|
|||||||||||||||||||
|
|||||||||||||||||||
Internet security toolsWe address Internet security concerns so that you can safely do online transactions with us. There are many ways to increase security while using the Internet. Some of the tools available are described below.
Public Key Infrastructure (PKI) General computer securityAnti-virus softwareAnti-virus software scans your computer and email messages for viruses. You have to regularly update your anti-virus software to be able to detect new viruses. Your anti-virus software helps protect the data on your computer software and your operating system. Although email is common and widely used today, it is not secure. You should never send us confidential information by unsecured email, as the unsecured email can be intercepted and the name of the originator can be changed. We do not trust personal information received through unsecured email. FirewallsA firewall acts as a barrier between internal and external computers in a network, controlling the flow of information between the two. When a computer outside the firewall tries to communicate with a computer inside, it must first communicate with the firewall, which drops, allows or denies requests before it passes them to the destination computer. This process protects the destination computer from unauthorized access. Web browser securityEncryptionEncryption has been used to transmit messages in various formats for hundreds of years; it is not a new concept created just for the Internet. As technology has evolved, so have the methods of encryption—from manually coding text to using complex computer programs. Encryption uses a mathematical formula and an encryption key to scramble information so that an unauthorized person cannot understand the information. The scrambled information is decoded—or converted back—into the original format using the same mathematical formula and a decryption key so an authorized person can understand it. While the information is encrypted, it cannot be viewed. With 128-bit Secure Sockets Layer (SSL) encryption, the privacy of information passing between your Web browser and our Web servers is ensured. Encrypting the information allows it to be transmitted and authenticated safely. Data cannot be compromised when SSL is in use. Through SSL the identity of the server computer can be verified. Although it is also possible to identify the user as well, CBSA does not use this method of identification. When you send data using SSL encryption, the data is broken down into small, separate packages of information called blocks. SSL then encrypts each block. These encrypted blocks are sent over the Internet as individual network packets, and are individually addressed. Once all the packets have reached the safety of our secure Web server, they are reassembled and decrypted. Check your browser's encryption To make sure that you can complete your transactions securely and confidentially, you must use a Web browser that supports 128-bit Secure Sockets Layer Version 3.0 (SSLV3) encryption. You can use our browser test to check your current browser. Once a secure session has been established, a padlock or key icon will appear in the bottom right corner of your browser window. This shows that data is being encrypted. However, to determine what level of encryption your browser provides, you have to check your browser's properties. Internet Explorer Open Internet Explorer and click the "Help" menu item. Then select "About Internet Explorer". This window will tell you the version of browser you are using and the level of security you have. If the "cipher strength" is not 128-bit, you should upgrade your browser. Netscape If there is a padlock icon , it means you are using 128-bit encryption. If there is no padlock icon, it means that you have 40-bit encryption software and you should upgrade to 128-bit encryption. Although other Web browsers may also work, we have tested two products that are proven to work with our services: Microsoft Internet Explorer versions 5.01, 5.5, or higher and Netscape Communicator/Navigator 4.78, 4.79, or higher. Updating your browserIf your browser does not meet our security requirement of 128-bit SSL Version 3.0 encryption, you will need to upgrade the one you have or download a new complete browser package. Notes If your computer is part of a managed network, contact your organization's system administrator before making changes to your computer. Microsoft Internet Explorer browser Web site Remember that you may not have to download the complete browser package. You may only need to upgrade your browser, which takes much less time. Downloading 128-bit Microsoft Internet Explorer
Netscape browser Web site Remember that you may not have to download the complete browser package. You may only need to upgrade your browser, which takes much less time. Downloading a 128-bit Netscape browser
This online technical manual provides general information for downloading, installing, and configuring the Microsoft Internet Explorer browser and the Netscape browser for use with CBSA services. Clearing your cacheWhen you visit a Web site, it is saved in your computer's memory and your browser's memory in an area called the cache. Your browser should display the Web site quicker the next time you visit because details about the contents, such as images and files, are stored in your cache. Your browser does not need to re-download all of the information about that Web site. Information stored in the browser’s cache is not encrypted, so clearing the cache helps to ensure the security of your information. After you complete a secure session, you should close and reopen your browser to clear your browser’s cache of session cookies. If you are using Internet Explorer, you should also delete your temporary Internet files, before you close and reopen your browser. If you are using Netscape Navigator, you should clear both your browser’s disk cache and memory cache before you close and reopen your browser. CookiesOur main Web server does not use cookies or any other method to collect personal data about visitors to our Web site. However, when you use our Web site to perform any transaction, your browser may be asked to accept our session cookie, which is a small string of text that contains a session identification number. We use the cookie to manage each secure session on our Web site, and only the person with a valid cookie in his or her browser can transact during that session. A cookie is a small text file or a packet of data that contains information that identifies you. A session cookie is one of the ways we ensure that you continue to be identified and send the correct information during each session. The cookie contains a session identification number, but does not contain any personal or business identification information. It cannot retrieve information from your hard drive. That means that someone examining your cookies would not be able to do transactions on our Web site as you. Our cookies are not disk-resident (also called persistent cookies). They are stored in your browser only for one session and will be deleted once you close your browser. If you do not accept the cookie, you will not be able to do transactions with us over the Internet. Java appletsJava applets are little programs that can be downloaded over the Internet and that run with your browser software. They are typically used to customize or add interactive elements to a Web page. We recommend that Java applets be kept on while using our services. JavaScriptJavaScript is a scripting language that works primarily on Web pages. CBSA uses JavaScript to detect browser, browser version, and platform. We recommend that JavaScript be kept on while using our Web services. Adjust your browser settingsThe following instructions will allow you to adjust your browser security settings, and to turn on cookies, Java applets, and JavaScript. Notes These instructions are for Windows operating system browsers. If you are using another operating system such as Macintosh, Linux, or Solaris, please see your browser’s help file for instructions on how to change your settings. Internet Explorer 5 and 6
Netscape 4
Netscape 6 and 7
Public Key Infrastructure (PKI)PKI is a combination of policy and technology that establishes a secure working environment, allowing Internet users to conduct secure electronic transactions. PKI operates using public key cryptography and digital certificates held by each party transmitting over the Internet. This ensures that private information is kept protected from tampering and that the identities of the participants can be guaranteed. Unlike traditional cryptography that uses an identical key to encrypt and decrypt the message, public key cryptography uses one mathematical formula or algorithm—also called a key—to encrypt data and a second, related mathematical key to decrypt it. A PKI user has two keys: a public key openly accessible to anyone and tied to the digital certificate, and a private key kept secret by its holder. A message that is encrypted with a public key can only be decrypted with the corresponding private key. Using this key system ensures that no one else can view the private key holder's encrypted messages. In the Government of Canada PKI, once you have obtained your key, all you need to remember (and keep secret) is your user ID and password. More details about PKI are available on the following Web sites:
Certification authorityA certification authority is a trusted party responsible for issuing digital certificates and managing them throughout their lifetime. The management of digital certificates includes their centralized creation, distribution, renewal, and revocation. The certification authority certifies the identity of the holder and publishes up-to-date lists of public keys. In the Government of Canada PKI, this authority is split between two organizations to provide an additional layer of protection for your information. One central organization issues the PKI keys and manages their creation, distribution, renewal, and revocation for all government departments. However, the certificate held centrally contains only a Meaningless But Unique Number (MBUN)-not your identity. Each department that uses PKI will authenticate you, and only that department will know the relationship between your MBUN and your real identity. You can choose to have one certificate for all your dealings with the Government of Canada or one certificate for each department. Digital certificatesA digital certificate is an electronic credential that verifies the identity of its holder. The digital certificate is issued by a certification authority and contains information on the identity of the holder. It cannot be forged. The digital certificate ties the holder's identity to a public key. Digital certificates are critical tools for the secure and trusted use of electronic networks, as they enable protected information to be sent, received, and accessed securely. If a digital certificate is suspected of being compromised, it is revoked. Digital signaturesA digital signature is a type of electronic identification that can confirm the identity of the sender of a message, whether the message is encrypted or not. Digital signatures can only be generated by the signer. They can be verified, are tamperproof, cannot be forged or repudiated, and ensure that the information contained in the message is not changed during transmission. epass CanadaThe Government of Canada epass—a new service that uses PKI—gives Canadians the ability to obtain state-of-the-art secure electronic services from any Internet terminal in the world, using the convenience of a user ID and password. When registering for an epass (using shared secrets), you get a unique electronic credential that gives you access to online government programs and services that require enhanced security measures, including secure digital signatures. |
|||||||||||||||||||
|