Intel AMT Features > System Defense > Detailed Description

Detailed Description

System Defense is a set of capabilities that enables selective network isolation of Ethernet and IP protocol flows based on policies set by a remote management console. The targeted applications include Anti-Virus management frameworks and Intrusion Detection Systems (IDS). The System Defense capability is highly resistant to attack from mal-ware, and provides network isolation capabilities regardless of the operating state of the OS.

The following steps summarize how the System Defense feature works:

1.  The management console connects to Intel AMT over the network through a secure Out-of-Band channel. The management console sets System Defense policies used by Intel AMT to control the configuration of  Transmit and Receive (Tx/Rx) Filters.

2.  Intel AMT selects the Active Policy based on the policy precedence.

3.  Intel AMT activates the filters associated with the Active Policy.

4.  Each packet sent or received by client applications passes through the Tx/Rx Filters allowing the System Defense filters to isolate specific flows.

The following table describes the additional System Defense capabilities available in the different Intel AMT releases.

Intel AMT Release

Additional System Defense Capabilities

2.5

Environment detection to detect whether a platform is connected to a network outside the enterprise network.

3.0 – 9.5

(not including 4.x or wireless interfaces)

Heuristic system defense, which detects worms attempting to transmit rapidly to multiple platforms.

This feature was deprecated in release 10.0 and removed in release 12.0.

4.x

Default System Defense policies and a Policy Timeout option.

 

See Also:

   Network Isolation

   System Defense Policies

   Heuristic Policies

   System Defense Filter Types

   Processing Network Packets with System Defense

   Networking Packet Structures

   Environment Detection

Copyright © 2006-2022, Intel Corporation. All rights reserved.