|
Security Q & A
QUESTION:
How is my data protected and what is SSL?
ANSWER:
1) 'SSL' stands for 'Secure Sockets Layer', and is the transaction security protocol used by hundreds of thousands of websites to protect online commerce. SSL is the standard security technology for creating an encrypted link between a Web server and a Web browser. This link ensures that all data passed between the Web server and Web browser remains private.
2) As well as ensuring that the details of a transaction remain secure during that transaction, consumers also care whether the Web site they are dealing with is legitimate. In order to solve the critical issue of identity assurance, SSL Providers (Certification Authorities), provide proof of the identity of a Web site via an electronic certificate which is automatically checked by the consumer's Web browser at the outset of a secure transaction.
Web browsers and operating systems come with a pre-installed list of trusted Certification Authorities, known as the Trusted Root CA store. As Microsoft and Netscape provide the major operating systems and browsers, they elect whether to include a Certification Authority into the Trusted Root CA store, thereby giving trusted status.
Our SSL certificate is issued by Comodo whose root certificate is provided by Baltimore Technologies -- trusted by over 99% of all current browsers, comprising all Internet Explorer 5.00 and above, Netscape 4x and above, AOL 5 and above, and Opera 5 and above and comes pre-installed with all Windows 98SE, Windows ME, Windows 2000, Windows XP, Mac OS 8.5, Mac OS 9.x, Mac OS X operating systems.
QUESTION:
What is a secure, authenticated Internet connection and how is it established?
ANSWER:
A "secure connection" is established when your Web browser connects to an Internet Web site in a way that provides data security services - usually a site with an address that starts with "https://. . .", a secure connection ensuring that any information transferred between you and that site cannot be seen by anyone else in the Internet. An "authenticated connection" is established when the Web browser verifies the identity of an Internet Web site. The Web browser should automatically accomplish these checks and the process should happen transparently to the user.
When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user.
QUESTION:
Why can't my Web browser establish a secure, authenticated Internet connection?
ANSWER:
Your Web browser may be an old version and may therefore not have the ability to authenticate an Internet Web site. Most frequently, this is because the Web browser does not include an up-to-date digital certificate. (A digital certificate is a special kind of data file that is digitally signed by using cryptography.)
QUESTION:
How can I establish a secure, authenticated Internet connection if the problem is with my Web browser?
ANSWER:
The best way to ensure your ability to establish a secure, authenticated connection between your Web browser and an authenticated site is to upgrade your browser to the latest version. It will have the most up-to-date capabilities to authenticate the identity of a Web site and check the site's certification status. The latest Web browser version will also contain the most up-to-date list of certification authorities responsible for authenticating Internet Web sites.
QUESTION:
Should I expect the highest available level of encryption, 128-bit, to protect my data transmission?
ANSWER:
The 128-bit key size (encryption level) is determined by the Web browser, and if your Web browser can only negotiate 40 or 56-bit encryption levels, then this is session that is established. To make sure you can use the highest level available, upgrade your Web browser to the newest version available.
|
