Areas of Experience and Past Performance

NBS provides Solutions and Services in the follow areas:

• Security Solutions
  • Identity Management
  • Security Assessments
  • Authorization, Accreditation , Auditing Solutions
  • Independent Verification and Validation
  • Information Assurance
  • Encryption and Data Security
• Network Management
  • Network design and deployment
  • Network Analysis and Tools
  • Network development and performance analysis
  • Network Operations Center and Secure Operations Center
  • Network Security Analysis and Redesign
• Systems Engineering
  • System Design, Development and Deployment
  • System Security
  • System Monitoring and Management
  • Systems administration
• Telecommunications
  • Telecom design and deployment
  • Telecom Analysis and Tools
  • Telecom development and performance analysis
  • Telecom Operations Center
  • Telecom Security Analyst and Redesign
• Database Solutions
  • Database development and administration
  • Database applications testing
  • Database Security
• Software development and engineering
  • Service Oriented Architecture
  • High Availability
• Enterprise Architecture
• Risk and Configuration Management
• Helpdesk Solutions
• Server support
• Video network engineering and VTC Solutions
• VoIP systems and Communication Solutions
• Platform Design and Solutions
• Testing Solutions
• Business process reengineering
• Contracts management

Technical Capabilities

NBS has played an integral role in the security, operations and maintenance of our client’s networks since our inception. For example, our work at the Department of Homeland Security and Transportation Security Administration, demonstrates our ability to step in and provide oversight for the development and maintenance of the network environment.

NBS provides DHS with network engineering services in a Network Operation Center environment. In this environment we provide Risk Management, Configuration Management, Information Assurance and IV&V. This program, and others like this, have given us unique knowledge and experience in network and security tools such as RSA SecurID Suite.

In our experience, we have worked with the RSA SecurID authentication mechanism, consisting of a “token”—a piece of hardware or software (e.g. a "soft token"
for a PDA or cell phone)—assigned to a computer user that generates an authentication code at fixed intervals (usually 30 or 60 seconds) using a built-in clock
and the card's factory-encoded random key (known as the "seed").

The seed is different for each token, and is loaded into the corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server) as the tokens are purchased. The seed is typically 128 bits long. Some RSA SecurID deployments may use varied second rotations, such as 30-second increments.

The token hardware is designed to be tamper-resistant to deter reverse engineering of the token. Despite this, public code has been developed by the security community allowing a user to emulate RSA SecurID in software, but only if they have access to a current RSA SecurID code, and the original RSA SecurID seed file introduced to the server.

In the RSA SecurID authentication scheme, the seed record is the secret key used to generate one time passwords. "Soft tokens" are merely commercial software implementations of the same algorithms implemented in the tamper resistant hardware, only the soft tokens require the seed record to be distributed to clients so that the seed record may be used as input in the One Time Password generation. Newer versions also feature a USB connector, using which the token can be used as a smart card-like device for securely storing certificates.

We have experience with several different architectures and implementations of SecurID.

1. A user authenticating to a network resource—say, a dial-in server or a firewall—needs to enter both a PIN and the number being displayed at that moment on their RSA SecurID token.
2. Or by disregarding the PIN implementation altogether, and rely on password/RSA SecurID code combinations.

The server, which also has a real-time clock and a database of valid cards with the associated seed records, computes what number the token is supposed to be
showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access.

We have also implemented systems using “duress PIN" —an alternate code which creates a security event log showing that a user was forced to enter their PIN,
while still providing transparent authentication.

In our history we have realized many lessons learned in regards to RSA. For example, while the RSA SecurID system adds a strong layer of security to a network, difficulty can occur if the authentication server's clock becomes out of sync with the clock built in to the authentication tokens. However, typically the RSA Authentication Manager automatically corrects for this without affecting the user. It is also possible to manually resync a token in the RSA Authentication Manager.

In other experiences like that at Diplomatic Telecommunications Service Program Office (DTS-PO), were we are responsible for Network, and Design, Transformation and Management of Network Infrastructure. Including Design and Development and Security of Networks. The implementation here consists of a wide variety of technologies including CISCO, Active Directory, LAN, WAN, Enterprise Intrusion, EMC, Hitatchi, VMWARE, Solaris, HP Openview, Perl, Linux, Microsoft, and others. In this mix to support the network security initiative we have implemented RSA in a Multi-Factor Authentication (MFA) scheme, the use of RSA as well as AD (Active Directory) together to provide a multi challenge system that compares in magnitude to the size and number of users relevant to the FBI ITES initiative.

Technical Approach

Our best practices and approach to this type of work is to first concentrating on maintaining steady state. At Department of State, we successful implemented,
revised and maintained IT Policies for both CONUS and OCONUS customers. We are completely staffed with SME’s and technical writers that are well versed at
Policy, User and PIN Management.

Besides our extensive experience in RSA and other security technologies, we bring to bear certified personnel on UNIX, ITIL, Openview, Opsware, CISCO and other technologies that are the key to maintaining, and advancing the network to be Usable, Perform and Secure.

Our staff’s agile methodology and ability to achieve a full functioning steady state O&M of the environment in days/weeks, allow us to blend in our vast experience to mature and transform the environment so that we can deliver our efforts in the most efficient manner with the policies and procedures of the program.

Partnership-Focused

Business Model

• DCAA auditable rates
• Industry leading benefits
• Electronic Timesheet Reporting
• Recruiting, Payroll, CRM & HR tools
• Over 98% of revenue is derived from Task Order based IDIQ
• Success rate on bid and recruiting initiatives exceeding 86%
• 99% retention rate of Project Staff

The NBS 'C3 Triangle' 

The C3 Triangle is the NBS proprietary method for achieving optimum balance the interests between the Customer, the Client, and the Candidate to ensure the 'Best Fit' talent solution.