Security

Summary

There are several levels of security within our security framework. User Level deals with cryptography and Netscape's Secure Sockets Layer (SSL) protocol, and is the first line of defense used by all customers accessing IRIS from the public Internet. Server Level focuses on firewalls, filtering routers, and our trusted operating system. Host Level deals specifically with our mainframe system and the processing of secure financial inquiries.

User Level | Server Level | Host Level | User Responsibilities

User Level

There are several components of User Level security that ensure the confidentiality of information sent across the public Internet. The first requires your use of a fully SSL-compliant browser such as Netscape Navigator or Microsoft Internet Explorer. SSL is an open protocol developed by Netscape that allows a user's browser to establish a secure channel for communicating with our Internet server. SSL utilizes highly effective cryptography techniques between your browser and our server to ensure that the information being passed is authentic, cannot be deciphered, and has not been altered enroute. SSL also utilizes a digitally signed certificate that ensures you are truly communicating with Registrar and Transfer Company and not a third party trying to intercept the transaction.

After a secure connection has been established between your browser and our server, you then provide a Tax ID Security Code to gain access to the log-in screen. You are then required to log into the R&T system using a randomly generated username and password assigned specifically to you. Although SSL utilizes proven cryptography techniques, it is important to protect your username and password from others. Session time-outs, a limit on the number of logon attempts, change intervals, and special browser caching techniques are examples of other security measures in place to ensure that inappropriate activity is prohibited at the User Level.

Server Level

All transactions sent to IRIS must first pass through a filtering router system. These filtering routers automatically direct the request to the appropriate server after ensuring the access type is through a secured browser and nothing else. The routers verify the source and destination of each network packet, and manage the authorization process of letting packets through. The filtering routers also prohibit all other types of Internet access methods at this point. This process blocks all non-secured activity and defends against inappropriate access to the server.

The IRIS system is protected using the latest Cisco firewall platform. This highly regarded intrusion prevention platform is widely used and respected around the world. The platform defends against every kind of system intrusion and effectively isolates all but authorized users. It secures the network hardware and main data processing system and prevents associated attacks against all systems connected to the webserver.

Administration of the platform is not managed remotely and must be initiated by authorized personnel in direct physical contact with the master console. Thus, a level of physical security has been implemented that rivals some of the most secure installations. Additional measures to ensure the security of information involve the separation of server applications from host data. This means that information of value does not physically reside on the Internet Server. Logging of security information occurs at all times and there is always a backup for the information logged about every attempt made to access the system. These security logs allow us to constantly monitor for a wide range of anomalies and determine if attempts have been made to breach our security framework.

Host Level

After logging into the IRIS Server, the queries are directed via a secure dedicated network to our Transaction Processing Server. No direct database access occurs between IRIS and the user. Only specific transactions in the proprietary format are allowed into the Transaction Server.

User Responsibilities

While we continue to evaluate and implement the latest improvements in Internet security technology, users of IRIS also have responsibility for the security of their information and should always follow the recommendations listed below:

• Utilize the latest version of either Netscape Navigator or Microsoft Internet Explorer. The IRIS system is best viewed and is most secure when you use one of these two browsers, as they are both certified for use at our site.
• The tax ID is an authentication process that requires the number to be recognized as an authorized user of the system. Your username and password must be kept confidential. Should you lose this information, contact R&T immediately and the information will be deleted from the system.
• Be sure others are not watching you enter information on the keyboard when using the system.
• Never leave your computer unattended while logged on IRIS. Others may approach your computer and gain access to your account information if you walk away.
• If you are using a shared or work PC, remember that keyed-in information is stored on the PC and can be recalled unless you flush or erase the auto-content buffers.
• Click log-off when you are finished using the system to properly end your session. Once a session has been ended, no further transactions can be processed until you log onto the system again.
• Close your browser when you are finished, so that others cannot view any account information displayed on your computer.
• Keep your computer free of viruses. Use virus protection software to routinely check for a virus on your computer. Never allow a virus to remain on your computer while accessing IRIS.

We look forward to serving your account access both today and into the future - securely.