← HSE Vodafone Quality Management OrganizationEnterprise Security →

A Small Pharmacy: Ways to Mitigate the Risks


In this project, we are going to identify and analyze the potential loopholes and security threats involved in operating a small pharmacy located in a local shopping mall, which is equipped with a Firewall server, a Windows 2008 Active Directory Domain Controller (DC) file server, and four desktop computers with a dedicated T1 connection. Also, for each of the physical and logical vulnerabilities and threats identified, this writing is going to develop strategies for dealing with the risks.

Security threats called access control methods involved in this business are divided into two categories, and will be discussed and analyzed as we continue. The categories are physical vulnerabilities and logical vulnerabilities.

Get a Price Quote
Title of your paper
Type of assignment Writer level
Spacing Timeframes
Currency Pages
First order only:

Physical vulnerabilities are security issues that have to do with physical accessibility to the building, funds, medications and information located in the pharmaceutical store. Gain of access to facilities or equipment is the initial threat that has to be controlled because, if unauthorized persons should gain access to the facilities, they might destroy or edit them, steal them or get the information they should not have gotten. The logical vulnerabilities and threats are the security issues that have to do with gain of physical access to the network, unlike the physical access control. which prevents access to the building and other facilities in the pharmacy.

Physical Access Control

In order to control access to the premises of the pharmaceutical store, all network wiring and communication equipment including routers, switches, computers, file servers firewall etc. should be kept out of reach of unauthorized persons by using required access control methods. The following measures that should be put in place are divided into the following categories:

  1. Human form of physical access control: In this type of physical access control, people monitor the entrance/exit to the pharmaceutical store or the premises in the form of security guards, receptionist etc.
  2. Electronic/Mechanical form: In this form of physical access control, locks and keys are used to manage access to the shop. All information resources, drugs and hardware should be kept in locked spaces or cabinets (Hattersley, Perkins, & Dolph, n.d.).
  3. Electronic/technological form of physical access control: In the electrical form of physical access control to the pharmacy, alarm systems, exit checks and intrusion detection systems including keyed physical access cards should be put in place in order to persons based on their role or function e.g. sales cashiers, buyers etc. Surveillance systems should also be installed so that every movement, repairs and maintenance work in and around the pharmacy will be tracked and logged.

Logical Access Control

As earlier mentioned, the logical access control has to do with controlling access to the network or programs in the pharmaceutical store, which has been equipped with a network of four desktop computers, Firewall, file server, dedicated T1 connection and a Windows 2008 Active Directory Domain Controller (DC) file server. There are three stages in achieving this goal which are discussed below:

Identification: This is the activity of the user to provide his or her identity to in order to gain access to the network as an authorized user. Some mechanisms used in the identification process are: the username, identity card, password, account number etc.

Authentication: This means validating the identity of users to know if they are authorized users or not, using cryptographic key, PIN numbers etc. As a user, you have to prove one of the three major characteristics of authentication or a combination which are: you need to prove what you have (e.g. a card), what you know (e.g. username), and what you are e.g. fingerprint (Allen, n.d.). There are so many mechanisms for authentication that have different levels of strength and weaknesses which are discussed below.

Password: Password is a combination of characters which form a unique string for each user that is used for authentication. It is the most common and most insecure method compared to other authentication methods. There are two main types of attacks on passwords. The first is the brute force attack, where a tool is used to try all possible sequences and characters until the password is uncovered. The second type is the dictionary attack where an attacker captures a hashed value of a password file and compare with each word that has been preloaded into the tool until it finds a match. The following practices should be implemented as part of general security policy for all authorized users of the network and the equipment:

  • The passwords must not be shared.
  • They should not be dictionary words and not be easily guessed.
  • Passwords should be changed after a short period of time.
  • All passwords should have at least eight characters, which must be a combination of alphanumeric keys and symbols with a combination of upper and lowercase.
  • There must be a limit to the number of unsuccessful login attempts and the record of all attempts.
  • Users should not repeat the same passwords.
  • Passwords should be encrypted with the encryption algorithms.
  • Intrusion detection systems should be installed in order to detect attacks.
  • Password files should be properly kept and protected (Harris, 2002).

Cryptographic keys: This could be an alternative to the use of passwords because it is a private key that is available to only one authorized user for authentication purposes. These private keys are also used to create digital signatures to authenticate users.

Biometrics: Biometrics could also be used for authorized users’ authentication though the systems are usually more expensive compared to other methods, but more reliable. Some examples of biometrics are fingerprints, voiceprints, palm scan, retina scan etc. The accuracy of biometric systems is evaluated using two measurements: the type 1 error and the type 2 error. The type 1 error means false rejection and it should reject a user that should be allowed to access. Type 2 error is false acceptance; it allows access to unauthorized users. The combination of the two error types is called the crossover rate which is the point at which type 1 error is equal to type 2 error. The lower the value, the higher the accuracy of the system (Harris, 2002).

Authorization: Authorization means granting access to authenticated users and

Permission to perform some tasks based on the set access rights (Harris, 2002). This helps in determining what exactly authenticated users are allowed to do and the information they can have access to. After authorizing users, there is an important concept that should be considered, which is granting the least privilege to authorized users. Applying these principle means, minimum access should be granted to authorize users to make them perform only the tasks assigned to them.

Since we have the general knowledge of the logical vulnerabilities and threats associated with this pharmaceutical store and the general ways to control logical access to the store, we should then look at the significance of the access control devices already available in the store in relation to the access control mechanisms already discussed. In doing this, we could apply the concept of Access Control List (ACL) on the network access devices by splitting it into File Access Control List and Network Access Control List.

The Windows 2008 Active Directory Domain Controller (DC) file server is an operating system designed to be an interface between users and the computers, it can be configured to provide both the File Access Control List and the Network Access Control List, but does not provide advanced control measures. As a result, a special File Access Control device (the file server) is installed, and special Network Access Control devices (the router and firewall server) are being installed in the pharmacy.

File Access Control List is the access control, implemented on the file server, which controls access to files and file systems. In most file systems, there are always three permissions that could be granted which are read, write or execute. This means, user could either be permitted to only read the files, write to the files or directories or execute the executable files.

The Firewall and the router installed should be configured to provide network access control by implementing Network Access Control List. Permission in this type of access control list has a binary nature, and one of the most common forms of network access control list is the MAC address filtering. MAC address is a unique network device identifier, and filtering network devices, using their MAC addresses, is very significant in controlling access to the network. Also, we can implement port filtering because some services and application ports are being used to communicate through the network. So, denying access to those ports that seem to be vulnerable is very important (Andress, 2012).

Attackers are also extremely creative in trying to gain access to useful information and resources, and they always come up with ways to gain access to security controls. Some of the special ways they attack or threaten organizations are mentioned below and also with ways to avoid the same effect in the case of the pharmaceutical store.

  1. Sniffing: This is a passive form of attack where an intruder tries to monitor the network in order to gain some information that could help in planning an attack. This can be avoided by encrypting the transmitted data using special algorithms.
  2. Man-in-the-middle attack: An intruder tries to gain access to a conversation between authorized users from a remote location in order to read the messages being transmitted. This can be avoided by using sequence numbers and digital signatures in transmitting information.
  3. Ping of death and Teardrop: This is a DOS attack where oversized packets are sent to host computers which may reboot or freeze them. This type of attack can be avoided by patching the systems and configuring ingress filtering to detect the oversized packets (Kissoon, 2006).
  4. Fake login screen: Fake login screens could be installed on a victim’s computer and the user then reveals the credentials by trying to login. Host-based Intrusion Detection Systems should be installed to detect such attacks.
  5. Emanation attack: In this form of attack, attackers try to intercept electrical signals that are being radiated from the network and terminal devices using special tools of extraction information from them. In the case of a pharmacy, this attack can prevented by emitting a uniform spectrum of random electrical signals into the environment to jam other signals released, and also control zones can be used to stop the signals as they leave the equipment (Harris, 2002).


In conclusion, one of the most important things to consider in every business or organization is security. In this project, we analyzed the security threats and vulnerabilities associated with operating a small pharmacy, and also ways to prevent or control unauthorized access considering cost and the level of security needed.

Related essays

  1. Enterprise Security
  2. Women, Science and Technology
  3. HSE Vodafone Quality Management Organization
  4. The Invention of the Light Bulb