Security Promise

__________________________________________________________________

Security Promise

The HANNA Security Promise

Our most precious asset is the trust of our members. Therefore, the security of your personal and agency information is one of our highest priorities. The following sections describe the system that HANNA developed to provide our members one of the highest levels of security in our industry.

How secure is my information?

HANNA has made a significant investment in leading-edge security software, systems, and procedures to offer you a safe and secure environment and protect your information. While no security system is absolutely impenetrable, we are constantly reviewing, refining, and upgrading our security infrastructure as new tools or techniques become available.

We go to great lengths to protect your security from your very first transaction with HANNA. For example, the HANNA Secure System requires you to enter a valid User ID and Password before permitting you to see any personal or agency information. This site also encrypts all the information that the server and your browser exchange.

HANNA also utilizes state of the art firewall and intrusion detection technology to prevent unauthorized access to your account and agency information. The public Web servers are physically segregated from the servers that contain our account and personal or agency information and cannot be accessed directly from the Web. Access is allowed only through well-defined scripts and is firewall-controlled. Internally, member information is specially protected through industry standard security mechanisms and policies like the strict 'Principle of Least Possible Privilege' that governs employee access to company systems and information.

Why are cookies important?

The HANNA Web site uses a common technique, HTTP-header cookies, to identify one page request from another. These cookies do not contain any personal or account identifying (e.g., Member Number) information. They merely allow the site to recognize a page request that comes from someone who has already logged on. The information is stored temporarily in memory and is available only during the course of a session. The information is removed once you close down your browser. Some browsers can be configured to warn the user whenever a site sends it a cookie. If your browser provides an edit message asking you to accept or reject the use of cookies, you should accept. The site will not work without them.

What is encryption?

Encryption is used to protect messages from eavesdropping, tampering, or message forgery over the Internet. It is a mathematical process that transforms a message in order to conceal its meaning.

How does the HANNA Web site use encryption?

It is the Policy of the HANNA Secure System to encrypt the transmissions of all personal or agency Web-based information that is transmitted between our site and your browser. The security standard SSL (Secure Sockets Layer) is used to implement this. SSL is the leading standard for securing World Wide Web transmissions. It is also supported by the leading brwsers, Netscape Navigator 1.1 and above and Microsoft Internet Explorer 2.0 and above.

How can I tell that SSL is in effect?

The URL of a secure document begins with HTTPS://. The additional "S" on the end of the familiar HTTP indicates a secure channel to the server. Every secure page on the HANNA Web site is secured with a digital certificate issued by Thawte USA, Inc. This is shown via the "site certificate" that sits on all secure pages. To view this certificate, click on the image of the closed lock or the solid key on the bottom bar of your browser window. A small frame displaying site security information will appear. If you use Internet Explorer, Click on the word 'Subject' to verify the Web site. Click on 'Issuer' to verify the site certification authority. If you use Netscape, click on the "View Certificate" button to see information on the subject and issuer.

How secure is SSL?

SSL can use keys of various sizes. The larger the key length, the greater the number of possible combinations, the more difficult the decryption challenge, and the more secure the message. While this site will provide the maximum level of encryption supported by your browser, those wishing to maximize the security of their Web activities are encouraged to obtain a browser with 128-bit SSL encryption. These browses are available for downloading from either Netscape or Microsoft at no cost except connect time.

Why do I need to use a particular browser?

To maximize the privacy of your information and provide a consistent visual presentation, a relatively current and capable browser is required. The browser required for this site is Netscape Navigator 3.0 and above, or Microsoft Internet Explorer 3.0 and above. These browsers have been used to extensively test this site to ensure that the pages display and behave in a predictable manner. Other browsers may work if they have the required features; however, this site has not been tested or certified for other browsers. For Example, the browser must support Java Script, Cookies, and Secure Sockets Layer (SSL), an encryption standard for browsers. For enhanced security, we recommend using a browser version that uses 128-bit SSL encryption.

Note: If you are an AOL user, you will also need to use one of the minimum required browsers. You may need to down load one of the approved browsers to use the HANNA Secure System.

What responsibility do I need to take as a member?

Although HANNA does everything possible to ensure security, members have their own set of responsibilities in providing security for their HANNA membership accounts. Member Number, User IDs and passwords must be kept secret. Make sure that no one is watching when you enter your User ID or password. It is also important to remember to exit the browser when leaving the computer. Certain companies may offer to provide services to you by accessing your account through our site. If HANNA does not have a relationship with the company that provides the proper protocol for access, the security of your account can be at risk. Moreover, that company's use of your User ID and password will be governed by their policies. Anytime you disclose your identifying information to third parties, you are creating greater risk of unauthorized use or access for which HANNA cannot take responsibility.

If you are using broadband Internet access (Cable or DSL), we recommend that you use a personal firewall since broadband Internet access is "always on" and puts your PC and any information it may contain risk from hackers. You should also use a virus-screening program with up to date virus definitions to minimize the risk of malicious code, Trojan horses, or worms on your computer.

__________________________________________________