David Chieu wrote: > Darren Reed wrote: > ... > >> And most importantly... >> >> How does someone disable the ME on the card when a >> security vulnerability in it is found? >> > Each Intel AMT device must be provisioned with at least one > username/password pair.
Is there a default username/password pair that allows remote operations without these being set by the host? Is the username/password stored on the NIC itself so that it will survive the NIC being moved from one system to another? How does it defend against being brute forced? .... (many more questions) > Additionally, AMT supports Kerberos v5 (RFC 1510). I'm starting to agree more with Scott, there's a lot more to this case than is normal for a fast track - it seems like the security questionaire would be appropriate given there is a username/password pair in the mix here, along with Kerberos support. > Not running Solaris, you can turn off ME from most of PC BIOS that > we've seen. There are some PCs where ME is not allowed to be disabled > at all from the BIOS which could be a security hole once a > vulnerability is found. However, this is beyond the scope of this project. Thus to turn the ME on/off, you need to reboot and press a magic key as the system comes up and go into a special AMT configure screen? There is no way to configure the ME from solaris by making a call into the BIOS? Darren
