HP RP36000/3 ISS Technology Update, Volume 9, Number 4 - Page 4

HP ProLiant servers offer protection against stealthy, malicious code Server virtualization has raised data security concerns among IT administrators due to the elimination of physical separation of workloads in the data center. These concerns have intensified with the growing threat of malicious software attacks aimed at the hypervisor, BIOS, and firmware. To protect against these increasing and evolving threats, HP is adding hardware-based security technology to new ProLiant G6 and G7 servers with Intel® Xeon® 5600 series processors and is offering the technology as an option for select ProLiant servers already in the field. The technology, known as Intel® Trusted Execution Technology (Intel® TXT), complements anti-virus software and increases protection against such software-based attacks as well as malicious rootkit installations (See sidebar). Possible sources of malicious rootkit installations include rival governments, cyber terrorists, and organized crime. What is a rootkit? A rootkit is a collection of undetectable software components that a hacker can use to modify an OS for administrator-level access to a system. It is called a "kit" because its software components work collectively to achieve the desired invisibility and access permissions. Rootkit elements may perform some or all of the following: Alter a server's authentication system for backdoor access or elevated privileges. Modify the system logs to ensure that certain activities never get logged for evidence. Pretend to be normal system utilities so they exhibit normal behavior for regular users or display expected reports to system administrators. Intel TXT creates a Measured Launch Environment (MLE) that enables IT managers to compare a system's critical launch components against approved code during the boot and launch sequence. Intel TXT can detect any changes to the MLE through cryptographic measurements and then block the launch of code that does not match the approved code. Intel TXT establishes an optimal number of protected launch components called a ―root of trust,‖ which is difficult to defeat or modify. Intel TXT requires the following components: An Intel Xeon 5600 series processor and Intel TXT-enabled chipset1 Intel Virtualization Technology Authenticated Code Module (ACM) Launch Control Policy (LCP) tools Intel TXT-enabled BIOS and hypervisor or OS environment Trusted Platform Module (TPM) v1.2 HP offers the TPM microcontroller as an option kit for select ProLiant G6 and G7 servers which support Intel TXT. The TPM securely stores encryption keys, passwords, and digital certificates which can be used to authenticate the platform. It can also be used to store platform measurements that help ensure that the platform remains trustworthy. The TPM can be attached and secured to the system board with a rivet supplied with the module. Additional resources For additional information on the topics discussed in this article, visit: Resource URL Intel® Trusted Execution Technology white paper http://www.intel.com/Assets/en_US/PDF/whitepaper/323586.pdf HP Trusted Platform Module www.hp.com/go/TPM 1 All ProLiant servers that ship from the factory with Intel Xeon 5600 series processors will include an Intel TXT-enabled chipset. If you buy an Intel Xeon 5600-series processor option kit for a ProLiant server already in operation, refer to the server's QuickSpecs to verify that the chipset supports Intel TXT. 4