Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2941 Discussions

vPro Technology Security

idata
Employee
1,470 Views

Hi there,

I see that vPro is very useful and might consider to purchase this technology along when purchasing my new workstation,but i have lack of understanding in the case where vPro allows remote dianogsis and repair on the computer, how does this work to ensure that all my sensitive/personal data such as files, drawings etc on the pc/hard drive is protected from being stole, view, copy etc from the person who helps repairs/diagnose the workstation remotely.

Thank you : D

0 Kudos
3 Replies
idata
Employee
464 Views

Intel(R) AMT includes several features that provide security for your data. For example, you can define a specific user account that has full rights to all "realms" and can to do remote repair. Other users can be restricted to specific realms such as General Info, Event Log Reader, etc. You also have the capability to define a special Audit user that can log into the Access Monitor (this can be used to trace the activity of the administrators using the redirection feature, for example). Some OEMs also restrict prevent some BIOS settings from being changed remotely.

The user with rights to do the redirection can, for example, boot to an Linux ISO image, mount the drives, and then map the drives to the remote technician's machine for running the dianostics and performing repairs. This is the same access that a typical system administrator has when he logs into your local machine to fix it. File by file encyrption can be used to protect sensitive data--for example, classified documents in encrypted PDF format will still be secure.

With Intel AMT 7, you can configure it in the "client control mode." This mode requires user consent to all redirection operations. You can withhold your consent if you don't trust the technician.

idata
Employee
464 Views

One of our engineers here added this:

I'd add that no one can access the system until it is setup and configured. In other words, you have to turn Intel AMT on. By default, it's off, so no risk. Also, User Consent works in Admin Control mode as well and can be forced on in MEBx.

0 Kudos
idata
Employee
464 Views

Hey Steve,

Thanks for providing the answers.

Now i have a better understanding of the technology.

Have a nice day!

0 Kudos
Reply