Through seamless exchange of information over the internet, security concerns have been raised. The three major information security areas authentication, authorization and confidentiality has been compromised via the internet through hacking, malware and spyware programs. For example, mishandled passwords or codes may lead to stealing of information from the computer systems which in essence has severe consequences in terms of individuals and the companies affected.
The pharmacy can suffer from various security threats attributed to behavioral, infrastructural and physical attributes. In this paper, the focus lies on separating security vulnerabilities and discussing their solutions.
PHYSICAL VULNERABILITIES
Physical vulnerabilities affect the physical aspects of the business. This may include
- Attack to people
- Attack to physical infrastructure such as buildings
- Attack to equipments and machines in an organization
LOGICAL VULNERABILITIES
This includes the logical aspects of security such as cyber security, virus attacks, and unauthorized network access and identity theft. These threats vary in magnitude because of the convergence of voice, video and data. Voice may refer to crowd monitoring, a gunshot in a high crime area, noise detection in a pharmacy building that is meant to be vacant during the night. Video refers to video surveillance of the building, teleconferencing sessions, video streaming and digital signage.
The video and audio aspect of the pharmacy components needs to be safeguarded against any impending risk.
Data compromise during transit such as emails, medical prescription and video communication is worrying security vulnerability. The network can also be infiltrated into and intranet, extranet communication altered. Viruses and malware are security compromises readily reported and alter the operations of computer systems. Identity theft is a form of cybercrime that the pharmacy may suffer from.
LOGICAL RISK CONTROLS
ENCRYPTION
Wireless networks will be secured through the use of 802.11i security protocol with Advanced Encryption Standard for encryption. The business requires sufficient protection of sensitive computer data and employee privacy. It will also be relevant to draft a security policy that governs data access, user privileges and authentication according to NIST and FISMA standards.
Data in the clouds pose serious security challenges, and as such, the pharmacy will secure its databases through AES encryption techniques. By establishing efficient cloud security architecture, the pharmacy will implement security management controls that safeguard the clients’ data. The company deals in a kind of data that demands highest level of trust for continued business. Given the flexibility and vulnerabilities associated with cloud computing, deterrent, preventive, detective and corrective controls should be established. Cloud information protection platforms at the company’s network edge ensure that data is fully protected before it leaves for the clouds. Other mechanisms include sufficient encryption key management and user policies.
The security protocols that are in place to protect broadband wireless connection include WEP, WAP and WAP2. Generally, wireless networks are inherently insecure and therefore sufficient security is essential in order to ensure data integrity, availability and privacy. The broadcasting mechanism of wireless networks makes it potentially dangerous to work with.
COMPUTER NETWORK SECURITYCONTROLS
In order to protect wireless computers and information contained in it, the most secure step involves reconfiguration of the default wireless router settings to safeguard the system from the hackers who have gained access to default information of most wireless router companies. Strong passwords are also essential for total protection of the system in addition to firewalls and antivirus software’s. Other measures such as updating the antivirus software’s and shutting down the computer when not are use is beneficial in keeping hackers and sniffing devices out of the computers. In order to secure personal data on the computer systems while using public wireless networks, it is recommended that file sharing features are disabled at all times.
ACTIVE DIRECTORY DISTRIBUTED FILE SYSTEM ON 2008 SERVER
Active directory provides the infrastructural structure that centralizes the network and store information about network resources across the entire domain. Active Directory uses Domain controllers to keep the centralized storage available to network users. The requirements for Active Directory Domain Services include Windows Server 2008 installation, TCP/IP and DNS configuration, SYSVOL disk drives configured in NTFS and DNS installation on the network. Normally, DFS implementation in Windows server 2008 over the network with multiple file servers within a VPN provides some common problems. These problems confuse the users and make it hard for them to access their files. If the pharmacy has many offices, users in branch offices may find it difficult to find and access files on multiple file servers and, as a result, lead to reduced production. In addition, sharing files on a single location creates network performance issues when accessed over a slow link. VPN reduce in performance when accessed by multiple users at the same instance and single point of failure when WAN links are down. Lastly, it proves hard to backup critical files and data when they are detached randomly on the multiple file servers at more than one branch location.
In order to bypass these problems, the pharmacy will use two core technologies including; DFS namespace and DFS replication to guarantee performance of the network. DFS namespace is a virtual directory tree that indicates single or multiple actual shares over the network known as targets. When a user in the branch office searches for a file in a DFS namespace, namespace is searched. In this scenario, the user does not have to search for the individual file in each server. A request to aces a file in the virtual directory tree returns a referral other than the actual file. The referral specifies the location of the DFS namespace server containing the file and the DFS client making the request retrieves it automatically.
A domain based DFS implemented will be accessed through \\pharmacy\DFSRoot and can be DC or member-server with multiple support for namespace. It requires an active directory as a storage location.
DFS Replication is a multi-master replication technique that keeps copies of shared files and folders throughout pharmacy. A folder created, modified, and deleted on one server is duplicated, updated and synchronized on all other pharmacy servers on a periodic basis in the DFS namespace. DFS replication and DFS namespace offer a host of merits in that if a file server fails, the files in the virtual DFS namespace are still available on the network through the remaining servers, thus fault tolerance (Syngress, 2006).
The technique also addresses lag and bandwidth issues resulting from VPN and WAN slow links. Since the servers may be kept at strategic locations near the branches, clients at those locations will access the files located at their local servers at high speeds compared to slow WAN links. Through Remote Differential Compression, more bandwidth is conserved by replicating only data that have recently been modified since the last replication.
The technique will also maintain file conformity within all branches of the organization as changes made in the headquarters will be replicated and synchronized in all branches. Additionally, backing up and restore mechanisms are simplified because the virtual memory tree can be backed up and restored in a single entry. Finally, DFS namespace enhances load balancing where request made to a busy server are routed to other available servers in the virtual directory tree.
VPN server file configurations contain the setting details within its memory and simultaneously save them to disk settings VPN configuration files are similar to windows registry files and are provided in an excellent configuration data format.
Config files are created under the file name “vpn_pharmacyserver.config” located in the same directory as VPN s server processes executable files. The config settings are saved in any instance the VPN server settings are changed, or its internal structure is modified. The VPN server reads the contents of the vpn_server.config when booted and returns them to the initial values prior to termination. Thus, the config settings will allow the structural settings of the VPN to be restored to the initial state prior to booting regardless of when it was shut down. In case the configuration settings are not available on the disk when the VPN server is launched, default settings are used (Alex Shneyderman, 2003).
Configuration settings have the advantage of saving all the structural data used by the VPN Server and the Virtual Hub. Since these settings hold lots of magnitude in securing the systems network, they cannot be allowed to be viewed by any other party except the VPN server system administrator located at the headquarters of pharmacy. The encrypted passwords and connection settings certificate private key are saved in the headquarters where they cannot be accessed nor edited by any user. Windows version VPN Server configuration settings are set up automatically upon installation and read/write operations is only system administrators.
DEDICATED T1 LINES
Dedicated T1 lines are high-speed digital connection used to transmit large files quickly enabling instant access to company data. It also allows for faster browsing and email communication. A bonded dedicated T1 lines is equivalent to 48 phone lines and allows for digital transmission of video and data. Thus it provides improved velocity of transmission and dependability when compared to analog phone lines and DSL services.
The pharmacy is guaranteed improved security and access to data in real speed if they implement dedicated T1 lines. Though expensive, they provide a guarantee of improved bandwidth delivery and associated features that make services worth the cost. A leased T1 trunk with a series of point-to-point technology is cheaper than high speed modems for data transport. Voice and data is linked both inter-office and intra-office to provide accessibility.
PHYSICAL SECURITY CONTROLS
SECURITY POLICY
An information security policy is a set of guidelines and standards that define the behavior of how the pharmacy resources will be handled and managed. An example of a security policy that the pharmacy can implement is as shown.
IT ACCESS CONTROL POLICY
4.4 Network Access control
4.4.1 Network use Policy
The pharmacy will provide connection to the network for the purpose of treatment, research and learning. Network access should be used for academic purposes alone. Students will be granted access to permitted networks while other networks will only be accessed after specific authorization has been granted (Gildas Avoine, 2007).
4.4.2 Authentication for external connection
All remote users will be authenticated in order to access information resources such as patient details and prescription. The Chief Security Officer will be responsible for providing this service.
INTRUSION CONTROL
Intrusion detection tools are classified into two; host intrusion detection and network intrusion detection systems. The principal roles of these tools are to provide round the clock monitoring and communication systems that detect, alert and block suspicious traffic on a critical network.
It is understood that the deployment of HIDS and NIDS on critical devices and networks is a crucial step for your business or individual needs. A tailor-made and correct choice will provide you with the best protective and preventive measures for your organization to facilitate quicker response and better forensic data for your security purposes. Thus to provide these solutions and services together with validated updates and signatures as part of dispatch subscription so that they can be implemented in the best method that suits your needs.
LAWS AND REGULATIONS
In the United States, for instance, the Department of Defense prosecutes cases of identity theft and fraud. The congress passed Identity Theft and Assumption Deterrence Act which prohibits the use or transfer and without legal authority a means of identification of another person. The transfer must be unknowingly and with the intention to commit, abet or aid unlawful actions that constitutes the violation of the law or constitutes felony. The offense in most situations carries a punishment of 15 years imprisonment and a fine. It also led to criminal forfeiture of the personal property used to commit the offense.
References
Ciampa, M. D. (2011). Security+ Guide to Network Security Fundamentals. Cengage Learning.
Glenn R. Lowry, R. L. (2007). Information systems and technology education. Idea Group Inc .
Haley, E. P. (2006). Over-the-Road Wireless For Dummies. John Wiley & Sons.
Kramer, F. S. (2009). Cyberpower and national security. Springer.