Last month, we covered the top threats facing enterprise organizations and how to help protect against them. This month’s newsletter focuses on security guidance for data protection and, specifically, public key infrastructure (PKI), which many organizations have in place to support data protection and authentication.
If attackers successfully gain access to your organization’s PKI, this can expose your organization to serious risk. To help you design PKIs and protect this infrastructure from emerging threats, Microsoft IT, Microsoft’s IT department, has released a detailed technical reference document entitled “Securing Public Key Infrastructure.” Included in the document you will find guidance on:
Common vectors for PKI compromise
Planning cryptographic algorithms and certificate usages
Designing physical security
Implementing technical controls to secure PKI
Protecting PKI artifacts and assets
Monitoring PKI for malicious activity
Recovering from a compromise
If you are an IT professional and have a PKI running in your environment, I encourage you to download and read the paper—and consult the resources listed below for additional guidance. I hope you find these resources helpful.
Best regards, Tim Rains, Director Microsoft Trustworthy Computing
Have feedback on how we can improve this newsletter? Email us at email@example.com share your ideas.
Who Exploits Vulnerabilities: the Path from Disclosure to Mass Market Exploitation Vulnerabilities are weaknesses in software that enable an attacker to compromise the integrity, availability, or confidentiality of the software or the data that it processes. Learn why the parties that initially disclose vulnerabilities are not always the same parties that go on to develop and use exploits that take advantage of them—and what you can do to mitigate the risk rom exploits.
Best Practices for Securing Active Directory Download recommendations to enhance the security of Active Directory installations. Learn about common attacks against Active Directory, the countermeasures you can take to reduce the attack surface, and get recommendations for recovery.
TPM Platform Crypto-Provider Toolkit Download sample code, utilities and documentation for using TPM-related functionality in Windows 8. Subsystems described include the TPM-backed Crypto-Next-Gen (CNG) platform crypto-provider, and how attestation-service providers can use the new Windows features. Both TPM1.2 and TPM2.0-based systems are supported.
Public Key Infrastructure Design Guidance Before you configure a PKI and certification authority (CA) hierarchy, you should be aware of your organizations security policy and certificate practice statement (CPS). Explore your design options and find links to examples of policy statements if your organization does not currently have one.
Active Directory Certificate Services (AD CS) PKI Design Guide While Windows Server 2012 products provides a variety of secure applications and business scenarios based on the use of digital certificates, you need to design a public key infrastructure (PKI) before you can use those certificates. Check out this step-by-step wiki guide for guidance on everything from identifying your AD CS deployment goals to creating a certificate management plan.
Defense in Depth: Windows 8.1 Security See how Windows 8.1 addresses security as a whole system, one layer at a time with this seven-module course from Microsoft Virtual Academy. Explore methods of developing a secure baseline and learn how to harden your Windows enterprise architectures from pass-the-hash and other advanced attacks.
Office 365 Education Technical Overview Wednesday, July 16, 2014 – 1:00PM Central Time Better understand the technical tools and resources of Office 365 Education, and learn how to support the unique needs of your school without sacrificing identity management and other security and compliance measures. This session will also be conducted every Wednesday at this time in August.
Office 365 Education Deployment Overview Thursday, July 24, 2014 – 1:00PM Central Time Compare your Microsoft Office 365 for education deployment options and learn about the terminology and tools available to streamline your deployment. Topics will include networking, identity management, hybrid deployments, and synchronization. This session will also be conducted every Wednesday at this time in August.
This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.