Home of ABS Computer Technoloogy, Linux and Security Consultants Network Security solutions from our security experts Security solutions for Internet and Network technologies Some of our services for Linux, security, and hosting Contact us









Bookmark and Share

 

Best of Pittsburgh Award for Systems Engineering Consulting

 

Accept Credit Cards Online

 

Security

ABS's security strategy programs are client-centered, reflecting the needs, business patterns, and direction that are unique to each enterprise.

One of the Key approaches to protecting your network is our 'Layered Defense' approach. 

Our layered defense approach offers better protection for your servers and network.  Integrating the layered defense with your HP OpenView suite will offer the Best defense for your network, system wide. 

Integrating HP OpenView with our Layered Defense will provide instantaneous protection across your entire network.

While our specialty is Cyber-Security, proper Processes and Policies will support your efforts in Physical security as well. It is important for you to remember that Security is an evolving process, not something that you can install and then forget about it.

We use both OpenSource and Commercial products to implement a Reliable Defense environment to mitigate risk of intrusion from motivated attackers from both External and Internal sources. While many companies are focusing on Firewalls, these efforts are more a distraction, than they are a cure. We can discuss these issues with you more, in a personal visit or Consultation.

 

Security Notifications

Pennsylvania is just one of many states that have adopted a Breach of Personal Information Notification Act. This Act requires organizations to notify it's customers when they have been compromised, and their personal information has been lost or stolen, exposing them to identity theft. If you use the internet, Security is more than just an appliance or a firewall, it is essential. We have the experience necessary to evaluate, design, deploy and implement improved security solutions for your company.

Wireless Intrusion Prevention System

Recently the Department of Justice indited 11 individuals in the largest international credit card/identity theft crime of more than 40 Million people.  The crimes were not from people breaking into buildings, but rather from wireless intrusion or war driving.

The TJ Maxx, Boston Market, Barnes & Noble, Office Max, DSW,BJ's Wholesale Club, Sports Authority and Forever 21 crimes were all invoked with the use of invading wireless networks.

The security and integrity of your networks are severely compromised as soon as you introduce a wireless connection point (Access Point, Wireless Routers ....).  Tools are readily available via multiple sources to invade and penetrate the wireless environment.

We have tools that will stop the Hackers from breaking into your network, and prevent your employees from accessing unauthorized wireless access points ourside of your environment as well.  

Security is much easier and cheaper to implement before a breakin, and it will protect your company's brand identity as well.  Attempting to correct all of the issues after a breakin, may become an insurmountable task. 

Payment Card Industry Data Security Standard

These events have created what is now known as the PCI DSS or the Payment Card Industry Data Security Standard.

There are many components for compliance, two of the requirements are:

  1. Building and maintaining a secure network
  2. Protect cardholder data

If you accept consumer credit cards or utilize credit card services, your systems should be audited for the possibility of a breach, or intrusion of your systems.  Imagine that you had an intrusion, who would you call then?  Call us before you do, and we'll secure and protect your business and it's operations.

PCI DSS security standard requirements

PCI security requires that you implement a set of documented standards when configuring security and networking devices used in your card processing activities. Specifically, you'll need to create standards that:

  • Specify parameters for firewall-based perimeter protection and include process. descriptions and a network diagram.
  • Require a firewall at every Internet connection and isolating every DMZ.
  • Dictate the use of a formal process for managing firewall rule-base changes, including the documentation of business justifications for each rule.
  • Mandate semiannual firewall rule-base reviews.

Creating firewall and network device standards is only the beginning of the implementation. You'll also need to create standards for all other system components that require your technical staff follow practices such as:

  • Implementing a single function per server.
  • Disabling unnecessary and insecure services, protocols and functions.
  • Configure security parameters according to business requirements and best practices.

There are a number of resources available to you to get head-start when creating your security standards. Before you implement any changes, you should review the standards by the Center for Internet Security, National Institute of Standards and Technology, and the SANS Institute.

In many cases, you'll be able to simply adopt those standards in their present form or modify them to suit your environment. Once you've created your standards, be sure to store them in an accessible location and communicate them to the members of your technical staff responsible for implementing them. It's not uncommon for PCI DSS auditors to interview system administrators to ensure your standards are properly communicated and not just a paper exercise to satisfy the requirement.

IPS Security Protection

Our IPS and Security solutions protect our Servers and networks, as well as those of our customers. We have been able to identify our attacks and actively defend our networks.

Since not every one else is equipped with our IPS, we have reported security events to the owners of the IP networks. Most of our responsives have been positive, even including that the systems were compromised from other events. Isn't time that your networks included our IPS as well?

Listed below are some information sharing links from various sites:

Reporting Agencies:

CERT Coordination Center - Investigates and reports security issues. National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, law enforcement and response entity.

US Cert - United States Computer Emergency Readiness Team.

Internet Fraud Complaint Center - IFCC's mission is to address fraud committed over the Internet.

InfraGard - Organization for Information Sharing and analysis.

Pittsburgh InfraGard - The Pittsburgh Infragard Member Alliance is an information sharing and analysis effort.

VPN - Virtual Private Networks

VPNs are growing in demand and occurrences. The use of the VPN permits remote access to the Corporate environment in a secure manner. When deployed correctly the VPN may protect the Corporate and Personal equipment. Here are a few guides for you to consider when creating a VPN.

 

Our Security Certifications:

CHS - ACFEI - American College of Forensic Examiners

CISSP - (ISC)2 - International Information Systems Security Certification Consortium, Inc.

CISA - ISACA - Information Systems Audit and Control Association

ABS Computer Technology maintains professional certifications with (ISC)2, ISACA, and ACFEI. We are also active members of the Computer Security Institute.

With more than 14 years of experience in networking security, our alliances and expertise can be one of your best assets. Your security is not something to delay, call us today.

 

 

ABS Computer Technology, Inc.
519 Nichols Road
Pittsburgh, PA 15237
Phone: 412-635-7488 
Fax: 412-635-2546

 

Contact Us - Home - Site Map
© 2005-2013 ABS Computer Technology, Inc. - All Rights Reserved
SpamZapper® is the registered trademark of ABS Computer Technology, Inc.

Site Design - Marc Dorsett Graphic Artist