Economically Disadvantaged, Woman-Owned Small Business (ED-WOSB) & Virginia Certified SWaM
New ... Decision Support for Robotic and Autonomous Systems
Leesburg, VA 20176
ph: 703-258-5070
jmcneily
Areas of Experience and Past Performance
NBS provides Solutions and Services in the follow areas:
Technical Capabilities
NBS has played an integral role in the security, operations and maintenance of our client’s networks since our inception. For example, our work at the Department of Homeland Security and Transportation Security Administration, demonstrates our ability to step in and provide oversight for the development and maintenance of the network environment.
NBS provides DHS with network engineering services in a Network Operation Center environment. In this environment we provide Risk Management, Configuration Management, Information Assurance and IV&V. This program, and others like this, have given us unique knowledge and experience in network and security tools such as RSA SecurID Suite.
In our experience, we have worked with the RSA SecurID authentication mechanism, consisting of a “token”—a piece of hardware or software (e.g. a "soft token"
for a PDA or cell phone)—assigned to a computer user that generates an authentication code at fixed intervals (usually 30 or 60 seconds) using a built-in clock
and the card's factory-encoded random key (known as the "seed").
The seed is different for each token, and is loaded into the corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server) as the tokens are purchased. The seed is typically 128 bits long. Some RSA SecurID deployments may use varied second rotations, such as 30-second increments.
The token hardware is designed to be tamper-resistant to deter reverse engineering of the token. Despite this, public code has been developed by the security community allowing a user to emulate RSA SecurID in software, but only if they have access to a current RSA SecurID code, and the original RSA SecurID seed file introduced to the server.
In the RSA SecurID authentication scheme, the seed record is the secret key used to generate one time passwords. "Soft tokens" are merely commercial software implementations of the same algorithms implemented in the tamper resistant hardware, only the soft tokens require the seed record to be distributed to clients so that the seed record may be used as input in the One Time Password generation. Newer versions also feature a USB connector, using which the token can be used as a smart card-like device for securely storing certificates.
We have experience with several different architectures and implementations of SecurID.
The server, which also has a real-time clock and a database of valid cards with the associated seed records, computes what number the token is supposed to be
showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access.
We have also implemented systems using “duress PIN" —an alternate code which creates a security event log showing that a user was forced to enter their PIN,
while still providing transparent authentication.
In our history we have realized many lessons learned in regards to RSA. For example, while the RSA SecurID system adds a strong layer of security to a network, difficulty can occur if the authentication server's clock becomes out of sync with the clock built in to the authentication tokens. However, typically the RSA Authentication Manager automatically corrects for this without affecting the user. It is also possible to manually resync a token in the RSA Authentication Manager.
In other experiences like that at Diplomatic Telecommunications Service Program Office (DTS-PO), were we are responsible for Network, and Design, Transformation and Management of Network Infrastructure. Including Design and Development and Security of Networks. The implementation here consists of a wide variety of technologies including CISCO, Active Directory, LAN, WAN, Enterprise Intrusion, EMC, Hitatchi, VMWARE, Solaris, HP Openview, Perl, Linux, Microsoft, and others. In this mix to support the network security initiative we have implemented RSA in a Multi-Factor Authentication (MFA) scheme, the use of RSA as well as AD (Active Directory) together to provide a multi challenge system that compares in magnitude to the size and number of users relevant to the FBI ITES initiative.
Technical Approach
Our best practices and approach to this type of work is to first concentrating on maintaining steady state. At Department of State, we successful implemented,
revised and maintained IT Policies for both CONUS and OCONUS customers. We are completely staffed with SME’s and technical writers that are well versed at
Policy, User and PIN Management.
Besides our extensive experience in RSA and other security technologies, we bring to bear certified personnel on UNIX, ITIL, Openview, Opsware, CISCO and other technologies that are the key to maintaining, and advancing the network to be Usable, Perform and Secure.
Our staff’s agile methodology and ability to achieve a full functioning steady state O&M of the environment in days/weeks, allow us to blend in our vast experience to mature and transform the environment so that we can deliver our efforts in the most efficient manner with the policies and procedures of the program.
Partnership-Focused
Business Model
The NBS 'C3 Triangle'
The C3 Triangle is the NBS proprietary method for achieving optimum balance the interests between the Customer, the Client, and the Candidate to ensure the 'Best Fit' talent solution.
Copyright 2016
NBS Enterprises, LLC
All rights reserved
Leesburg, VA 20176
ph: 703-258-5070
jmcneily