|
|
Security
ABS's security strategy programs are client-centered, reflecting the
needs, business patterns, and direction that are unique to each
enterprise.
One of the Key approaches to protecting your network is our 'Layered Defense' approach.
Our layered defense approach offers better protection for your servers and network. Integrating the layered defense with your HP OpenView suite will offer the Best defense for your network, system wide.
Integrating HP OpenView with our Layered Defense will provide instantaneous protection across your entire network.
While
our specialty is Cyber-Security, proper Processes and Policies will
support your efforts in Physical security as well. It is important for
you to remember that Security is an evolving process, not something
that you can install and then forget about it.
We
use both OpenSource and Commercial products to implement a Reliable
Defense environment to mitigate risk of intrusion from motivated
attackers from both External and Internal sources. While many companies
are focusing on Firewalls, these efforts are more a distraction, than
they are a cure. We can discuss these issues with you more, in a
personal visit or Consultation.
Security Notifications
Pennsylvania is just one of many states that have adopted a
Breach of Personal Information Notification Act. This Act
requires organizations to
notify it's customers when they have been compromised, and their
personal information has been lost or stolen, exposing them to
identity theft. If you use the internet, Security is more than
just an appliance or a firewall, it is essential. We have the
experience necessary to evaluate, design, deploy
and implement improved security solutions for your company.
Wireless Intrusion Prevention System
Recently the Department of Justice indited 11
individuals in the largest international credit card/identity theft crime
of more than 40 Million people. The crimes were not from people
breaking into buildings, but rather from wireless intrusion or war
driving.
The TJ Maxx, Boston Market, Barnes & Noble, Office Max, DSW,BJ's Wholesale Club, Sports Authority and Forever
21 crimes were all invoked with the use of invading wireless networks.
The security and integrity of your networks are
severely compromised as soon as you introduce a wireless connection
point (Access Point, Wireless Routers ....). Tools are readily
available via multiple sources to invade and penetrate the wireless
environment.
We have tools that will stop the Hackers from
breaking into your network, and prevent your employees from accessing
unauthorized wireless access points ourside of your environment as
well.
Security is much easier and cheaper to implement
before a breakin, and it will protect your company's brand identity as
well. Attempting to correct all of the issues after a breakin, may
become an insurmountable task.
Payment Card Industry Data Security Standard
These events have created what is now known as the PCI DSS or the Payment Card Industry Data Security Standard.
There are many components for compliance, two of the requirements are:
- Building and maintaining a secure network
- Protect cardholder data
If you accept consumer credit cards or utilize credit card services, your systems should be audited
for the possibility of a breach, or intrusion of your systems. Imagine
that you had an intrusion, who would you call then? Call us before you
do, and we'll secure and protect your business and it's operations.
PCI DSS security standard requirements
PCI security requires that you implement a set of documented
standards when configuring security and networking devices used in your
card processing activities. Specifically, you'll need to create
standards that:
- Specify parameters for firewall-based perimeter protection and include process. descriptions and a network diagram.
- Require a firewall at every Internet connection and isolating every DMZ.
- Dictate the use of a formal process for managing firewall rule-base changes, including the documentation of business justifications for each rule.
- Mandate semiannual firewall rule-base reviews.
Creating firewall and network device standards is only the
beginning of the implementation. You'll also need to create standards for
all other system components that require your technical staff follow
practices such as:
- Implementing a single function per server.
- Disabling unnecessary and insecure services, protocols and functions.
- Configure security parameters according to business requirements and best practices.
There are a number of resources available to you to get
head-start when creating your security standards. Before you implement any changes, you
should review the standards by the Center for Internet Security, National Institute of Standards and Technology, and the SANS Institute.
In many cases, you'll be able to simply adopt those standards in
their present form or modify them to suit your environment.
Once you've created your standards, be sure to store them in an
accessible location and communicate them to the members of your
technical staff responsible for implementing them. It's not uncommon
for PCI DSS auditors to interview system administrators to ensure your
standards are properly communicated and not just a paper exercise to
satisfy the requirement.
IPS Security Protection
Our IPS and Security solutions protect our Servers
and networks, as well as those of our customers. We have been able to
identify our attacks and actively defend our networks.
Since not every one else is equipped with our IPS, we have reported
security events to the owners of the IP networks. Most of our
responsives have been positive, even including that the systems were
compromised from other events. Isn't time that your networks included
our IPS as well?
Listed below are some information sharing links from various sites:
Reporting Agencies:
CERT Coordination Center
- Investigates and reports security issues. National Infrastructure
Protection Center (NIPC) serves as a national critical infrastructure
threat assessment, warning, vulnerability, law enforcement and response
entity.
US Cert - United States Computer Emergency Readiness Team.
Internet Fraud Complaint Center - IFCC's mission is to address fraud committed over the Internet.
InfraGard - Organization for Information Sharing and analysis.
Pittsburgh InfraGard - The Pittsburgh Infragard Member Alliance is an information sharing and analysis effort.
VPN - Virtual Private Networks
VPNs are growing in demand and occurrences. The use of the VPN
permits remote access to the Corporate environment in a secure manner.
When deployed correctly the VPN may protect the Corporate and Personal
equipment. Here are a few guides for you to consider when creating a VPN.
Our Security Certifications:
CHS - ACFEI - American College of Forensic Examiners
CISSP - (ISC)2 - International Information Systems Security Certification Consortium, Inc.
CISA - ISACA - Information Systems Audit and Control Association
ABS Computer Technology maintains professional certifications with (ISC)2, ISACA, and ACFEI. We are also active members of the Computer Security Institute.
With more than 14 years of experience in networking security, our
alliances and expertise can be one of your best assets. Your security
is not something to delay, call us today.
ABS Computer Technology, Inc.
519 Nichols Road
Pittsburgh, PA 15237
Phone: 412-635-7488
Fax: 412-635-2546
|
|
|