From 9d3add4009ed5ea41a067e6d1b9db0562dc1b89f Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 16 Sep 2021 13:40:59 -0700 Subject: [PATCH] sync changes --- windows/security/TOC.yml | 4 +-- .../security/cryptography-certificate-mgmt.md | 5 ++- windows/security/hardware.md | 6 +--- windows/security/operating-system.md | 33 ++++++++----------- windows/security/threat-protection/TOC.yml | 2 +- 5 files changed, 20 insertions(+), 30 deletions(-) diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index 2dbd89eb75..91e70fb5b7 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -224,7 +224,7 @@ href: apps.md items: - name: Windows Defender Application Control and virtualization-based protection of code integrity - href: device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md + href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: Windows Defender Application Control href: threat-protection\windows-defender-application-control\windows-defender-application-control.md - name: Microsoft Defender Application Guard @@ -374,4 +374,4 @@ - name: Microsoft Bug Bounty Program href: threat-protection/microsoft-bug-bounty-program.md - name: Windows Privacy - href: windows/privacy/windows-10-and-privacy-compliance.md + href: /windows/privacy/windows-10-and-privacy-compliance.md diff --git a/windows/security/cryptography-certificate-mgmt.md b/windows/security/cryptography-certificate-mgmt.md index f5d63c9686..dbc385fefd 100644 --- a/windows/security/cryptography-certificate-mgmt.md +++ b/windows/security/cryptography-certificate-mgmt.md @@ -1,6 +1,6 @@ --- title: Cryptography and Certificate Management -description: Get an overview of cryptography and certificate management in Windows 11 +description: Get an overview of cryptography and certificate management in Windows search.appverid: MET150 author: denisebmsft ms.author: deniseb @@ -18,13 +18,12 @@ f1.keywords: NOCSH # Cryptography and Certificate Management -*This article describes cryptography and certificate management in Windows 11.* ## Cryptography Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. -All cryptography on Windows 11 is Federal Information Processing Standards (FIPS) 140 certified. FIPS 140 certification ensures that US government approved algorithms are being used (RSA for signing, ECDH with NIST curves for key agreement, AES for symmetric encryption, and SHA2 for hashing), tests module integrity to prove that no tampering has occurred and proves the randomness for entropy sources. +Cryptography in Windows is Federal Information Processing Standards (FIPS) 140 certified. FIPS 140 certification ensures that US government approved algorithms are being used (RSA for signing, ECDH with NIST curves for key agreement, AES for symmetric encryption, and SHA2 for hashing), tests module integrity to prove that no tampering has occurred and proves the randomness for entropy sources. Windows cryptographic modules provide low-level primitives such as: diff --git a/windows/security/hardware.md b/windows/security/hardware.md index cd3279e414..95ff8377ea 100644 --- a/windows/security/hardware.md +++ b/windows/security/hardware.md @@ -16,11 +16,7 @@ ms.technology: windows-sec # Windows hardware security Modern threats require modern security with a strong alignment between hardware security and software security techniques to keep users, data and devices protected. The operating system alone cannot protect from the wide range of tools and techniques cybercriminals use to compromise a computer deep inside its silicon. Once inside, intruders can be difficult to detect while engaging in multiple nefarious activities from stealing important data to capturing email addresses and other sensitive pieces of information. -These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. - -With Windows 11, we have raised the hardware security baseline to design the most secure version of Windows ever. We have carefully chosen the hardware requirements and default security features based on threat intelligence and input from leading experts around the globe, including our own Microsoft Cybersecurity team. - - +These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. | Security Measures | Features & Capabilities | |:---|:---| diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md index 07898bd0fd..c5141ef796 100644 --- a/windows/security/operating-system.md +++ b/windows/security/operating-system.md @@ -20,26 +20,21 @@ ms.technology: windows-sec Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. -Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11:

+Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11:

-| Security Measures | Features & Capabilities | Description | +| Security Measures | Features & Capabilities | |:---|:---| -| System security | Secure Boot and Trusted Boot | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.

To learn more, see [Secure Boot and Trusted Boot](trusted-boot.md). | -| | Cryptography and certificate management | Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets.

Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Windows offers several APIs to operate and manage certificates.

To learn more, see [Cryptography and Certificate Management](cryptography-certificate-mgmt.md). | -| | The Windows Security app is a client interface that is built into Windows, beginning with Windows 10, version 1703, and continuing through Windows 11. The Windows Security app enables users to view their security settings, including virus & threat protection settings, firewall & network protection, device security, and more on their device.

The Windows Security app uses the Windows Security Service (SecurityHealthService or Windows Security Health Service), which in turn uses the Security Center service (wscsvc) to ensure the app provides the most up-to-date information about the protection status on the endpoint.

To learn more, see [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md). | -| Encryption and data protection | In Windows 11, encryption and data protection features include encrypted hard drives and BitLocker. Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. BitLocker provides encryption for the operating system, fixed data, and removable data drives.

To learn more, see [Encryption and data protection in Windows 11](encryption-data-protection.md). | -| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs) | | -| | [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md) | | -| | Bluetooth (NEEDED) | | -| | Domain Name System (DNS) security (NEEDED) | | -| | Windows Wi-Fi (NEEDED) | | -| | Transport Layer Security (TLS) (NEEDED) | | -| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows) | | -| | [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) | | -| | [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection) | | -| | [Network protection](/microsoft-365/security/defender-endpoint/network-protection) | | -| | [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders) | | -| | [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection) | | -| | Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection | +| Secure Boot and Trusted Boot | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows system boots up safely and securely.

Learn more [Secure Boot and Trusted Boot](trusted-boot.md).
|| +Cryptography and certificate management|Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure.

Learn more about [Cryptography and certificate management](cryptography-certificate-mgmt.md).

| +Windows Security app | The Windows built-in security application found in setitngs provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more.

Learn more about the [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).| +| Encryption and data protection | Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows provides strong at-rest data-protection solutions that guard against nefarious attackers.

Learn more about [Encryption](encryption-data-protection.md). +| BitLocker | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later.

Learn more about [BitLocker](information-protection/bitlocker/bitlocker-overview.md). | +| Encrypted Hard Drive |

Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity.

Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md).

| +| Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server.

Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs).

| +| Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device.

Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).

+| Protection from viruses and threats | The next-generation protection capabilities in Windows helps identify and block new and emerging threats. By reducing your attack surface, you can reduce the risk of malware getting onto a device. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. These capabilities can help security teams prevent malware from infecting a device.

[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)

[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)

[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)

[Network protection](/microsoft-365/security/defender-endpoint/network-protection)

[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)

[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)

Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection | + + +Bluetooth (NEEDED)

Domain Name System (DNS) security (NEEDED)

Windows Wi-Fi (NEEDED)

Transport Layer Security (TLS) (NEEDED) | diff --git a/windows/security/threat-protection/TOC.yml b/windows/security/threat-protection/TOC.yml index 5342060e01..c4a518650a 100644 --- a/windows/security/threat-protection/TOC.yml +++ b/windows/security/threat-protection/TOC.yml @@ -35,4 +35,4 @@ - name: Security foundations - name: Windows Privacy - href: windows/privacy/windows-10-and-privacy-compliance.md \ No newline at end of file + href: /windows/privacy/windows-10-and-privacy-compliance.md \ No newline at end of file