Hi - I am with Intel, and I'm focused on the Intel vPro platform which includes Intel Active Management Technology.
I briefed through your post, and admittedly I may have missed some points due to the quick read through. However, I did find that you're missing some important information. Perhaps it's because the post was over 2 years ago. A few things have changed:
- Have you looked at Intel Security Center? See https://www.intel.com/content/www/us/en/security-center/default.html I find it absolutely amazing that product released in 2006 has minimal technical advisories which incidentally have all been address!
- Have more bugs that you'd like to submit, and possibly get paid for it? Check out Intel Bug Bounty Program at https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html. Isn't it wonderful that a top tier company is willing to be so transparent? That's sometimes a really hard find... Like a beautiful person you might be interested in, don't let them go ;-)
- When you configured Intel AMT wireless settings, did you set the Home Domain value? If set, and you're outside that domain (i.e. on the Internet), all Intel AMT ports are closed. Only an Intel AMT initiated outbound request will work. We called it Client Initiated Remote Access (CIRA) and it's an important found to some exciting items that are happen.
- Did you know that all Intel AMT communications require an authenticate and authorized request BEFORE any commands are sent or sessions started? Even better, if you configure it correctly, all communications are TLS 1.2 encrypted. (yeah, yeah - I know - what about TLS 1.3? We know, we're addressing that). Take a look at https://intel.com/implementamt - a lot of information linked off of that site.
- Did you know the Intel AMT over wireless requires Intel AMT to first be configured? Configuring Intel AMT sets a strong password on the administrator account (i.e. At least 8 alphanumeric characters, at least on special character, etc)
- Have you perused https://intel.com/implementamt? Don't know about you, but I highly encourage going to the source for factual truths.
- Have you checked out https://meshcentral.com ? Really good info there... you could setup your own friends and family IT administration capability. I did. It's cool
Oh - and I invite you view this latest LinkedIn posting - https://www.linkedin.com/feed/update/urn:li:activity:6590747566298791936/ - again, more factual truths.
If you'd like, follow me on Reddit at https://www.reddit.com/user/tccutler/
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Some guidance for you
Date: 2019-10-18 06:14 am (UTC)I briefed through your post, and admittedly I may have missed some points due to the quick read through. However, I did find that you're missing some important information. Perhaps it's because the post was over 2 years ago. A few things have changed:
- Have you looked at Intel Security Center? See https://www.intel.com/content/www/us/en/security-center/default.html I find it absolutely amazing that product released in 2006 has minimal technical advisories which incidentally have all been address!
- Have more bugs that you'd like to submit, and possibly get paid for it? Check out Intel Bug Bounty Program at https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html. Isn't it wonderful that a top tier company is willing to be so transparent? That's sometimes a really hard find... Like a beautiful person you might be interested in, don't let them go ;-)
- When you configured Intel AMT wireless settings, did you set the Home Domain value? If set, and you're outside that domain (i.e. on the Internet), all Intel AMT ports are closed. Only an Intel AMT initiated outbound request will work. We called it Client Initiated Remote Access (CIRA) and it's an important found to some exciting items that are happen.
- Did you know that all Intel AMT communications require an authenticate and authorized request BEFORE any commands are sent or sessions started? Even better, if you configure it correctly, all communications are TLS 1.2 encrypted. (yeah, yeah - I know - what about TLS 1.3? We know, we're addressing that). Take a look at https://intel.com/implementamt - a lot of information linked off of that site.
- Did you know the Intel AMT over wireless requires Intel AMT to first be configured? Configuring Intel AMT sets a strong password on the administrator account (i.e. At least 8 alphanumeric characters, at least on special character, etc)
- Have you perused https://intel.com/implementamt? Don't know about you, but I highly encourage going to the source for factual truths.
- Have you checked out https://meshcentral.com ? Really good info there... you could setup your own friends and family IT administration capability. I did. It's cool
Oh - and I invite you view this latest LinkedIn posting - https://www.linkedin.com/feed/update/urn:li:activity:6590747566298791936/ - again, more factual truths.
If you'd like, follow me on Reddit at https://www.reddit.com/user/tccutler/
Have a nice day!
#iamintel