Introduction


Nocsult was asked to implement the security policy for a startup company looking to revolutionize the loyalty rewards market. Being a startup, the budget was very strict and the resources limited.

Basic Concepts

- Startup company looking to build a new platform for loyalty rewards processing;
- New hosting environment with two Cisco ASA firewalls in HA cluster to provide perimeter security;
- Existing basic security filters and remote-access-VPN users.


Project Requirements

- Implement a detailed security policy across all interfaces;
- Secure the remote-access users access to the internal resources;
- Re-configure the cluster from zero, and test various software bugs using NMAP and NESSUS;
- Test SSL ciphers against any known vulnerabilities and upgrade software as necessary;
- Achieve payment processing compliance.


Design and Testing

Phase 1

- Reset the firewalls to the default configuration;
- Configure the basic settings and the high availability Cisco firewall cluster;
- Write the security policy for the Outside and for all the Inside interfaces;
- Configure the VPN users and associated security policies;
- Connect to the service provider network using redundant uplinks.


Phase 2

- Test the platform and the vulnerabilities using NMAP and NESSUS;
- Upgrade the software to a new version with no vulnerabilities;
- Enable Dual Form Factor Authentication for VPN users.


Key Advantages

- Detailed planning and discussions to make sure the requirements were understood correctly;
- Efficient use of time, and delivery within the allocated budget;
- Extensive security testing before the audit, to ensure the certification is achieved from the first Card Payment Processing Audit;
- Card Payment Processing Audit and Compliance were successful and certification was achieved without any recommendations to improve the policies.