Initial Tiger Team Briefing New Dells with TPM

1
Initial Tiger Team BriefingNew Dells with TPM

• Peter Leight
• Richard Hammer
• May 2006

2
Overview of Trusted Platform Module (TPM)

• Hardware Chipset or Microcontroller
• Stores keys, passwords, or certificates
• Information stored on chip not hard drive
• Improves data security
• Secure Applications Utilize TPM hardware
• Authentication
• Encryption

3
New Dell Laptops shipping TPM Capable

• Latitude D820
• Hardware Disabled
• Software Enabled, Possible Vulnerabilities
• Latitude D610
• Hardware Disabled
• Software Not installed

4
Current Security Posture

• Only Latitude D820s Deployed
• Clean Laptop Installs
• Defense-in-Depth
• Network Firewall Egress/Ingress Rules
• Checkpoint Integrity Personal Firewalls
• VPN Configuration / Firewalls
• IDS

5
Recommendations

• Tactical New IDS Rules
• Destination TCP/UDP port 10001
• TCP/UDP DNS Queries for wave.com
• Strategic Evaluation of New Technologies
• Hard Drive Encryption
• E-mail Encryption
• Authentication

6
TPM Future Possibilities

• Hard drive Encryption
• RSA Acceleration
• Boot Process Integrity
• Any Application can Access TPM Hardware
• E-mail Encryption
• Secure Deletion
• Document Management
• Authentication
• Multifactor
• Biometrics

7
Conclusion

• Our current network posture mitigates risks from
  the new Dell D820 TPM implementation
• Addition of new IDS rule will monitor to ensure
  our policies are effective
• Disk and e-mail encryption technologies must be
  evaluated
• TMP technology offers possible future security
  enhancements
• Continued Vigilance Required when dealing with
  new technologies!