If you have not read Part 1 of this series, please read it first. This is a continuation of that story.
Antivirus is a must for any IT infrastructure. Without it productivity is quickly reduced as viruses run rampant in the environment. Keeping Antivirus installed and up to date is vital to ensure continuity of business services. In Part 2 the IT team for Mighty Modern Marketing is put up to the challenge of protecting their network from viral attacks. Using Symantec End Point Protection, Altiris and the Intel vPro technology, they work to ensure that the viral attack and subsequent virus attempts fall ineffective.
Mighty Modern Marketing HQ - Boston, Massachusetts
The commuter rail stretched out across the Charles River, but Jessica Langley didn't notice. Her eyes remained fixed upon the screen of her smartphone, scrolling through the emails that continued to pour in. The subject lines all contained the same word. Her shoulders hunched, feeling like a tremendous weight settled on them. She closed her eyes briefly, rubbing at them with her left hand, the PDA held forlornly in the right.
When she opened her eyes the word jumped up at her.
Virus.
This wasn't the first time this had happened at Mighty Modern Marketing. Viruses routinely showed up as email links or attachments, and it didn't matter how often she or Tevita sent out stern emails reminding people to leave email attachments and links alone unless they were expecting them. People continued to click that link to see the latest movie trailer, or to run the fun and exciting application their aunt or long-lost friend mysteriously sent them from out of the blue.
This time was worse. She'd painted a large red X on her by pushing the Intel vPro technology, and now it seemed everyone stared at her when anything ill befell the network.
She jumped to her feet the moment the train stopped, snatching up her purse and bolting for the nearest door. As she ran down the platform towards the exit of North Station, others gave her curious looks. She smiled briefly. Normally people ran towards the train to avoid missing it. She often saw them frantically running in high-heels or other dress shoes towards a departing train when the work day was over. Who wanted to run into work?
As she staggered into the main lobby at work, glad for the cool air that greeted her, she vowed to start exercising. She hurried through the building.
"I'm glad you're here early," Tevita said in his deep voice as she fell into her chair. "We're in trouble."
"I noticed," she said in-between deep breaths. "What's the situation?"
"I'm not sure, but somehow a virus was planted on a new system as it came online. It appears deliberate."
"But... we have Symantec End Point Protection (SEP). It should keep everything out..."
Tevita smiled, though his eyes shifted to his own monitor, his shoulders shrugging uncomfortably. "Yes... about that. You see, the base image hasn't been updated yet to include that..."
Jessica stared at him.
He waved a hand at her. "I know, no need to look at me like that. That's what I've been doing; recreating the image so it's there from the get-go."
She tried not to groan. "So how widespread is it?"
He laughed, though no humor made it into his tones. "All over the place. They used a vulnerability in one of Bobby's applets to spread it. Of course the first thing it did was disable the antivirus. If SEP had been installed it has protection against... Anyway, those systems without SEP are all hit."
Tevita's eyes glanced up, and widened. Jessica whirled to see Bobby walking up, his hands shoved in his jean pockets. He stared at the floor, his mouth moving as if he counted his steps.
"Bobby?" she inquired.
He looked up, looking like a boy lost out in the desert.
"It got through my firewall!" he exclaimed, extracting his hands so he could ball his fingers into fists. "It shouldn't have been able to do that. I can't even use IM."
Tevita gestured to an empty chair. "Have a seat."
Bobby slumped into the chair. "Whoever sent us this thing knew what they were doing," he said with a scowl. "The cursed thing used UNC to move about the network. Only someone with intimate knowledge of our network could do that. It has to be New Nifty Networks!"
"Do you really think...?" Tevita began.
"Bobby," Jessica said quickly. "Have you fixed the vulnerability?"
"How can I?" he lamented. "It jumped from computer to computer, and with mine infected I quickly turned it off. I need your to help me get that virus off so I can patch the applet."
Tevita smiled. "You actually walked over here."
Bobby looked up, his frown deepening. "Yeah? So?"
"It's unprecedented... You usually stay in your cave, even during power outages. Does it make you nervous to enter the world of real people?"
A flush bloomed on Bobby's sunken cheeks. "Not everyone's as social as you.",
"You should stop by more often so..."
"So you can ridicule me?" he retorted.
"Guys," Jessica said, rolling her eyes. "Focus here. Bobby, do you have one of the new vPro systems?"
"Yes, of course," he responded, "I always get the latest hardware from procurement."
"Hey, why don't I see any of it?" Tevita blurted.
Jessica ignored him. "Good," she responded to Bobby as she turned back to her computer. She launched the Altiris Console. "If you have one, it should already be provisioned. Let's check the All Provisioned Computers collection... is this yours?"
"No, my computer is named Superman."
Tevita laughed, and Bobby managed to turn an even more alarming shade of red. Jessica kept her expression passive despite the twitch in her lips from a potential laugh. The computer name Superman showed in the list, and she double-clicked on it. She clicked on the Real-Time tab, entered her credentials, and loaded the Hardware Management page under the Real-Time System Manager, Administrative Tasks folders.
"I have a boot ISO of Symantec's Antivirus scan," Jessica explained as the hardware management page loaded. "I'll just turn on your machine but use IDE Redirect (IDER) to load the antivirus disk. We'll wipe the virus, and turn the system off."
"That's great," Bobby said as he shrugged his bony shoulders," except the minute you bring it back up the virus will propagate again."
Jessica smiled. "Not if I invoke a Network Filter."
"What's that?" Tevita asked, as if on cue.
"Tevita, we've covered this. It's the Intel System Defense. You know, block all traffic except to certain ports and IP Addresses. If you want to read up on it I'll email you the URL. Utilizing Intel vPro AMT Technology with Task Server – Part 5: System Defense Tasks."
"System Defense!" Bobby exclaimed. "I read up on that technology. I created a script that provides a text interface where you can specify which ports you want to allow. I call the API's provided by Intel's SDK. It's great stuff."
"RTSM and Task Server already have it configured to only use communication to them," Jessica said, trying not to smile.
"Oh." Bobby cleared his throat as he pushed himself up onto his feet. "That sounds good. Do you need me to stick around...?"
She gave him a grin. "Just for a minute while I do this."
Bobby sat back down, but leaned forward, staring at her monitor. Tevita slid over, looking on with interest. She said a quick silent prayer that it would all work like she theorized it would.
She choose the 'Power on' radial option, and under the Redirection options checked the 'Perform boot from' checkbox. She also checked the 'Display task progress and remotely control computer' option. Under the device drop down she left it at CD image, and then click 'browse' and located the Symantec ISO. She lastly clicked 'Run Task Now'.
A new window popped up, showing the computer boot. It loaded the CD and a textual menu showed up giving her scan options. She initiated the scan.
"Looks like it's working," Tevita said.
Bobby nodded. "I had my doubts since I've been unable to ever get Wake-On-LAN to work across my router..."
"Wake-On-LAN packets don't get by any of our switches are routers," the Tongan responded. "I believe you're the one who recommended the network security scheme we use."
"I know, but Altiris did have an Altiris Agent mechanism to try and deal with it, but I couldn't get it to work in my environment. This vPro stuff sure made that easy. I didn't have to touch the router."
"That's the point," Jessica said with just a hint of exasperation in her voice. "Were both of you sleeping when I gave my presentation on vPro last month?"
Tevita smiled, tugging at his collar. "Have I ever mentioned I don't like PowerPoint?"
"Only twice daily. But I showed demos... oh who am I kidding? That's the last time I supply lunch before a presentation."
The two men exchanged glances with sheepish grins, and then focused back on the screen. She looked back to the scan. It finished quickly, showing the virus as detected and quarantined. She closed the remote window and clicked on the Network Filtering node under Administrative Tasks in the Real-Time Console. She checked the 'Override default solution settings' checkbox and changed the radial selection to 'Filter network traffic other than to and from the Notification Server'. She clicked Apply. When the page finished refreshing it contained the message, "Machine was successfully moved into quarantine".
"Alright Bobby. I'll use the Power Control to boot your machine up so you can Patch your applet and install SEP. You head back and get it done ASAP. Once it's patched I'm going to mass-remediate all the vPro systems doing the same actions we just did except on a mass scale with Task Server."
Bobby jumped to his feet. "Sounds good. IM me if you need anything..."
"Except IM won't make it through the Network Filter," she responded dryly.
"Ah... yes. Well... you know where I am."
"Quick question, how long will it take you?"
"Less than an hour."
As Bobby walked away Tevita smiled hugely, some of his natural humor finally flowing back into his features. "He's a real gem."
"You should cut him some slack," she scolded.
"Bobby? I'm holding back, really I am. It's just too much of a temptation. He's classic nerd. But he is a master at what he does, so I'll be sure to keep it friendly."
"I'm reassured," she said, rolling her eyes for the third time that day. She then gave him a sly smile.
"What?" he said, his smile drooping. "You have that look."
"Regardless of blame, even though you should have updated the image weeks ago to include Symantec Endpoint Protection so I blame you for this mess, I need you to create a CD out of the Antivirus boot ISO and load SEP on a flash drive so you can manually remediate those systems without vPro."
Tevita swallowed. "Hey, we've had a pretty busy workload..."
She softened her look. "I know, sorry. Anyway... when you get to each system, yank the network cable, use the ISO to clean the virus, then load SEP, and then put the cable back in. I'd even suggest making several copies so you can do a handful at a time. And here's a printout of all non-vPro systems."
Tevita took the printout and nodded. "I'm on it."
Jessica focused back on the Altiris Console after Tevita left clutching ten copies of the ISO and SEP installer. She browsed under Manage, Jobs, Tasks and Jobs, right-clicked on Jobs, and choose 'New Folder'. She right-clicked on the new folder and choose 'New > Task/Job'. In the resulting window she choose 'Server Job' under the 'Jobs' folder. The first element popped up a message from a VB script stating that an emergency procedure would fire in 60 seconds, and instructing the user to save all data. Her second task was a 'Boot Redirection Task' that booted up a modified ISO that automatically ran the scan and took any appropriate actions against detected threats. The third task invoked the Network Filter, allowing only NS and Task Server communication capability with the system. For the fourth Task she located the SEP install Tevita had made with Altiris Software Delivery Solution and put it into a Task Server Deliver Software Task. Finally she created the fifth and sixth tasks that removed the filter and invoked a reboot to finish the process.
She saved the job and selected her own system to test it.
"Mrs. Langley," a familiar voice prompted. Normally she caught movement in the mirror mounted on her flat panel monitor when someone walked up to her, but she'd been so focused that this time she started almost violently in surprise, whirling around in her chair.
Edgar Watts stood behind her, his hands conspicuously empty of printouts. Her first impulse was to point to her screen and tell him she had a plan with vPro to take care of the virus in a timely manner.
She rose to her feet, trying to place a polite and not strained smile on her face. "Hello Mr. Watts."
"Since my computer is down, I've been using my laptop to research the impact of viruses to corporations, specifically impacts to finances."
He frowned, briefly rubbing a forefinger along his jaw. He didn't immediately continue, his vexed expression seeming to say he was seeing those numbers again and loathing what he saw.
"We're working on it," she said, trying not to sound defensive.
"I know," he responded. "I'm astounded at the amount of this company's hard-heard cash flow flowing down the drain."
"We'll have your and all vPro enabled systems up within the hour," she said, forcing that smile to remain on her face."
"One hour?" he responded, looking down at his watch as his brow drew low over his eyes, almost like a thundercloud.
She braced for some kind of outburst, feeling sour in the pit of her stomach. It seemed like her stomach wanted to remain clenched, and she couldn't relax the muscles in her shoulders. What more could she do? She often woke in the middle of the night, her sleep-clouded mind immediately whirling through all the issues she needed to address immediately. She needed to prove vPro, identify and eliminate any threat from their nefarious competitor, keep Edgar's expense-cutting knives away from her department, and still find enough time to enjoy time with her husband. Lying awake at night, trying to will herself to sleep, got old fast. Two days ago her husband had recommended quitting.
That seemed wrong. She'd never given up on anything in the past, and she didn't want to give up on this now, especially when all of Mighty Modern Marketing needed her at this critical time.
When Edgar looked back up from his watch he smiled, a rare sight that stilled her thoughts, her breath catching in her throat.
"All vPro capable systems, you say?" he asked.
"Yes sir," she responded after a moment of stunned silence.
"I came down to wish you luck, but perhaps you don't need that luck after all. Good day, Jessica."
He turned around and walked away, and she stood and stared at him. She almost chuckled, but she still felt too emotionally invested and she just might break down and tear up. She slowly sat back down, staring at the Altiris Console. With renewed vigor she tested her job, made a few tweaks to the command-line of the rollout job, and then brought up a Run Now window, selecting All Provisioned Systems. Her mouse hovered over the Run Now button.
"Come on Bobby," she whispered. The few minutes before the IM popped up declaring "Applet is patched" seemed like an eternity.
She clicked the Run Now button.
She got up and took a quick water break, grabbing a drink and throwing it down as if a shot in a drinking contest. She didn't want to return to her desk. What if it failed on most systems, especially the executive team's? What if she hadn't accounted for different hardware platforms in her job? What if?
She squared her shoulders, throwing off the 'what if' game. She walked resolutely back to her desk and sat down, refreshing the job.
Ninety percent success rate brought a smile to her lips.
For the next few hours she used RTSM to connect to and patch those systems where the Task Server job failed for whatever reason. Most she could figure out the issue by using RTSM, aided by the article, Utilizing Intel vPro AMT Technology with Task Server - Part 5: System Defense Tasks since RTCI was the component that executed most Task Server and RTSM commands against AMT.
Toward the end of the business day she leaned back. All vPro capable systems, a good 75% of the environment, was patched. Just as she shut down her computer Tevita showed up. His natural good humor managed to put a smile on his face. His long-sleeved dress shirt had the sleeves rolled up, his tie loose and top button of his collar undone. Sweat glistened on his forehead, remnants of computer dust bunnies streaked on his hands and forearms.
"Hi!" she said, unable to keep from smiling in amusement at him.
"Let me guess," he said, his smile twisting a little, "you've managed to patch all vPro systems."
"Yes," she responded, putting her purse back down on her desk. "How's the other systems coming?"
"I'm... uh... half done."
She nodded, picking up her phone. "Tevita, give me just a moment. Hi, Rob? I'm fine, though it looks like I'll be here a while. It's mostly under control, but we have a few more systems to fix. I know, I'm sorry. I'll see you later tonight, honey. Love you too, bye."
"What are you doing?" Tevita asked, frowning.
"We need to finish up, right?"
"Well... yes. But you don't really have to..."
"I'm thinking your wife wants to see you at least some time tonight. I'll take the third floor, you finish up the second, and the last one done has to bring donuts tomorrow."
Tevita looked relieved. "Deal. Thanks, Jessica."
Bobby walked up, a laptop case in his hands. "I'm heading out. Thanks for getting me back up so fast."
Jessica turned to him, her smile growing. "Bobby, we need your help," she said without preamble. "We have a few more systems to remediate..."
Bobby shook his head, his expression tightening. "No way, I have a Halo 3 party..."
"Bobby, you can't abandon us..."
Bobby looked down at the case in his hands. "Ah nuts! You don't know what this does to me. I'll lose my leader spot..."
"You'll make it up," Tevita said confidently. "If we get this done quickly imagine how impressed they'll be when you join late and still take the top spot."
Bobby's stricken look abated. "Yes. Yes, that would be impressive. Ok, I'll help."
Hours later Jessica left the building, running towards North Station to catch one of the late trains home, her shoulders feeling much lighter than when she'd rode in.
End Part II
Having minimized the damage of the first attack, the IT staff will continue to prepare in anticipation of more cyber attacks.
Altiris and Intel vPro Use Cases, Part 1: The Setup
Altiris and Intel vPro Use Cases, Part 3: Hardware