Internet security tools

We address Internet security concerns so that you can safely do online transactions with us. There are many ways to increase security while using the Internet. Some of the tools available are described below.

General computer security

• Anti-virus software
• Email
• Firewalls

Web browser security

• Encryption
• Updating your Web browser software
• Clearing your cache
• Cookies
• Java applets
• JavaScript
• Adjust your browser settings

Public Key Infrastructure (PKI)

• Certification authority
• Digital certificates
• Digital signatures
• epass Canada

General computer security

Anti-virus software

Anti-virus software scans your computer and email messages for viruses. You have to regularly update your anti-virus software to be able to detect new viruses. Your anti-virus software helps protect the data on your computer software and your operating system.

Email

Although email is common and widely used today, it is not secure. You should never send us confidential information by unsecured email, as the unsecured email can be intercepted and the name of the originator can be changed. We do not trust personal information received through unsecured email.

Firewalls

A firewall acts as a barrier between internal and external computers in a network, controlling the flow of information between the two. When a computer outside the firewall tries to communicate with a computer inside, it must first communicate with the firewall, which drops, allows or denies requests before it passes them to the destination computer. This process protects the destination computer from unauthorized access.

Web browser security

Encryption

Encryption has been used to transmit messages in various formats for hundreds of years; it is not a new concept created just for the Internet. As technology has evolved, so have the methods of encryption—from manually coding text to using complex computer programs.

Encryption uses a mathematical formula and an encryption key to scramble information so that an unauthorized person cannot understand the information. The scrambled information is decoded—or converted back—into the original format using the same mathematical formula and a decryption key so an authorized person can understand it. While the information is encrypted, it cannot be viewed.

With 128-bit Secure Sockets Layer (SSL) encryption, the privacy of information passing between your Web browser and our Web servers is ensured. Encrypting the information allows it to be transmitted and authenticated safely. Data cannot be compromised when SSL is in use. Through SSL the identity of the server computer can be verified. Although it is also possible to identify the user as well, CBSA does not use this method of identification.

When you send data using SSL encryption, the data is broken down into small, separate packages of information called blocks. SSL then encrypts each block. These encrypted blocks are sent over the Internet as individual network packets, and are individually addressed. Once all the packets have reached the safety of our secure Web server, they are reassembled and decrypted.

Check your browser's encryption

To make sure that you can complete your transactions securely and confidentially, you must use a Web browser that supports 128-bit Secure Sockets Layer Version 3.0 (SSLV3) encryption. You can use our browser test to check your current browser.

Once a secure session has been established, a padlock or key icon will appear in the bottom right corner of your browser window. This shows that data is being encrypted. However, to determine what level of encryption your browser provides, you have to check your browser's properties.

Internet Explorer

Open Internet Explorer and click the "Help" menu item. Then select "About Internet Explorer". This window will tell you the version of browser you are using and the level of security you have. If the "cipher strength" is not 128-bit, you should upgrade your browser.

Netscape

If there is a padlock icon , it means you are using 128-bit encryption. If there is no padlock icon, it means that you have 40-bit encryption software and you should upgrade to 128-bit encryption.

Although other Web browsers may also work, we have tested two products that are proven to work with our services: Microsoft Internet Explorer versions 5.01, 5.5, or higher and Netscape Communicator/Navigator 4.78, 4.79, or higher.

Updating your browser

If your browser does not meet our security requirement of 128-bit SSL Version 3.0 encryption, you will need to upgrade the one you have or download a new complete browser package.

Notes
The CBSA is not responsible for any difficulties or problems in downloading and installing software. The software suppliers provide technical support.

If your computer is part of a managed network, contact your organization's system administrator before making changes to your computer.

Microsoft Internet Explorer browser Web site

Remember that you may not have to download the complete browser package. You may only need to upgrade your browser, which takes much less time.

Downloading 128-bit Microsoft Internet Explorer

• Go to the Microsoft Internet Explorer Web site.
• Go to the "Downloads" page and choose the appropriate 128-bit encryption software for your operating system.
• Download the software (or upgrade it) following Microsoft's instructions.

Netscape browser Web site

Remember that you may not have to download the complete browser package. You may only need to upgrade your browser, which takes much less time.

Downloading a 128-bit Netscape browser

• Go to the Netscape Web site.
• Click on "Free download".
• Click on "Download now" and save the file to your computer.
• Install the software (or upgrade it) following Netscape's instructions.

This online technical manual provides general information for downloading, installing, and configuring the Microsoft Internet Explorer browser and the Netscape browser for use with CBSA services.

Clearing your cache

When you visit a Web site, it is saved in your computer's memory and your browser's memory in an area called the cache. Your browser should display the Web site quicker the next time you visit because details about the contents, such as images and files, are stored in your cache. Your browser does not need to re-download all of the information about that Web site.

Information stored in the browser’s cache is not encrypted, so clearing the cache helps to ensure the security of your information. After you complete a secure session, you should close and reopen your browser to clear your browser’s cache of session cookies. If you are using Internet Explorer, you should also delete your temporary Internet files, before you close and reopen your browser. If you are using Netscape Navigator, you should clear both your browser’s disk cache and memory cache before you close and reopen your browser.

Cookies

Our main Web server does not use cookies or any other method to collect personal data about visitors to our Web site. However, when you use our Web site to perform any transaction, your browser may be asked to accept our session cookie, which is a small string of text that contains a session identification number. We use the cookie to manage each secure session on our Web site, and only the person with a valid cookie in his or her browser can transact during that session.

A cookie is a small text file or a packet of data that contains information that identifies you. A session cookie is one of the ways we ensure that you continue to be identified and send the correct information during each session.

The cookie contains a session identification number, but does not contain any personal or business identification information. It cannot retrieve information from your hard drive. That means that someone examining your cookies would not be able to do transactions on our Web site as you. Our cookies are not disk-resident (also called persistent cookies). They are stored in your browser only for one session and will be deleted once you close your browser.

If you do not accept the cookie, you will not be able to do transactions with us over the Internet.

Java applets

Java applets are little programs that can be downloaded over the Internet and that run with your browser software. They are typically used to customize or add interactive elements to a Web page. We recommend that Java applets be kept on while using our services.

JavaScript

JavaScript is a scripting language that works primarily on Web pages. CBSA uses JavaScript to detect browser, browser version, and platform. We recommend that JavaScript be kept on while using our Web services.

Adjust your browser settings

The following instructions will allow you to adjust your browser security settings, and to turn on cookies, Java applets, and JavaScript.

Notes
If your computer is part of a managed network, contact your organization’s system administrator before making changes to your computer.

These instructions are for Windows operating system browsers. If you are using another operating system such as Macintosh, Linux, or Solaris, please see your browser’s help file for instructions on how to change your settings.

Internet Explorer 5 and 6

• Click on the “Tools” menu item, then “Internet Options”.
• Select the “Security” tab.
• Click on the “Internet” icon in the Web content zone box.
• Click on the “Custom Level” button. A “Security Settings” window will open:
  • Scroll down until you find “Cookies”. Under “Allow per-session cookies”, make sure that “Enable” is selected.
  • Scroll down the list until you find “Microsoft VM”. Under “Java Permissions”, make sure that “High security” is selected.
  • Scroll down the list until you find “Scripting”. Under “Scripting of Java applets”, make sure that “Enable” is selected.
  • In the “Reset customs settings” box, click on the arrow to open the drop down list and select “Medium”.
  • Click “OK”. The “Security Settings” window will close.
• Back in the “Security” tab, click on “Apply” and on “OK”.

Netscape 4

• Click on the “Edit” menu item, then “Preferences”.
• In the “Category” box, click on “Advanced”. A new selection will appear on the right:
  • Make sure that the “Enable Java”, “Enable JavaScript”, and “Accept all cookies” boxes are selected.
• Click “OK”.

Netscape 6 and 7

• Click on the “Edit” menu item, then “Preferences”.
• In the “Category” box, click on “Privacy & Security”, then “Cookies”.
  • Make sure that the “Enable all cookies” button is selected.
• In the “Category” box, click on “Advanced”. A new selection will appear on the right:
  • Make sure that “Enable Java” is selected; and
  • for Netscape 6, in the same selection list, also select “Enable JavaScript for Navigator”; or
  • for Netscape 7, in the “Category” box, click on “Scripts & Plugins” and select “Enable JavaScript for Navigator”.
• Click “OK”.

Public Key Infrastructure (PKI)

PKI is a combination of policy and technology that establishes a secure working environment, allowing Internet users to conduct secure electronic transactions. PKI operates using public key cryptography and digital certificates held by each party transmitting over the Internet. This ensures that private information is kept protected from tampering and that the identities of the participants can be guaranteed.

Unlike traditional cryptography that uses an identical key to encrypt and decrypt the message, public key cryptography uses one mathematical formula or algorithm—also called a key—to encrypt data and a second, related mathematical key to decrypt it. A PKI user has two keys: a public key openly accessible to anyone and tied to the digital certificate, and a private key kept secret by its holder. A message that is encrypted with a public key can only be decrypted with the corresponding private key. Using this key system ensures that no one else can view the private key holder's encrypted messages. In the Government of Canada PKI, once you have obtained your key, all you need to remember (and keep secret) is your user ID and password.

More details about PKI are available on the following Web sites:

• Government of Canada Public Key Infrastructure (Treasury Board of Canada Secretariat)
• Public Key Infrastructure (Communications Security Establishment)

Certification authority

A certification authority is a trusted party responsible for issuing digital certificates and managing them throughout their lifetime. The management of digital certificates includes their centralized creation, distribution, renewal, and revocation. The certification authority certifies the identity of the holder and publishes up-to-date lists of public keys.

In the Government of Canada PKI, this authority is split between two organizations to provide an additional layer of protection for your information. One central organization issues the PKI keys and manages their creation, distribution, renewal, and revocation for all government departments. However, the certificate held centrally contains only a Meaningless But Unique Number (MBUN)-not your identity. Each department that uses PKI will authenticate you, and only that department will know the relationship between your MBUN and your real identity. You can choose to have one certificate for all your dealings with the Government of Canada or one certificate for each department.

Digital certificates

A digital certificate is an electronic credential that verifies the identity of its holder. The digital certificate is issued by a certification authority and contains information on the identity of the holder. It cannot be forged. The digital certificate ties the holder's identity to a public key. Digital certificates are critical tools for the secure and trusted use of electronic networks, as they enable protected information to be sent, received, and accessed securely. If a digital certificate is suspected of being compromised, it is revoked.

Digital signatures

A digital signature is a type of electronic identification that can confirm the identity of the sender of a message, whether the message is encrypted or not. Digital signatures can only be generated by the signer. They can be verified, are tamperproof, cannot be forged or repudiated, and ensure that the information contained in the message is not changed during transmission.

epass Canada

The Government of Canada epass—a new service that uses PKI—gives Canadians the ability to obtain state-of-the-art secure electronic services from any Internet terminal in the world, using the convenience of a user ID and password. When registering for an epass (using shared secrets), you get a unique electronic credential that gives you access to online government programs and services that require enhanced security measures, including secure digital signatures.