Intel AMT Features > System Defense > Detailed Description > Examples of Using System Defense

Examples of Using System Defense

In this example the management console has identified a system as possibly infected with a worm and therefore restricts the system so that it can communicate with only one subnet.

1.  The management console defines an INSPECTION AND REPAIR System Defense policy (priority 99). In this policy, network traffic is limited to the inspection and repair subnet (192.168.1.*).

2.  The management console defines several Rate Limit filters. For each filter, a PET is defined that will be sent to management console if  one of the following occurs:

   If the number of SYN packets sent from the host is greater than 1000 per second

   If the number of ICMP (ping) packets sent from the host is greater than 500 per second

3.  The management console receives PET messages indicating SYN or ping attacks.

4.  The management console places this host in the inspection and repair subnet by applying the INSPECTION AND REPAIR System Defense policy.

5.  The management console opens a trouble ticket for an operator to inspect and repair this host.

6.  A technician receives the trouble ticket, repairs the host, and marks the trouble ticket as completed.

7.  The management console is notified that the trouble ticket is closed and deactivates and disables the INSPECTION AND REPAIR System Defense policy.

See Also:

   Create a System Defense Policy

   Examples of Using System Defense with Agent Presence

Copyright © 2006-2022, Intel Corporation. All rights reserved.