Intel Secures Laptops with Anti-Theft Technology

The security risks of a mobile workforce are an important concern for any business, especially those dealing with confidential documents. Common procedures range from standard login routines, data encryption and online tracking, and, in extreme cases, notebooks are permanently tethered to the workplace. This last solution defeats the purpose of a mobile computer, but for those notebooks that do make it out of the office, security has to be tight.

Related costs involved with theft or loss of notebooks far exceeds just the physical cost of the unit itself. The data on the laptop can be far more valuable, especially with confidential information in both government and corporate environments. The potential security risks of someone analyzing the stolen notebook and finding out your security codes and procedures is high.

There are the different types of security protocols, with three primary levels used for safeguarding a mobile device like a notebook. The first is obviously the physical security of the hardware itself, such as using a locking mechanism on the notebook or case, as well as more sophisticated options like alarm systems.

The next level goes even deeper into the data itself, so that if the mobile device does fall into the wrong hands, the information it holds will be difficult to compromise. Data protection methods such as passwords or encryption are common strategies, and help protect mobile devices from thieves. The third security level physically tracks the notebook, requiring it to be initialized to a server on a regular basis or countermeasures can be launched remotely.

Intel's Anti-Theft Technology With vPro

Although all 2010 Core processors technically include Intel Anti-Theft technology, the vPro business platform and corporate infrastructure offers the bells and whistles to make full use of it. Intel vPro incorporates many remote management, configuration and security procedures all under one umbrella.

Intel's AT (Anti-Theft) technology is an intelligent form of protection for your mobile PC, and includes multiple features designed to curtail the theft of both the physical notebook and the data it carries. The Intel AT found in vPro processors is all about creating multiple layers of security around portable computers.

The key element is that Intel AT is built directly into the processor and chipset, which supplies an extra blanket of security compared to software-only solutions, while offering an innovative mix of hardware, software and remote tracking security. The Core processor is the hub of Intel AT, and with this function built into the "brain" of a notebook, it helps stop any basic hardware deactivation hacks that may be attempted.

These tricks include installing a parallel operating system, changing the boot order of storage devices or even the re-imaging of a hard drive. A portion of the encryption key resides on the physical chipset, ensuring that an encrypted hard drive cannot simply be moved to another PC and accessed.

If a notebook turns up missing or stolen, the Intel Core processor can engage "theft mode" and halt all processing tasks, including the system boot up, making sure that popular software hacks will not be able to work with an active system. This functionality is built into the hardware and can be enabled locally, so it does not require online or remote triggers to work.

Standard security measures such as a login and password prior to booting also exist, as well as the option to delete the encryption key if a safeguard fails. If a local rendezvous timer is enabled, and then not linked up to the theft management server before it runs out, the notebook will be locked down. Since this is also a local security measure, it counters the "just don't go online" strategy of many notebook thieves.

There are also online safeguards in place, and when a notebook is started up, it can be configured to synchronize with a database when connected to the Internet using a LAN or Wireless LAN connection or through a 3G network. If a notebook is reported stolen or fails the IT security policy, it is flagged at the server level and a "poison pill" is sent to the notebook to halt the boot process and immediately delete or disable encryption keys.

All of this is performed prior to booting up, so there is no chance of hackers invading at the operating system level. Intel AT can effectively "brick" a PC and since it is a hardware solution at its base, even breaking apart the notebook for parts could be problematic for the thieves. Anti-Theft technology also works independently of Trusted Platform Module (TPM) and Active Management Technology (AMT), so neither has to be active when enabling Intel AT.

Not all missing notebooks are stolen and many are simply left at airports or in taxi cabs, and Intel AT also supports displaying a custom message when a notebook enters theft mode, such as a phone number to call, all of which assumes the person finding it is honest.

Intel AT makes recovering a lost PC easier, as it decreases the time and effort needed to reinitialize a notebook to the corporate fleet. The process is quite simple, and a recovered notebook can be reactivated using a local user-entered passphrase, a server-generated reactivation token or an SMS message sent over a Secure 3G network. Additional and more flexible procedures can be added to the policy, such as biometric authentication and the use of password combinations.

That is not to say Intel vPro and AT does not have their detractors, with many calling it a "Big Brother" technology that can not only be used to track a notebook, but the user behind it as well. By its design, outside security access necessitates a stealth approach, but critics contend that this could be used to monitor all notebooks on the server, regardless of their status.

Intel vPro is also not a free technology, and the base hardware around the platform will be more expensive than a standard Core processor and baseline motherboard. Intel counters the higher prices with costs savings associated with the enhanced management, security and power saving technologies, along with decreased support costs. For those companies with critical data, going with a standard system instead of Intel AT-enabled notebook could cost more in the end.

Software Drives Intel's Anti-Theft

The exact scenario of what occurs in the event of a lost or stolen notebook is dependent on the IT policies set up at both the local and server level. The IT head can devise a specific mobile policy for Intel AT, assigning values such as the number of logins before failure, the hardware time interval between synchronization with the theft-management server, the type of "poison pill" used, and the overall level of encryption safeguards.

It could be a hard-line policy whereby a constant link between the device and the network has to be maintained or all access to the notebook will be disabled. Alternatively, for remote workers, less stringent policy settings could entail a daily server check and less severe penalties for a mistyped password.

One of the big promises of Intel's Anti-Theft technology is its capability to blend in with the software to create a multi-level security scheme. This is done already with the Intel AT software interface and device tracking services, but Intel and Symantec recently announced partnership to provide remote monitoring tools.

The Symantec Altiris Client Management Suite covers all levels of the Intel vPro management features, including security. There are other similar products like Novell's ZENworks 11, which supports the enhanced remote management and security features, and Intel even announced vPro technology will launch the first Virtual Retail Salesperson (RSP) in a mall in Malaysia.

The next-generation of Sandy Bridge Core processors will also include vPro and AT technology, with some enhancements in terms of security. These processors will be available in the first quarter of 2011 and will offer an upgraded version of vPro, including Anti-Theft (AT) 3.0. These show a definite evolution in portable security, and include additional methods of disabling lost or stolen notebooks and higher levels of system authentication.