Embed Size (px)
DESCRIPTION
Medical Facility Network Design. Presented By: Chelsea Collins Kara James Eric Lopez Trevor Norwood. Medical Facility Needs. Required 99.99% system uptime Medical r ecord access 24/7 Up-to-date information sharing between staff 225 Users on Network 180 Laptop Users. Network Policy. - PowerPoint PPT Presentation
Citation preview
Medical Facility Network Design
Presented By:Chelsea CollinsKara JamesEric LopezTrevor Norwood
Medical Facility Needs Required 99.99% system uptime Medical record access 24/7 Up-to-date information sharing between
staff 225 Users on Network 180 Laptop Users
Network Policy The configuration and design of this
network was created with the intention being as reliable and efficient as possible. Since the Hospital is required to run continuously, these network policies reflect the importance of the patient’s reliability on the network and corresponding technology.
Network Policy: Printing Services Each printer will be assigned an IP
address with a password to access through FTP, and will be assigned to the closest workstation within the facility.
The passwords assigned to access the FTP server will follow the strict password guidelines. Printing services should be used for Hospice Medical Facility purposes only.
Network Policy: Internet Access All users must have a designated user name
and password to be able to access the Internet Internet usage will be constantly monitored to
reduce security threats and protection of the Network.
The Internet should be used for Hospice Facility research and communication purposes only.
Remote access is only allowed to request or access required information by a certified user
Network Policy: Administrators After research of users and access
restrictions, the IT department will assign authentication levels to certain users
The only staff that will be given full credentials with no restrictions will be the IT department.
All Patches will be made Mondays at 6am or during a time the network will be used least
Network Policy: Account Guidelines
User Accounts: First Name Initial Full Last Name Last two digits of year of employment If all guidelines overlap for 2 users, begin
adding letters of alphabet Administrator Accounts:
“.admin” Example: Elopez12.admin
Network Policy: Storage Email is limited to 25 MB per account
and is stored on the mail server It is important to only store information
that is related to the Medical Facility
Network Policy: Hardware Dell Vostro 430 Mini Tower desktop
computer Each workstation will also be equipped
with a Cisco landline phone. CISCO SPA525G
Laptops: Those who wish to acquire a laptop may request one through the IT Department
Network Policy: Software Windows 7 Microsoft Office 2010 Professional Adobe Acrobat Reader Bit9 DropBox Palo Alto Firewall Symantec Endpoint Protection
Network Policy : Device Placement
Dedicated room on each floor for a switch. All Switches are wired to a single router
located on the first floor. The first floor will have its own WAP
exclusively for purposes of lobby and registration.
The second and third floor will share a separate personal WAP.
Network Policy: Protocol Standards
Protocols such as Telnet and TACACS, along with any other remote access protocol, will be blocked from workstation computers
FTP and other such transfer protocols are only allowed to be used with the combination of SSH, considering the clear text of FTP is not the most secure, and as such will be monitored.
Network Policy: Environmental Issues
The dedicated servers for the network will be contained within a temperature-controlled room to remove the possibility of overheating.
A constant temperature of 70* Fahrenheit is suggested, as well as the average humidity around 55%.
Detection systems Surge Protectors EMI issues can also be avoided through the
use of shielded cables
Security Policy Security for the Medical Facility is
extremely important because they hold very sensitive medical record information on all of their patients. We must take certain measures to ensure the safety and protection of patients and their information.
Security Policy : Access Control
Protect misuse of informationAdministrators,
Level 1, 2, and 3 Users
Requiring Authentication process for these users by the IT Department
Security Policy: Authentication Process
The IT Department will give permissions and roles for every employee.
Each user will be given credentials to access systems based on their roles with the Medical Facility.
No user will be given access to data that they do not need for their job
Security Policy: Physical Access Alarm System Photo Identification- smart card access
cards with key information Closed-circuit television camera system Weapons Screening systems Security Guards Two-way voice communications
Security Policy: VPN and FirewallsVPN
Certified members will be given credentials to access a VPN
Should only use the VPN while on a secure and authorized device
Firewall/Antivirus Symantec Endpoint
Protection Software Virus scans should
be performed daily. Updates to
software should be done weekly
Security Policy: Passwords Strong passwords must be used Requirements:
Must be 8 to 14 characters Both upper and lower-case letters At least one special character (!@#$%^&*) Must be required to change password every
6 months No sharing of passwords or writing down
passwords
Security Policy: Encryption Encryption is an essential part of
keeping information secure. Encryption should be used on all devices
and media types that contain sensitive data: Laptops, Desktops, Flash Drivers, CD’s and DVD’s, External Hard Drives, Portable Hard Drivers, E-mails and all file attachments
Encrypt all data going across the network
Symantec Endpoint Protection software
Security Policy: Vulnerability Checks
System logs should be stored onto the server and regulated by a log analyzer in the IT Department.
Vulnerability checks should be performed weekly to check for any serious security flaws that may be present in the network
Security Policy: Back-ups Backing up data can help with
prevention loss but also with security of information. Providing back-ups of logs and data make it possible for security audits to be performed if it is ever needed
Back-ups should be timed to automatically perform several times a day
Disaster Recovery Policy Goal:
To minimize the potential for information loss, legalities from information loss and get back fully operational after a disaster.
Three aspects Loss prevention During disasters After disaster
Disaster Recovery: Loss Prevention
Setup Cloud Storage Office 365 Salesforce
Accounting and payroll software
Backup onsite files 4x 9am, 12pm, 3pm and 7
pm Send backups offsite
twice per week Wednesdays and Fridays
Insurance
Malware attacks/intrusions Firewall Bit9 Microsoft Intune Barracuda Server
Install Cameras
Disaster Recovery: During Disasters
Natural disasters Evacuate personnel
Away from equipment Shutdown breaker
Information attack Take infected devices off network
immediately Minimize damage/possible infections.
Recovery: After Disasters Assess damage losses Implement solutions for replacements
Utilizing insurance Creating budget for hardware replacements
Restoration Restore data from backups Replacing damage hardware Get back full operation ASAP
Recovery- After Disaster Information attack/intrusions
Determine the malware or type of attack on systems.
Check to make sure attacks did not affect any other devices.
Run the proper malware software to quarantine or remove threat.
Budget
Appendix A: Physical Diagram
Appendix A: Physical Layout 1st and 3rd Floor
3rd Floor
PrinterElevator
Stairs
Switch
Appendix A: Physical Layout 2nd Floor
2nd Floor
PrinterElevator
Stairs
Switch
Appendix B: Logical Diagram
Appendix C: Network Operating System RecommendationsRed HatNovellMicrosoft
Red Hat Number of clients supported: Unlimited (as long as hardware is
capable) Number of processors supported: 32 Minimum and suggested hardware specifications: 1.5 GHz,
768MB RAM, 10GB Disk Space Support for SMTP, HTTP, DNS, File & Print and Remote
administration: SMTP: Included HTTP: Included DNS: Included File & Print Support: Included Remote Administration: Included Support for Windows, Linux, UNIX & Apple clients: Included Back up capabilities: Included Security Features: Open Directory & Kerberos Licensing: $1,499 per year (starting) Support Services: Phone support, web support, unlimited incidents
Why Red Hat The reasons for Red Hat being our first choice is
because Red Hat provides operating system platforms, middleware, applications, management products, support, training, and consulting services.
Linux operating system overall is more secure Failover Redundancy Backup features Some interoperability which makes for a more
efficient environment.
Novell Number of clients supported: Unlimited (as long as hardware is
capable) Number of processors supported: 32 Minimum and suggested hardware specifications: 1.5 GHz,
768MB RAM, 10GB Disk Space Support for SMTP, HTTP, DNS, File & Print and Remote
administration: SMTP: Included HTTP: Included DNS: Included File & Print Support: Included Remote Administration: Included Support for Windows, Linux, UNIX & Apple clients: Included Back up capabilities: Included Security Features: Open Directory & Kerberos Licensing: $799 per year (starting) Support Services: Phone support, Unlimited technical Support, web
support, 4 hour incident response time
Why Novell? Novel has a broad range of support options
and tools available, including cross platform support for Windows, Linux, and Mac clients.
A centralized server deployment which allows administrators to manage server upgrades from a single location.
Allows Microsoft Active Directory-based applications to authenticate directly from Novell eDirectory.
Microsoft Number of clients supported: 32 Number of processors supported: 256 Minimum and suggested hardware specifications: 1.4 GHz,
512MB RAM, 10GB Disk Space Support for SMTP, HTTP, DNS, File & Print and Remote
administration: SMTP: Included, needs to be configured HTTP: Included through IIS (Internet Information Services) DNS: Included File & Print Support: Included Remote Administration: Included Support for Windows, Linux, UNIX & Apple clients: Included Back up capabilities: Included Security Features: Active Directory & Kerberos Licensing: $3,999, includes 25 Licenses Support Services: By contract, also large knowledge database
Why Microsoft? Microsoft is our 3rd choice because it has
great tools, resources, and the ability to give more control to an individual. What makes Microsoft the last option is the cost of a Windows Server, the limited support for clients, and there is a limit on the number of clients for each license.
Questions?
