Introduction
An organization’s network system is a critical asset that needs maximum security. Network system security involves both physical and logical security. For a company, it ensures security of its network system they have to invest heavily in security. The rate at which automation is done in the business sector is extremely rapid. It, therefore, calls for intense network system security to ensure that the individual’s business and financial information are secured. The most significant information in a pharmacy business is the information concerning the customers, financial information such as billing data and the employee’s information (Rittinghouse, 2009). The information, or rather, data should be kept in the datacenter where proper mechanism is supposed to have been implemented to ensure that the data is protected and preserved. In addition, access to this information should be restricted so that the organization’s data integrity is maintained.
Potential physical vulnerabilities and threats
Physical threats
The most prevalent physical threats are:
- Physical theft of information system assets. Physical theft is where the company’s information system asset such as hardware or data is stolen. For instance, a puppet master access the premise and exploit the physical vulnerability to steal the router
- Physical destruction by fire- A fire can destroy both hardware and data in case there is a fire breakout in the pharmacy’s premises
- Physical destruction by natural calamities. For instance, lightning and storm.
- The company’s asset can also be lost in a terrorism incident.
Physical vulnerability
The most common physical vulnerability is lack of adequate physical security. Compromised physical security gives room for thieves, unauthorized individuals and terrorist. On the other hand, fire breakout can occur as a result of faulty electricity connection, explosion as a result of reactive chemicals in the chemist.
Potential logical vulnerabilities
Potential logical threats
The first Potential logical threat is malware. This is a malicious code that is built to, illegally, obtain, track, and block the right of a user to get access to the system. An example of this threat is where someone or an individual tries to log on to the system or a website like an email account, but the system or the site fails to authenticate the user.
The second logical threat is SQL injection. This is a unique threat that targets the web pages of the system application. It cuts down the communication between the database and the system application interface. This threat is common in an organization where system implementation is taking place. An example is a situation where an attacker alters the name of the database and hence disconnects it from the user interface.
The third threat is abuse of system access rights. This threat is mostly executed by the employees in a company in and intention of vengeance or sabotage. Detecting such issue is cumbersome since the intrusion will be taking place internally and hence task tracking may be a challenge. The employees use his or her right to access the system to make alteration and modification of data with the intention of financial gains. An example is in an employee, in the IT department of a water providing company. This employee can change the figures of some customer details then liaise with the holders of those accounts for payment.
Another threat is where the rogue user gets illegal access to the system via weak ACLs or when the configuration of an ACL is done wrongly. This gives a loop hole to attackers to get access to the system and perform destructive tasks. These tasks can hinder the operation of a system or event can result to complete denial of services
Potential logical vulnerabilities
Logical vulnerability is the use of weak passwords. The risk mostly affects the system users who give commonly known and password as default credential is unauthorized access via default credential. A good example of this is where the system administrator in an institution put the name of the college as both and password. This is extremely vulnerable to attackers because they capitalized the idea of using the default credentials that are related to the institution. . Anyone who come within the coverage and has the intention of cracking this password can succeed.
The second vulnerability is a violation of acceptable system user policies. In some companies, the system once logged in by the user will remain on till logged out. A user can negligently abandon the system while logged in and go out this can give an opportunity to an unauthorized person to access the system and facilitate any harmful event like altering the data with the intention of causing an embarrassment to the company or the owner. An example of this is where somebody forgets to log from his email account, and another person comes and send abusive or vulgar mails to some group of people. This can be a detriment to the user’s attribute because everybody believes that the message comes from the rightful owner of the account. To eliminate this threat, everybody should be careful while using such system. They should be alert by ensuring that the log-out process has been affected anytime so that their sessions of the system use is terminated promptly.
Potential vulnerabilities in the documented network
It is evident in the current network system that there are no backups of the organization’s data. According to Clausio (2006), a company that overlooked the significance of creating backups that are review in a regular basis is doomed. The company, therefore, should create a backup of all the data that are in the network system. This can be done by creating a server-side backup of the important data, clowning the servers
The documented network lacks network redundancy. The network component given in the document does not provide for an alternative network system in case the main network system fails.
The second vulnerability is enforcement of weak cryptographic algorithm. This is security vulnerability because cryptography is the primary mode of encrypting the passwords used to access the information system. The issue with weak encryption is that the threat can generate a plaintext from the representation that is used in encryption. In addition, emerging technologies can be used to crack a ciphertext that was previously strong.
Another vulnerability in the documented network is insecure bootstrapping. From my analysis of security issues, initializing a system has never been an easy task. It is evident that the security measures that are established in most system do not cover the booting process well. A excellent example is where a command that is run in one of the application workstation can boot the server that runs on Sun operating system. It can also enable booting a system that runs in MS-DOS using a foreign OS. It is impossible to detect the files that have been installed or loaded by foreign operating system.
Another possible vulnerability in the documented network is an authentication protocol that is weak enough to be bypassed by a user who is not authentic. Most authentication credentials are common words or phrases that are not secret to the people one works with, in addition, some computers that are in a distributed environment cannot achieve maximum authentication since the authentication credential is known by the system and someone who has an advanced knowledge in the field can access it
There is also system inefficiency due to high traffic the need by the users to gain access of the resources of the system rapidly. The main challenge is being able to meet the demands of employees who are flexible and at the same time making sure that the security process that is laid down in the enterprise is not compromised (Damgård, 2009). When there is change in a department or reassignment of a project to the workers, a lot of time is wasted during the transition period since the devices that were used by individuals whose position has been changed need to be reconfigured.
Potential impact the identified physical vulnerabilities and threats to the network and the pharmacy
The most prevalent impact of physical threats is the loss or destruction of the company’s critical information. The reputation of the pharmacy can be compromised as a result of insecure information system’s physical security. For instance, the customers can sue the company if the medical information get lost or falls into the hands of unauthorized individuals. The customers can also stop buying drugs from the pharmacy. This can affect the overall operation of the company.
Denial of services-all physical can cause a denial of service of service to the pharmacy. Denial of service is a situation whereby the employees or the customers fail to get the required services from the system. Denial of service compromises the key information technology security principal (availability).
In addition, the company will incur losses due to physical threats. Though some losses are not controllable, the company is responsible for any inconvenience to the customer.
Adequate physical security exposes the company’s information system assets to various threats that are can be detrimental to the business. The most prevalent impact of compromised physical security is theft of the company’s information system assets, destructions through various means such as terrorism, fire outbreak and unauthorized access of the assets Unauthorized person can carry various destructive activity on the system.
Lastly is the accuracy during configuration user privilege Windows 2008 Active Directory Domain Controllers configuration. This can be as a result of configuration’s negligence. It is evident that not all security features that are recommended to be activated in the configuration process are activated. This is because the process of activating these security mechanisms takes some time and as a result, it is bypassed and hence rendering the system vulnerable to threats. In addition, there are malware that are dangerous and can cause damages (Partners, 2000).
Potential impact of the identified logical vulnerabilities and threats to the network and the pharmacy
There are impacts of logical threats to an information system revolve around the four fundamental security components.
Unauthorized access of information system can lead to alteration of the business information such as patients’ data, financial records or drug records compromising the integrity of the pharmacy’s information system. The same applies to misuse of system access rights.
The malware threats can cause complete denial of service by making the information system unavailable to the company. For instance, a Trojan horse virus can delete or modify all the patients’ data. This will affect the entire operation of the pharmacy. Some malware monitors the system and records personal information then transmit. This information can be used by individuals with malicious intentions.
Strategy for dealing with physical vulnerabilities and threats
- Implementation of secured information system infrastructure
The Security challenge that company’s management face is ensuring that the security of their sensitive information is achieved and guaranteed at the simplest way possible, as such they should look for a way of ensuring the data is stored in a place where the information cannot get out in any way. The best way to do this is keeping the data in the datacenter so that that sophisticated tools for watching, controlling and monitoring can be used. In addition, there are EISA policies that regulate access to sensitive data location (Palmer, 2010).
Strategy for dealing with logical vulnerabilities and threats
Major areas that an organization should work on to ensure data and information security in their system are confidentiality, integrity and availability. Information confidentiality enables the organization’s sensitive information to be a secret so that it does not fall into the hands of unauthorized persons, for example, the competitors. Information integrity ensures that the data that are stored is accurate and serves the purpose and is always up to date. Data availability enables information to be present any time the organization required. This is by preventing any vulnerability, for example, denial of service
The use of firewall is also necessary because there is some information that are supposed to be known by the management only. Hence, the information that the other employees get should be filtered. In their network, there should be two firewalls: enterprise firewall and DMZ firewall that are used to facilitate data confidentiality by filtering the information that the some employee’s access. In addition, the entire workstation computer should have the latest version of anti-viruses to deal with upcoming viruses.
The solution to curb this access control is using access gateway from Citrix. This gateway is the most secure remedy for access control. It can be placed as a component Citrix platform that combines a variety of performance and security component or as a SSL VPN that is dedicated to one component (Blokdijk, 2008). This gateway uses SSL/TLS standardized encryption. This is to ensure that the configuration across the network that is based in the headquarters and at the same time facilitate a user authentication that is dual-factor. It is also crucial to use access gateway as the only way to access the data in the datacenter. This is for every workstation used by the healthcare and employees in the headquarters facilitate a secure connection via encrypted and secure media that ensure network and information security.
Vulnerability to unauthorized system access can be prevented through desktop virtualization. One of the solutions that have been design by Citrix to ensure desktop virtualization IS Citrix XenDesktop. This technology uses granular policies. This technology separates the interaction of the end uses that are using virtual desktop and other application from the partition where these programs are installed. All the work station computers users make use of virtual replication of the critical data. When they make any alteration, the changes are facilitated via the network to the database in the datacenter. This design enables continuity in the business through various configurations of networks and hence secure data by preventing any data losses.
Another tool is performance-tracking tools like those used to track and rate the DNS server tasks using system tracker, for example, are the statistical counters. A platform SDK for a system also has the tools that can be used to troubleshoot the DNS. For example, a network application that uses Java can be troubleshoot using the jdk. To ensure this, component of the site should have a way of tracking the data that pass, through the network, in order to curb all the cyber crime that may be involved. Windows Server backup and restore are the components of windows environment that enables one to create a backup and retrieve the data or information using the windows properties. Active Directory backup and restore is where a backup is created within the system using system properties that are related to each other. For example, system start-up files and system registry files, Active Directory defragmentation s where the administrator used the group policy group objects of the active directory to split and manage the different groups of computer users
Controls for identified physical vulnerability and threat
\Enhancing physical security- the management should improve its physical security by installing CCTV camera in the premise. The CCTV camera should be linked to a central monitoring system where all the movement in the premise is monitored.
The management should also install lighting arresters to curb lightning. In addition, a biometric system should be installed, at the entrance to the computer room, to check the authenticity of the individuals entering.
Lastly the management should develop a policy document that governs individuals who engage in any illegal action on the system. For instance, the punishment that an individual who engages in any unauthorized activity on the company’s information system should be made extremely severe.
Controls for identified logical vulnerability and threat
The Cisco network security configuration at the network level can be used to prevent the threats that target the organization’s network system. 2800 Cisco routers can be used to control traffic into and out of the network. The Cisco routers also provide redundancy, Cisco ASA 5510 firewalls and a pair of CSS1150. To enhance the network redundancy, the servers that are in the network should be paired such that the data that are in the database is clowned. Clowning is one way of creating a backup by building a replication of the server (Partners, 2000). This replica is not active, but it is always updated, after certain intervals, to ensure that the data stored in it is up to date. In addition, there is an independent router that that facilitates redundancy of hardware by making use of a technology called BGP in exchange of data with the internet server protocol.
Violation of acceptable system user policies can be eliminated by having in place effective user policy document. Another way is creating awareness on the importance of strictly observing organization’s user policy. The employees should be careful on how to use the system. This is by ensuring that the log out process has been affected anytime one quits from using the system.
The company also needs to review that access right that is facilitated by ADSL router. This is to make sure that there is no one that access the network from outside. Since the firmware or the program that runs in the router is those that belong to the external contractor, they should be restored to the default firmware that was installed by the company which manufactured the router. The configuration settings of the firmware programs should also be changed so that it only provides access to users that have the right (Contentin, 2005).
In addition, the company should increase the number of the firewall to further filter the information or data that get to some individual like the external contractor. In some instance, it is necessary to have one route of accessing the internet since some devices like port 80 can provide the access of the internet without the content passing the router.
References
Middleton, B. (2005). Cybercrime investigator's field guide. Auerbach Publications.
Ransome, J., & Rittinghouse, J. (2009). VoIP security. Digital Press.
Rosenberg, R. S. (2006). The social impact of computers. Emerald Group Publishing.
Salomon, D. (2007). Data privacy and security. Springer.
Trevor, J. (2011). Cyber Threat: Improving Prevention and Prosecution" Hearing Before the Subcommittee on Technology, Terrorism. General Books.
Wall, D. (2009). Crime and the Internet. Routledge.
Wiles, J., & Cardwell, K. (2007). The best damn cybercrime and digital forensics book period. Syngress.
Yar, M. (2006). Cybercrime and society. SAGE.
Bazaar, B. (2011). Operating system security Enhancement. BiblioBazaar.
Damgård, B. (2009). Modern cryptology in theory and practice. Springer.
Straub, D., & Baskerville, R. (2008). Information Security: Operating system security implementation. M.E. Sharpe.
Palmer, M. (2010). Guide to operating systems security. Course Technology.
Partners, C. (2000). Operating system security. Certification Partners, LLC.
