mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-11-09 08:21:32 -05:00
Finish up the AMT and DASH section
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
3a9069e298
commit
e90a7c3740
@ -82,6 +82,22 @@ This excercise also achieves nothing to protect against a hypothetical scenario
|
||||
|
||||
### Intel AMT and AMD DASH
|
||||
|
||||
Another misinformation regarding CSME is that it is provides some kind of shady "remote management" system for your computer. In reality, this is the AMT component which only exists on Intel vPro CPUs. It is meant for IT teams to manage systems with technologies like Serial over LAN, Solarwind, etc.
|
||||
|
||||
Here are some facts about it:
|
||||
- You can disable it firmware settings.
|
||||
- Certain firmware allows you to permanently disable it by blowing an eFuse.
|
||||
- It is detectable. An easy way is to just go visit port 16992/tcp on your device.
|
||||
- To be extra sure, you can also run nmap to scan the port from a different device.
|
||||
|
||||
This is not a hidden thing at all, people have accidentally run into it on social media:
|
||||
|
||||
![Intel AMT](/images/intel-amt.png)
|
||||
|
||||
For attack surface reduction, you should absolutely disable it. With that said, don't let the scary claims about "remote management" spook you - if some sort of hypothetical backdoor actually implemented this way, it is not hard to detect. There are better ways to implement a backdoor as discussed above, and if you don't trust the CPU vendor you should avoid them as a whole, not just the vPro model.
|
||||
|
||||
Some people recommend buying AMD instead of Intel to avoid the possibility of having Intel AMT. However, they also miss a very simple fact that AMD has an equivalent technology for their Ryzen Pro CPU - AMD DASH.
|
||||
|
||||
### Restricted Boot
|
||||
|
||||
## Insecure Products
|
||||
@ -101,3 +117,4 @@ This excercise also achieves nothing to protect against a hypothetical scenario
|
||||
### Dell
|
||||
|
||||
### Lenovo
|
||||
|
||||
|
BIN
static/images/intel-amt.png
Normal file
BIN
static/images/intel-amt.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 513 KiB |
Loading…
Reference in New Issue
Block a user