This month our newsletter focuses on data encryption in Microsoft’s products and services. Encryption is typically used when you want a strong level of protection for your information. When it comes to the application of encryption, there are essentially four types of scenarios:
At Microsoft, we are committed to using best-in-class encryption technologies when appropriate to protect the confidentiality of customer data, to maintain data integrity, and to help assure its appropriate availability. We use cutting- edge technologies to protect our customers’ data from being breached and improperly disclosed, both while the data is at-rest and when it is in-transit. To learn more about how Microsoft manages data encryption in its products and services, and how you can better product your organization’s data, please read on and check out the resources available.
 | | Best regards,
Tim Rains, Director
Cybersecurity & Cloud Strategy, Microsoft |
Have feedback on how we can improve this newsletter? Email us at
secnlfb@microsoft.comand share your ideas.
|
Security Tip of the Month: BitLocker Passwords Should Be Less Than 100 Characters
You can specify BitLocker passwords using the following methods:
| • | BitLocker Setup Wizard | | • | Manage BitLocker Control Panel | | • | Manage-bde command-line tool | | • | Windows PowerShell cmdlet |
When using either the setup wizard or the control panel the user interface limits passwords to 100 characters. The command-line tool and Windows PowerShell cmdlets, on the other hand, do not enforce that limit and passwords up to 256 characters can be specified. However; if a password is specified that is greater than 100 characters, BitLocker truncates the password to the first 100 characters. If you attempt to use the longer password to unlock the drive, you will receive the error message: "The password you typed is not correct" and will be asked to provide your recovery key to unlock the drive.
Resolution? Specify passwords that are 100 characters or less to avoid encountering this issue. If you have used a longer password, after unlocking the drive using the recovery key go to the BitLocker Control Panel and set a new password that is 100 characters or less.
BitLocker Planning and Policies
BitLocker helps prevent unauthorized access to data on lost or stolen computers by encrypting the entire Windows operating system volume and any associated data volumes, and by verifying the integrity of early boot components and boot configuration data. Learn how to prepare for BitLocker deployment in your organization. Once you’re ready to deploy BitLocker, check out these resources:
Choose the Right BitLocker Countermeasure
Find out how to protect your Windows 7, Windows 8, and Windows 8.1 PCs from bootkits and rootkits, brute force sign-in, Direct Memory Access (DMA) attacks, Hyberfil.sys attacks, and memory remanence attacks.
Protecting Against Weak Cryptographic Algorithms
Learn how about the software update available for Windows 8.1, Windows 8, Windows 7, Windows Vista, windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008 that allows deprecation of weak cryptographic algorithms.
Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy
Find out how to create a two-tier public key infrastructure (PKI) hierarchy using Windows Server 2012 and Active Directory Certificate Services (AD CS).
SQL Server Encryption
Find out how to use encryption in SQL Server for connections, data, and stored procedures. Explore the encryption hierarchy in SQL Server, learn how to choose an encryption algorithm, and find information on how to help secure the SQL Server platform, and how to work with users and securable objects.
How to Encrypt Data for Windows Phone 8
Saving confidential data in a phone’s isolated storage is not secure. Encrypting the data will not increase the security if the decryption key resides on the phone, no matter how well the key is hidden. Learn how to encrypt and decrypt confidential data such as passwords, connection strings, and PINs in a Windows Phone app by using the Data Protection API (DPAPI).
Windows App Development: Encrypting Data and Working with Certificates
Learn how to encode and decode data, how to encrypt and decrypt data, and how to work with certificates.
How To: Azure Backup
Learn how to use Azure Backup to help protect important server data offsite with automated backups to Azure, where they are available for easy data restoration, and how to manage cloud backups from the familiar backup tools in Windows Server 2012, Windows Server 2012 Essentials, or System Center 2012 Data Protection Manager.
|
Microsoft Virtual Academy (MVA): Windows 8.1 Security
Learn about core investments in security for Windows 8.1, including authentication, multifactor access control, pervasive encryption, and protecting corporate data in a "bring your own device" (BYOD) world.
MVA: Windows 8.1 To Go
Windows To Go is a full fidelity desktop that includes touch, virtualization technologies, secure connection via DirectAccess, and data encryption with BitLocker. Find out how to use Windows To Go to create a bootable USB that turns almost any PC into a secure Windows 8.1 corporate PC—without requiring network connectivity.
The Hybrid Cloud: A Balancing Act between Benefits and Security
Thursday, December 4, 2014 – 10:00 AM Pacific Time
Learn how to extend your datacenter to the cloud in a secure and automated way, how to secure your information in the cloud, how to manage security in a mix of private and public clouds, why a hosted private cloud can be the best solution for sensitive data and mission critical workloads.
|
