSecure Storage of Sensitive Data Blob Service
Chipset Fuse KeyMonotonic Counters
Measured Launch of Intel AMT FirmwareSecurity Audit LogsSeparation of DutiesAudit Log RecordsPosting an Event to the LogAuditing PolicyThe Audit Trail
Summary
-
8/8/2019 IAMT_TOC
6/7
Chapter 16 - Privacy Protections in Intel Active Management TechnologyPrivacy in the World of Technology
Privacy in the WorkplaceWhat Constitutes Private Information?The Legal Aspect of Privacy
Importance of Privacy in Intel AMT
Privacy Protection Mechanisms in Intel AMTOpt-in and Opt-outSecure Local ConfigurationEnd-user NotificationPrivate Data Storage ProtectionSecure Communication of InformationMitigating the Rogue Administrator
Summary 13
Chapter 17 - Deploying and Configuring Intel Active ManagementTechnology
What Is Setup and Configuration for Intel AMT?Deployment Scenarios
Factors to ConsiderIntel AMT Setup and Configuration OverviewIntel AMT Web Based ConfigurationIntel AMT Enterprise Configuration Methods
Pre-shared Key TLS-based Configuration ProtocolAsymmetric Key TLS-based Configuration ProtocolConfiguring Enterprise DataConfiguration Audit RecordBare Metal Configuration
Summary
Chapter 18 - Developing Solutions for Intel Active ManagementTechnology
Complete Re-useSupporting Serial-over-LAN
Selecting a TerminalSelecting a Software Stack
Selecting a WSMAN StackUsing the WSMAN TranslatorUsing the Manageability DTK StackManageability Stack ServicesCertificate OperationsKerberos SupportSummary
Chapter 19 - Support for WS-Man and CIM ProfilesWS-Management Support in Intel AMT
Intel AMT Data ModelDASH ProfilesIntel AMT Extension ProfilesSummary
-
8/8/2019 IAMT_TOC
7/7
Appendix A - Quick Intel Active Management Technology SetupIdentify If You Have an Intel vPro SystemSetup Intel AMT SystemConfigure a Browser to ConnectConnect and ExploreNotables
Summary