IBM's Embedded Security Subsystem

eLiu

Diamond Member
Jun 4, 2001
6,407
1
0
Hey all,
I was wondering how IBM's Embedded Security Subsystem works...and if it's worth setting up for a home/college user? The information on the website really doesn't offer much in the way of specific details, and I was wondering if anyone here could enlighten me.

I own a new T42; I'll be taking it up w/me to college where I'll be maintaining a filesharing network w/my desktop. I'll use my school's wireless access to get internet on the laptop. Not sure if that is of any significance...

Thanks,
-Eric
 

WackyDan

Diamond Member
Jan 26, 2004
4,794
68
91
Originally posted by: eLiu
Hey all,
I was wondering how IBM's Embedded Security Subsystem works...and if it's worth setting up for a home/college user? The information on the website really doesn't offer much in the way of specific details, and I was wondering if anyone here could enlighten me.

I own a new T42; I'll be taking it up w/me to college where I'll be maintaining a filesharing network w/my desktop. I'll use my school's wireless access to get internet on the laptop. Not sure if that is of any significance...

Thanks,
-Eric

Eric,

I'll respond later... I have a flight to catch of all things. I work with the ESS quite a bit.

It's full functionality is not ideal for a home/consumer level user, but there are some features you might be interested in... namely the Password Manager application.

More later.
 

eLiu

Diamond Member
Jun 4, 2001
6,407
1
0
Originally posted by: WackyDan
Originally posted by: eLiu
Hey all,
I was wondering how IBM's Embedded Security Subsystem works...and if it's worth setting up for a home/college user? The information on the website really doesn't offer much in the way of specific details, and I was wondering if anyone here could enlighten me.

I own a new T42; I'll be taking it up w/me to college where I'll be maintaining a filesharing network w/my desktop. I'll use my school's wireless access to get internet on the laptop. Not sure if that is of any significance...

Thanks,
-Eric

Eric,

I'll respond later... I have a flight to catch of all things. I work with the ESS quite a bit.

It's full functionality is not ideal for a home/consumer level user, but there are some features you might be interested in... namely the Password Manager application.

More later.

Excellent...thanks man :)

-Eric
 

WackyDan

Diamond Member
Jan 26, 2004
4,794
68
91
I just got in.

You enable the security chip through the bios. It may already be enabled, though the bios also will give you the option to clear it which won't harm anything seeing as you are not using it currently.

You will also need to head on over to IBM.com and download the CLient Security SOftware(CSS) and some other pieces of software to make this thing work right.

So Download the following:

1. Atmel Driver
2. SMBus Driver
3. CSS(Client security software) -latest version.
4 Password Manager - found further down the page.
5. File and folder protection... Download.. but don't install this one.. .We'll talk more later....

You essentially install in that same order. A reboot after #1 and #2 is recommended.

The Chip and CSS can do many wonderful things... but the software/interface is a bit clunky.

The basic function it provides is extra layers of authentication to the local machine.

It can encrypt local data either by manual interaction with that data or you can automate that by folder. I don't recommend this - Unless you fully understand some of the risks you take with encryption, and understand the methods to safeguard your keys, then I would stay clear of this.

It can provide password management in the form of single log on for all your web sites and applications that require a user id and or password. -function of password manager and highly recommended.

It can support specific smart cards, biometric readers, RF badges, RSA Token replacement, Tivoli Access Manager, and more. IBM will be installing a silicon based built in reader on the new refreshed T series in October. The ESS with the IBM CSS helps make these single solutions even more secure and can tie their different functionalities together.

It's a Enterprise class solution that really isn't ideally used in a consumer space.

I've been running this software since it was in beta, and every version since then. I can't stress enough that this solution is a RTFM -read the f'in manual experience. If you screw up with the ESS/CSS combo - it's very much like screwing up with Microsoft's EFS as noted at the top of the OS catagory here at AT.

I would be more than happy to walk you through it in more detail including some phone coaching. It is neat... it works. The ESS will not prevent your laptop from being stolen though.... It will prevent unauthorized access to you system and data. - after-all 70% of all data theft and tampering happens locally at the machine.

I use it with a Targus PCMCIA finger print scanner and never wanna think about using a laptop without it again.

While you can use biometrics without the embedded chip, it's not as secure. Your fingerprint, digital certificates, wireless certificates, and encryption keys get stored on the chip itself, so no one can rever them from the hard drive as they are not there. * You are allowed to create a key archive for all anrolled users and the admin - burn to disk or store on a secure network resource--->you'll thank me later. :)

I'll check back with you later. Ask any questions you might have.
 

WackyDan

Diamond Member
Jan 26, 2004
4,794
68
91
Originally posted by: jdiddy
Wow thanks for the great info!!!

Oh.. there's much more.... IF you have any questions on the interface, let me know. Setup can be cryptic even though they have a wizard installer.
 

eLiu

Diamond Member
Jun 4, 2001
6,407
1
0
okay, I'll read through the documentation probably on sunday or monday--busy weekend (getting ready to move to college).

Thanks for the help :)
 

shah456

Senior member
Mar 24, 2004
484
0
0
www.irepairworks.com
That is awesome man, I know have a basic understanding on the concept. I will read more on it and begin using it. I really like the whole security issue for college.
 

WackyDan

Diamond Member
Jan 26, 2004
4,794
68
91
Originally posted by: shah456
That is awesome man, I know have a basic understanding on the concept. I will read more on it and begin using it. I really like the whole security issue for college.

Keep in mind that the only way the chip will benefit you in a wireless environment is if you are working for a large enterprise company, using some sort of radius server or at least a cisco environment.