CTOlabs.

com

White Paper: Leveraging Hardware Design to Enhance Security and Functionality

June 2011
A White Paper providing context, tips and strategies designed to dramatically enhance the security and functionality of your enterprise.

Inside:

An Introduction to vPro Trusted Execution Technology (TXT) Theft Protection

CTOlabs.com

Leveraging Hardware Design to Enhance Security and Functionality

Executive Summary
The implementation of open standards and security protocols in hardware is providing a new foundation that enterprises can make use of to dramatically enhance the security and functionality of their information technology. But many organizations do not know of the significant benefits that can be gained by leveraging these capabilities, most of which are probably already in the hardware you have bought. Since todays advanced persistent threats exploit weaknesses that can be found in every layer of software, mitigating these threats requires full spectrum defenses that start with security features built into hardware. This paper provides information you need to know to enable these features in your enterprise.

Summary
Enterprise IT professionals have long sought increased means to automate management of their technology, especially when it comes to automation of security. Industry leaders have responded by establishing collegial standards bodies which help set systems management standards. The Distributed Management Task Force (DMTF), for example, is the leading industry standards group enabling more effective management of millions of IT systems worldwide. They bring the entire IT industry together to collaborate on the development, validation and promotion of systems management standards. The result: Firms like Intel Corporation are able to field DMTF implementations in hardware, resulting in enhanced security and functionality. Intels implementation of the DMTF standards is embodied in their vPro security suite.

An introduction to vPro
vPro technologies are implemented in the hardware and firmware of the Intel chipset in Intel Core 2 Duo computers and above which can provide everything from secure remote management to hardware-assisted virtualization to trusted execution of code (which ensures your systems are running the right code vice malicious software). Computers that do not have vPro technologies cannot tell whether or not they are running bad code. They simply compute whatever they are told. Computers

Leveraging Hardware Design to Enhance Security and Functionality

with vPro can take advantage of special chips that watch the computing on the primary chips and ensure the right/trusted code is being run. This provides a foundation of secure computing. The key capabilities of vPro are Active Management Technology (AMT) and Trusted Execution Technology (TXT).

Active Management Technology

Intels new processors provide an implementation of a DMTF standard called DASH for Desktop and Mobile Architecture for System Hardware. The open standards of DASH are easy for software vendors to build to. The result is hardware that can be securely remotely managed, enabling enterprises to ensure software stays patched and secure. Consider this scenario: in many of todays enterprises, computers are switched off at night to save energy. This is a best practice. But IT departments must have computers on to instal patches to operating systems or the many user applications that run on desktops. Current procedures are to instruct users to leave computers on when they need patching, which wastes energy and is also not optimal for the IT department since users must be involved. With AMT, computers can be left off, and secure codes can be transmitted to computers to wake them for patch instals. This method results in better patching and saves energy.

Trusted Execution Technology (TXT)

The Intel Corporations Trusted Execution Technology is instrumental in detecting and preventing malware from running on computers. It works like this: At boot time, the computer checks the validity of the configurations against stored configurations in protected memory in the processor. If they two dont match, then it can be safely assumed that some tapering has occurred. IT is notified and the computer is automatically turned off (unless IT wants to monitor the malicious behavior). TXT also takes a similar approach to encryption key management. The keys are encrypted within hardware, but will only be decrypted when the environment is the same as when the keys were first deployed and encrypted. This prevents key theft and exploitation. And the IT department can manage the keys as they desire. TXT also allows for increased protection with both the display and input of data to a system with TXT-

CTOlabs.com

enabled software. For example, USB keyboards can be configured to have encrypted communications with the system, which will mitigate the ability of keyloggers to capture data. And software applications can be developed using more secure systems calls to the computer display, preventing other applications that might sniff internal communications from stealing sensitive information.

Theft Protection
Theft protection is provided in vPro by enabling the out-of-band communication capabilities builtin the to vPro system. This can alleviate fears about stolen laptops and desktops. IT departments can enable a secure, known only to the enterprise, poison pill. The poison pill is a code that can be sent remotely by system administrators from an asset management console to the device to render it inaccessible and useless by deleting encryption keys and disabling key boot processes. This code can be sent via wireless 3G, wired, WiFi, or SMS to the target device. When the poison pill is sent, the target computer a variety of actions can be kicked off. Different conditions can be set for the computer to activate its theft mode locally as well, such as a specified number of login failures, or failure to check in with the remote server after a designated time interval.

Enabling Security Outside the Boundaries

Any organization that has people working outside their firewall has a need for enhanced hardwarebased security. Todays workforce includes teleworkers, telecommuters, and field workers all enabled by computers that must communicate with the enterprise. By setting up secure methods of communicating with enterprise networks, enterprises can better enhance their overall security posture and plug major entry points of malicious code. vPro enables device communication with gateways in ways that ensure only proper devices (that are properly configured) can get in. These devices will attach using highly secure encrypted communications with roaming security tunnels.

Leveraging Hardware Design to Enhance Security and Functionality

Providing Fast, Powerful Encryption

Data loss prevention and the ability to ensure data is not changed requires encryption solutions. In the past, enterprises were hesitant to implement full spectrum encryption of data at rest and data in motion because of the overhead costs, requirement for continued management attention and challenges with key management and the processing power required for encryption. With vPro, encryption capabilities are enhanced with AES (Advanced Encryption Standard, the best form of encryption) available on the chip. vPro speeds the process of encryption and decryption.

The Most Significant Adversaries Attack the BIOS.

The computers BIOS is the place where special startup codes are held (BIOS stands for Basic Input/ Output System). If this area is attacked then malicious code will start when your computer boots. This causes a system to boot into a state where the IT department will have a very hard time detecting whether it is infected with privacy stealing code or owned by an adversary. Use of vPro technologies ensures that computers boot from a BiOS that is known and trusted. This attestation is critical to providing a secure foundation and booting in a safe state.

What You Need To Know About vPro

vPros use of open standards and well defined protocols enables a foundation of hardware security that enhances the entire security ecosystem. With vPro you get: Protected BIOS Only good software runs (no malicious code) Enhanced remote management and patching Enhanced secure communications with remote users Faster, full spectrum encryption More holistic security

CTOlabs.com

Next Steps
Ensure your hardware has security coded in. And ensure your security team, integration partners and software tools are ready to leverage these advanced security features. Doing so will significantly enhance your security posture while enhancing user functionality. Not doing so will leave you open to the threats that challenge your enterprise.

For more on vPro see: http://www.intel.com/itcenter/topics/security/

CTOlabs.com is a technology research, consulting and services agency which focuses on firm. Crucial Point LLC focuses on the national security sector and the technologies required to enhance the security of the nation. Visit Crucial Point LLC online at http://crucialpointllc.com

Leveraging Hardware Design to Enhance Security and Functionality

About the Author

Bob Gourley is the founder of Crucial Point, LLC and CTOlabs.com, a provider of technology concepts, vendor evaluations and technology assessments focused on enterprise grade mission needs. Mr. Gourleys first career was as a naval intelligence officer, which included operational tours afloat and shore. He was the first J2 at DoDs cyber defense organization, the JTF-CND. Following retirement from the Navy, Mr. Gourley was a senior executive with TRW and Northrop Grumman, and then returned to government service as the Chief Technology Officer of the Defense Intelligence Agency.
Bob Gourley

Mr. Gourley was named one of the top 25 most influential CTOs in the globe by Infoworld in 2007, and selected for AFCEAs award for meritorious service to the intelligence community in 2008. He was named by Washingtonian magazine as one of DCs Tech Titans in 2009; and one of the Top 25 Most Fascinating Communicators in Government IT by the Gov2.0 community GovFresh. He holds three masters degrees, including a master of science degree in scientific and technical intelligence from the Naval Postgraduate School, a master of science degree in military science from USMC university, and a master of science degree in computer science from James Madison University. Mr.Gourley has published more than 40 articles on a wide range of topics and is a contributor to the book Threats in the Age of Obama (2009). He is a founding and current member of the board of directors of the Cyber Conflict Studies Association, and serves on the board of the Naval Intelligence Professionals, on the Intelligence Committee of AFCEA, and the Cyber Committee of INSA.

For More Information

If you have questions or would like to discuss this report, please contact me. As an advocate for better IT in government, I am committed to keeping the dialogue open on technologies, processes and best practices that will keep us moving forward. Contact: Bob Gourley bob@crucialpointllc.com 703-994-0549 All information/data 2011 CTOLabs.com.

CTOlabs.com