| | | | Trustworthy Computing | November 2014 |  | | Microsoft Security Newsletter | | | | | | | | | | Welcome to November 2014’s Security Newsletter! | This month our newsletter focuses on data encryption in Microsoft's products and services. Encryption is typically used when you want a strong level of protection for your information. When it comes to the application of encryption, there are essentially four types of scenarios:
At Microsoft, we are committed to using best-in-class encryption technologies when appropriate to protect the confidentiality of customer data, to maintain data integrity, and to help assure its appropriate availability. We use cutting- edge technologies to protect our customers’ data from being breached and improperly disclosed, both while the data is at-rest and when it is in-transit. To learn more about how Microsoft manages data encryption in its products and services, and how you can better product your organization’s data, please read on and check out the resources available.
 | | Best regards,
Tim Rains, Director
Cybersecurity & Cloud Strategy, Microsoft |
Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your ideas. | | |  | | Top Stories |  |  | | | | Billions of Data, One Cybersecurity Report: SIRv17 Now Available
Understand the latest threat trends, recent shifts in cybercriminal behavior, the new techniques that are being used, and the malware families that are most prevalent—plus get actionable guidance to help you protect your organization and customers. Download Volume 17 of the Microsoft Security Intelligence Report (SIR).
Enhancing Cybersecurity with Big Data
Protecting the information of individuals and organizations from online threats remains an urgent priority so using big data tools and techniques to enhance cybersecurity is a natural development. Explore the new Microsoft-commissioned study to better understand how organizations are using big data to improve cybersecurity, and to get recommendations on how to address both the security and privacy concerns of big data solutions.
Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption
Microsoft is bringing encryption technologies currently available in Windows 8.1 and Windows Server 2012 R2 to older versions of our platforms. Find out how this will enable you to take advantage of the best cryptography already available in Microsoft’s most modern operating systems and servers when connecting to a cloud service or operating system that supports the encryption technology known as Perfect Forward Secrecy (PFS). Not familiar with PFS? Read Perfect Secrecy in an imperfect world for more information.
| | | | | Security Guidance | | | | Security Tip of the Month: BitLocker Passwords Should Be Less Than 100 Characters
You can specify BitLocker passwords using the following methods:
| • | BitLocker Setup Wizard | | • | Manage BitLocker Control Panel | | • | Manage-bde command-line tool | | • | Windows PowerShell cmdlet |
When using either the setup wizard or the control panel the user interface limits passwords to 100 characters. The command-line tool and Windows PowerShell cmdlets, on the other hand, do not enforce that limit and passwords up to 256 characters can be specified. However; if a password is specified that is greater than 100 characters, BitLocker truncates the password to the first 100 characters. If you attempt to use the longer password to unlock the drive, you will receive the error message: "The password you typed is not correct" and will be asked to provide your recovery key to unlock the drive.
Resolution? Specify passwords that are 100 characters or less to avoid encountering this issue. If you have used a longer password, after unlocking the drive using the recovery key go to the BitLocker Control Panel and set a new password that is 100 characters or less.
BitLocker Planning and Policies
BitLocker helps prevent unauthorized access to data on lost or stolen computers by encrypting the entire Windows operating system volume and any associated data volumes, and by verifying the integrity of early boot components and boot configuration data. Learn how to prepare for BitLocker deployment in your organization. Once you're ready to deploy BitLocker, check out these resources:
Choose the Right BitLocker Countermeasure
Find out how to protect your Windows 7, Windows 8, and Windows 8.1 PCs from bootkits and rootkits, brute force sign-in, Direct Memory Access (DMA) attacks, Hyberfil.sys attacks, and memory remanence attacks.
Protecting Against Weak Cryptographic Algorithms
Learn how about the software update available for Windows 8.1, Windows 8, Windows 7, Windows Vista, windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008 that allows deprecation of weak cryptographic algorithms.
Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy
Find out how to create a two-tier public key infrastructure (PKI) hierarchy using Windows Server 2012 and Active Directory Certificate Services (AD CS).
SQL Server Encryption
Find out how to use encryption in SQL Server for connections, data, and stored procedures. Explore the encryption hierarchy in SQL Server, learn how to choose an encryption algorithm, and find information on how to help secure the SQL Server platform, and how to work with users and securable objects.
How to Encrypt Data for Windows Phone 8
Saving confidential data in a phone’s isolated storage is not secure. Encrypting the data will not increase the security if the decryption key resides on the phone, no matter how well the key is hidden. Learn how to encrypt and decrypt confidential data such as passwords, connection strings, and PINs in a Windows Phone app by using the Data Protection API (DPAPI).
Windows App Development: Encrypting Data and Working with Certificates
Learn how to encode and decode data, how to encrypt and decrypt data, and how to work with certificates.
How To: Azure Backup
Learn how to use Azure Backup to help protect important server data offsite with automated backups to Azure, where they are available for easy data restoration, and how to manage cloud backups from the familiar backup tools in Windows Server 2012, Windows Server 2012 Essentials, or System Center 2012 Data Protection Manager.
| | | | | Community Update | | | | SQL Server Database Engine Security Checklist: Encrypt Sensitive Data
Use this checklist to confirm that encryption is used appropriately in your environment and to periodically audit your use of encryption with the SQL Server Database Engine. To review how you limit access to data in your organization and audit how users access information stored in Database Engine, see Database Engine Security Checklist: Limit Access to Data.
| | | | | This Month's Security Bulletins | | | | | | November 2014 Security Bulletins
| | | November 2014 Security Bulletin Resources:
| | | | | Security Events and Training | | | | | | Microsoft Virtual Academy (MVA): Windows 8.1 Security
Learn about core investments in security for Windows 8.1, including authentication, multifactor access control, pervasive encryption, and protecting corporate data in a "bring your own device" (BYOD) world.
MVA: Windows 8.1 To Go
Windows To Go is a full fidelity desktop that includes touch, virtualization technologies, secure connection via DirectAccess, and data encryption with BitLocker. Find out how to use Windows To Go to create a bootable USB that turns almost any PC into a secure Windows 8.1 corporate PC—without requiring network connectivity.
The Hybrid Cloud: A Balancing Act between Benefits and Security
Thursday, December 4, 2014 – 10:00 AM Pacific Time
Learn how to extend your datacenter to the cloud in a secure and automated way, how to secure your information in the cloud, how to manage security in a mix of private and public clouds, why a hosted private cloud can be the best solution for sensitive data and mission critical workloads.
| | | | | | | | | | | | | | | | | microsoft.com/about/twc | Trustworthy Computing | | | | | | | | This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
© 2014 Microsoft Corporation Terms of Use | Trademarks
Microsoft respects your privacy. To learn more please read our online Privacy Statement.
If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please click here. These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.
To set your contact preferences for other Microsoft communications click here.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA | | | | | | | | |
