NBS Enterprises IT Services: NBS has been serving the Intelligence, Department of Defense and Commercial Communities since 2005. We have been successfully
delivering solutions in the areas of Information Assurance (IA), Enterprise Architecture, IT Transformation and Modernization, NOC environments, Human Resources,
Logistics and Mission support and others. We have trained and certified staff in the most widely used technologies.
NBS Global Recruiting: NBS provides direct staffing, and contract-to-hire, and temporary staff in the Department of Defense and Commercial Communities in
numerous arenas. These personnel include individuals with top-level clearances and experience.
NBS Consulting: Providing subject matter expertise in a multitude of areas including supply chain, demand
planning, business development, business management, aviation, maritime operations, homeland security, and many others for the defense, intelligence, and
commercial markets. Our consultants have an average of 25 years of experience each in their fields of specialty and are experienced at consulting nationally and
internationally, including in areas of conflict or natural disaster.
Areas of Experience and Past Performance
NBS provides Solutions and Services in the follow areas:
• Security Solutions
• Security Assessments
• Authorization, Accreditation , Auditing Solutions
• Independent Verification and Validation
• Information Assurance
• Encryption and Data Security
• Network Analysis and Tools
• Network development and performance analysis
• Network Operations Center and Secure Operations Center
• Network Security Analysis and Redesign
• System Security
• System Monitoring and Management
• Systems administration
• Telecom Analysis and Tools
• Telecom development and performance analysis
• Telecom Operations Center
• Telecom Security Analyst and Redesign
• Database applications testing
• Database Security
• High Availability
• Risk and Configuration Management
• Helpdesk Solutions
• Server support
• Video network engineering and VTC Solutions
• VoIP systems and Communication Solutions
• Platform Design and Solutions
• Testing Solutions
• Business process reengineering
• Contracts management
Current and Past Performances include work at DHS, US Army, DITSPO, DOS, OCONUS and others.
For example, our work at the Department of Homeland Security and Transportation Security Administration, demonstrates our ability to step in and provide
oversight for the development and maintenance of the network environment.
NBS provides DHS with network engineering services in a Network Operation Center environment. In this environment we provide Risk Management,
Configuration Management, Information Assurance and IV&V.
This program, and others like this, have given us unique knowledge and experience in network and security tools such as RSA SecurID Suite.
In our experience, we have worked with the RSA SecurID authentication mechanism, consisting of a “token”—a piece of hardware or software (e.g. a "soft token"
for a PDA or cell phone)—assigned to a computer user that generates an authentication code at fixed intervals (usually 30 or 60 seconds) using a built-in clock
and the card's factory-encoded random key (known as the "seed").
The seed is different for each token, and is loaded into the corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server) as the
tokens are purchased. The seed is typically 128 bits long. Some RSA SecurID deployments may use varied second rotations, such as 30-second increments.
The token hardware is designed to be tamper-resistant to deter reverse engineering of the token. Despite this, public code has been developed by the security
community allowing a user to emulate RSA SecurID in software, but only if they have access to a current RSA SecurID code, and the original RSA SecurID seed
file introduced to the server.
In the RSA SecurID authentication scheme, the seed record is the secret key used to generate one time passwords. "Soft tokens" are merely commercial
software implementations of the same algorithms implemented in the tamper resistant hardware, only the soft tokens require the seed record to be distributed to
clients so that the seed record may be used as input in the One Time Password generation. Newer versions also feature a USB connector, using which the token
can be used as a smart card-like device for securely storing certificates.
We have experience with several different architectures and implementations of SecurID.
number being displayed at that moment on their RSA SecurID token.
2. Or by disregarding the PIN implementation altogether, and rely on password/RSA SecurID code combinations.
The server, which also has a real-time clock and a database of valid cards with the associated seed records, computes what number the token is supposed to be
showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access.
We have also implemented systems using “duress PIN" —an alternate code which creates a security event log showing that a user was forced to enter their PIN,
while still providing transparent authentication.
In our history we have realized many lessons learned in regards to RSA. For example, while the RSA SecurID system adds a strong layer of security to a
network, difficulty can occur if the authentication server's clock becomes out of sync with the clock built in to the authentication tokens. However, typically the
RSA Authentication Manager automatically corrects for this without affecting the user. It is also possible to manually resync a token in the RSA Authentication
In other experiences like that at Diplomatic Telecommunications Service Program Office (DTS-PO), were we are responsible for Network, and Design,
Transformation and Management of Network Infrastructure. Including Design and Development and Security of Networks. The implementation here consists of a
wide variety of technologies including CISCO, Active Directory, LAN, WAN, Enterprise Intrusion, EMC, Hitatchi, VMWARE, Solaris, HP Openview, Perl, Linux,
Microsoft, and others. In this mix to support the network security initiative we have implemented RSA in a Multi-Factor Authentication (MFA) scheme, the use of
RSA as well as AD (Active Directory) together to provide a multi challenge system that compares in magnitude to the size and number of users relevant to the
FBI ITES initiative.
revised and maintained IT Policies for both CONUS and OCONUS customers. We are completely staffed with SME’s and technical writers that are well versed at
Policy, User and PIN Management.
Besides our extensive experience in RSA and other security technologies, we bring to bear certified personnel on UNIX, ITIL, Openview, Opsware, CISCO and
other technologies that are the key to maintaining, and advancing the network to be Usable, Perform and Secure.
Our staff’s agile methodology and ability to achieve a full functioning steady state O&M of the environment in days/weeks, allow us to blend in our vast
experience to mature and transform the environment so that we can deliver our efforts in the most efficient manner with the policies and procedures of the