KRM provided customer support, network engineering and security engineering for a secure data network for the Department of Veteran Affairs with over 300,000 network customers, functioning through the Network Engineering, Business and Operations Support Services (NEBOSS).
Responsibilities included customer support in configuring, installing, testing, and documenting system architectures and component configurations with routers, Virtual Private Networks (VPN), firewalls, intrusion detection systems, host protection tools, and other Information Assurance products.
Help Desk Support
KRM provided Tier I/Tier II help desk staffing and support to the Department of Veterans Affairs.
Technical support included:
- Assistance with the installation/configuration of the Cisco VPN client on a Windows OS platform.
- Troubleshooting connectivity issues to the VA gateway via Cisco VPN client / SSL VPN client
- Consolidate (wildcard mask) IP address restriction on VPN client accounts.
- Assistance with the installation/configuration of host based firewall applications as well as host based Antivirus applications.
- Provide assistance for VA sponsored dial-up internet access via Sprint Remote Access for those that do not have Internet access at home. This includes the installation of the dial-up client as well as any connectivity issues a user may experience.
Our staff has utilized the following software/hardware:
- RealSecure Desktop Protector by ISS
- McAfee Virus scan 8.x
- Cisco VPN client version 4.x
- Cisco 3000 Series VPN Concentrators
- Cisco ACS server version 4.0
- Sprint ISP dialer Version 3.5.x
- RealSecure Proventia 8.0 (Host Intrusion Prevention System)
Our engineers configured/managed devices that:
- Proxy/filter outbound web requests.
- Proxy/filter inbound web requests to *va.gov destinations.
- Filter inbound and outbound SMTP.
- Manage DNS for the va.gov zone as well as configure all new inbound web requests which include DNS resolution load balancing, caching, proxying, and content switching.
- Configuring/maintain operational control of Site-2-Site VPN connections, Business Partner Gateway connections, and LAN extensions.
- Configuring/maintaining a local LAN for our primary facility as well as two backup sites.
Experience with the following software/hardware:
- Cisco PIX 506/515/525/535 running code versions 6.3.x as well as 7.x
- Cisco ASA 5540s running code version 7.x
- Cisco Catalyst 4000 and 6500 series switches – routing capabilities, switching capabilities, fire walling capabilities as well as content switching (layers 4 thru 7) capabilities.
- Cisco content engine running Release 5.5.5
- Cisco 2800 and 7200 series routers running code version 12.x
- Cisco Global Site Selector
- Cisco 3000 Series VPN Concentrators
- Cisco ACS server version 4.0 (for client VPN Authentication as well as TACACS authentication)
- Cisco 3550 switches running code version 12.x
- NetCache Appliance running version 6.x
- WebWasher CSM Suite running version 5.x
- F5 Big IP – Application Delivery Solution
- Ironport C600 with code version 5.x
KRM operates a security test and evaluation laboratory to assure that independent testing and assessment can be conducted on appropriate systems and technologies. Additionally, KRM employs the latest in vulnerability scanning, penetration testing, and analysis technologies to assure that the results include the most-current vulnerabilities and remediation methodologies available today.
Security Testing Laboratory:
Provides technical support related to Host Intrusion Protection Systems (HIPS) specifically the IBM/ISS product suite including Proventia and BlackICE. Design and support networks incorporating the following technology areas: Gigabit Ethernet and ATM switches, routers, firewalls, intrusion detection devices, VPNs, and PKI. Identify and resolve security incidents utilizing various security scanners and tools. KRM provides hands-on technical installations and troubleshooting for mission critical HIPS environments, which include HQ and National customer offices. KRM also provides technical support utilizing vulnerability scanners and application of patches including Harris Stat and Patchlink.