Intel vPro/AMT Security Considerations - eviltoast

I’m new to the selfhosted/homelab space and eyeing a used Dell Optiplex Micro system to experiment with. The unit has an i5-8500T and appears to support Intel vPro/AMT for remote management and KVM. This is interesting to me as I may not want to have a monitor and peripherals permanently connected. After substantial searching, most of the documentation and discussions on this topic are aimed at people with a deeper background. I believe I can figure out how to set it up, but I couldn’t find straightforward answers to these security questions:

-I only want to use this for KVM while at my home. It seems like a security risk if this functionality works over the internet rather than just LAN. Is this actually the case, and if so, can it be set to LAN-only?

-Since the machine had a prior owner, is it advisable to reset the BIOS or somehow clear out potential vPro settings from the previous user?

Thanks for any help you can offer!

  • joshuarupp@artemis.camp
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    I use MeshCentral running on Debian on a small VM and then I access MeshCentral through the Web UI. If you have any Raspberry Pi’s laying around that aren’t being used, it would be a great candidate for that type of setup.

    • computergeek125@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Thank ye much.

      If it runs on a pi I can probably make a small VM for it without over angering the VMware HA capacity alarm.