Professional Documents
Culture Documents
1. One Switch
a. To ensure users may reach internet and needed files
2. One patch panel
a. allows for easier troubleshooting of ethernet connections
b. also helps network connections stay neat and organized
3. One UPS Battery
a. ensure proper surge and power outage protection
Second Floor Telecommunication room 2:
1. Two switches
a. This allows for redundancy to ensure users may reach internet
and needed files
2. Two patch panels
a. allows for easier troubleshooting of ethernet connections
b. also helps network connections stay neat and organized
3. Two UPS Batteries
a. ensure proper surge and power outage protection
Datacenter
1. One router
a. provides subnet for RAID Racks
2. One switch
3. One patch panel
a. allows for easier troubleshooting of ethernet connections
b. also helps network connections stay neat and organized
4. One router
a. provides subnetting for the wireless access points and mobile
devices
5. Two RAID racks
a. provide backup for server room RAID racks
6. Tape Drive
a. to create backups of RAID Racks for secure storage and send to
offsite storage
7. One wireless access point
a. to allow access for mobile devices and laptops
Secure Storage (holds backup hardware):
1. Four wireless access points
2. Five VOIP phones
3. Five business phones
4. Five desktop computers
5. One modem
6. Two routers
7. One patch panel
8. One Dual WAN router
9. Two servers
10. Three switches
required to use the login information that was given to them by the IT department. While Internet
usage is not monitored at all times; any misconduct that is reported will be investigated. All
users are responsible for the activities performed under their credentials.
Our facility offers printing services for work-related needs. All users have access to the
printers for ease-of-access. However, personal use should be kept to a minimum. Whenever
possible, conserve color ink. Use as few sheets as possible for lengthy reports. Suspected
abuse of printer privileges will be investigated.
All users are assigned a business email to allow for easy inter-office communication.
Business email accounts should be used for business purposes only. All emails are stored and
can be accessed by administration at any time.
As previously stated, users will be issued login information. General users will be unable
to change settings or clear histories. Contact the IT department with any questions regarding
privileges.
Since most of the organization uses the same files, we use a unified syntax for naming
standards. The standard for patient documents are as follows:
date_staffmember_patientname_description (eg. 112914_smith_roberts_toxicology).
The standard for staff-to-staff documents are as follows:
date_fromstaffmember_tostaffmember_description. (eg. 090914_smith_peters_inforequest)
All workstations are configured by the IT department. All users will be able to perform all
functions required by their position. Some things that are allowed for everyone are: email, the
Microsoft Office suite, and web browser usability. Hardware settings are set to update manually
by the IT department. Our IT department works around the clock to make sure all of the
workstations are configured properly; and perform their functions without any issues.
Our facility strives to provide the best possible experience for our employees. To that effect,
network devices are strategically placed so there are no gaps in coverage. For the most part,
every department has their own network inside the organizations intranetwork.
One factor that is completely out of our control is the environment. The best thing we can
try to do is plan for the worst. Our facility has backup batteries on every single floor to ensure
that we never truly lose power. We also have offsite backups that are updated weekly to ensure
minimal loss of data.
There are no automatic updates at this site. The IT department handles all of the
updating processes to ensure that all updates work as the should. The IT department checks for
new operating system patches and updates daily. The rest of the systems updates are
performed on a bi-weekly basis.
V. SECURITY POLICY
Security is vital to the operation of this company, because if any records were to be
viewed by unauthorized parties it would be in direct violation of HIPPA standards and could be
sued for millions of dollars. It is critical that there is a strict user account policy in which we will
employ the principle of least privilege, which means only those that must view the files to
complete their work are allowed to actually view the files. Password requirements to log into
their accounts are as follows: minimum of 8 characters, no dictionary words/names, the
passwords expire every 90 days, the new password cannot be identical to the last 10
passwords, the passwords are not to be displayed when entered, and they are to be deleted
once no longer in use. All remote access to the network MUST be through a VPN to ensure that
the connection is secure and impenetrable, but remote access to the network will also be limited
to those that absolutely need it. The firewalls will be set to default block all incoming and
outgoing traffic that is not expressly permitted in the firewall policies. They will immediately
blacklist any IPs that show malicious activity, as well as limit access in to and out of both China
and Russia. We will encrypt all sensitive data such as medical records and billing information so
that even if an attacker does manage to steal records they will not be able to read them.
We will keep detailed logs of all failed logins, any modification of security settings,
flagged system events, modification of privileges, and modification of system level objects. We
will also log all personnel that come into and leave the building as well as the datacenter. The
datacenter will be limited to only necessary personnel and you must register with the datacenter
and get approval to be able to enter the first time.
The IDS and IPS will be set inline so that all traffic passes through them to be scanned,
and will alert on events of interest. There will also be regular vulnerability assessments in which
manual scans for vulnerabilities will be completed. We will also use this time to review for
outdated/unused software, employees password quality, as well as occasionally have external
audits where they will conduct penetration testing.
Our procedures for handling security violations are to carefully monitor regular violation
reports to check and see if there are any repeat offenders, if a violation is made against a
specific set of resources, consult with the manager of those resources to determine the
sensitivity of the information attempting to be accessed, and if the violation is found to be
malicious then the associated IPs must be blacklisted as soon as possible.
VI. DISASTER RECOVERY POLICY
As it is critical the company have all records immediately as needed, it was clear they
needed a secure disaster recovery plan. For backup procedures we have a backup server
deployed along with a virtual tape library. Backups of the servers will occur every day after
business hours, and full backups of the network will occur once a week followed by differential
and/or incremental backups that only record the changes since the last backup. The daily
backups will be kept for 5 days, weekly backups for 5 weeks, monthly backups for 12 months,
and special backups are to be kept for longer periods of time. This would include backups
directly after system upgrades and other major changes. The tapes will be stored off site to
avoid loss of data in the event of a physical disaster.
As for virus management we have a few policies in place to ensure that employees are
always able to retrieve records with no delays, as well as ensure that no attackers can access
the medical and billing records via a virus. Employees are to never open an attachment when
they are unsure of the source or the business-related reason for the file being sent. They are to
always use virus scanning first before downloading any files, this same policy applies to
installing software. No software is to be downloaded until it has been verified that it is free of
malware. Special attention should be paid to any shareware or freeware employees may
download. Do not download anything from unknown sources without approval from IT staff, and
they must allow virus definition updates to be pushed to their computer every day. If concerned
there may be malware on your machine, quarantine the file if possible, and alert the IT staff
immediately.
In the event of the building losing power we have a couple of plan bs in place, so to
speak. We have UPSs attached to all the vital components to help buffer against power surges,
and we have a battery backup power configured to give employees an extra 15 minutes of
warning to either save their work, or hopefully get the regular power restored without losing any
data.
As for disk/fault tolerance we are employing a RAID to ensure that there is redundancy.
This will increase availability, and help to make sure that employees are always able to access
the network. We will have the UPS system attached to the RAID racks to ensure they are not
electrified in the event of a power surge.
VIII: BUDGET
This should be a spreadsheet outlining costs relating to your proposal.
If the company already has an asset, note this in your budget. Include a written
description that details and justifies each cost.
Hardware/Software
Cat5e Cables
Brand
StarTech.com 1000Feet Roll of Blue
Plenum CMP Cat5e
Solid UTP Bulk Cable
(WIR5ECMPBL)
Quantity
Total Price
6 rolls(1 extra
1000ft roll)
$1,271.94 (buying
in bulk is best way
to save money and
acquire appropriate
cable length)
385 feet
$673.75
3 modems
$263.97
7 routers and 2
Dual Wan Routers
1,743.93
SM 12-Channel 900u
Tight Buffer Tactical
Fiber Optic Cable
Modems
Motorola - SURFboard
DOCSIS 3.0 HighSpeed Cable Modem
Routers
NETGEAR Nighthawk Dual-Band
Wireless-AC Router
with 4-Port Ethernet
Switch
And
12
$28,164
25
$19,749.75
$161.91
$1,199.96
$699.93
$679.98
EDGE-CORE
ECS4610-50T - L3
MANAGED 48 PORT
GIGABIT ETHERNET
STACKABLE SWITCH
WITH 4 COMBO SFP
PORTS
Computers
Dell XPS 8700
Desktop Computer,
Intel i7-4790 QuadCore 8GB 3.6 GHz
Patch Panels
TRENDnet TCP08C5E 8-Port Cat. 5e
Unshielded Patch
Panel
Raid Racks
UPS
CyberPower
CP1000AVRLCD
Intelligent LCD Series
UPS
Servers
Lenovo ThinkServer
TS140 Tower Server
System Intel Xeon E31225 v3 3.2GHz 4GB
70A4001LUX
VOIP Phones
Cisco 7970G IP
Phone, CP-7970G
Business Phones
$866.25
34
$1,359.66
15
$1,650.67
CISCO - (AIRLAP1242AG-A-K9)
AIRONET 1242AG
WIRELESS ACCESS
POINT 802.11B
802.11A 802.11G
Totals of Equipment - Look at the Written Description for quantities of the hardware
10 LT06 tapes (cost around 650 dollars)
1. LTO6 Tape has a storage capacity of 2.5 TB uncompressed and up to
Appendix A
Legend
Floor 1 Hardware
Floor 2 Hardware
Datacenter Hardware
WAN Links
Cable Type
Cable Length
Cable Quantity
Category 5e
35
Category 5e
40
Category 5e
50
Category 5e
40
Category 5e
55
Category 5e
60
Category 5e
60
Category 5e
75
Category 5e
85
Category 5e
70
Category 5e
70
Category 5e
75
Category 5e
65
Category 5e
65
Category 5e
55
Category 5e
75
Category 5e
35
Category 5e
55
Category 5e
60
Category 5e
55
Category 5e
75
155
155
Category 5e
5 / 10
96
Category 5e
10
33
Floor 2
Cable Type
Cable Length
Cable Quantity
Category 5e
35
Category 5e
40
Category 5e
50
Category 5e
75
Category 5e
45
Telecomm. 1 to Accounting
Category 5e
75
Category 5e
75
Category 5e
95
Category 5e
85
Category 5e
55
Category 5e
25
Category 5e
50
Category 5e
35
Category 5e
50
Category 5e
65
Category 5e
55
Category 5e
75
Category 5e
75
Category 5e
85
Category 5e
100
Category 5e
95
25
25
25
Category 5e
54
Category 5e
10
23
Cable Locations
Cable Type
Cable Length
Cable Quantity
Category 5e
40
Category 5e
40
Category 5e
80
Category 5e
85
Telecomm. to WAP
Category 5e
50
Spare cables
Category 5e
Category 5e
5 / 7.5
20
Contributions
Cover Page: Montana Carroll
Executive Summary: Zachary Bichard
Written Description: Zachary Bichard, Amanda Lee, Montana Carroll
Network Policies: Chris Stone
Security Policies: Amanda Lee
Disaster Recovery Policies: Amanda Lee
Budget: Billy Richards
Appendix A: Montana Carroll with assistance from Amanda Lee and Zachary Bichard
Appendix B: Montana Carroll with assistance from Amanda Lee and Zachary Bichard for
IP addressing
Building location
We can make up wherever we want the building to be. The main thing needed is that wherever
we decide needs to have existing fiber so that we can lease or buy it.
Hippa standards
He did not mention that the patients needed access to the internet so we will not give them any.
This way we do not have to worry about having a secure network and a public(like for public
use) one.
Those three will make up the 180 mobile users
??? Laptops
??? Tablets
??? Smartphones
I put some pictures of laptops on the diagram because he said he wanted to see them but there
is no way we can put all of the staffs laptops, tablets, and other devices.
Just to clarify there are about 45 IP addresses that are public non-mobile
Those will be the computers, voip phones, network printers, and wireless access points.
The wireless access points will be set in the router to have fixed ip addresses so that
administration/maintenance will be easier.
The network printers are located at nurses station 2nd floor, IT, HR & Billing, and Public
Outreach.
Also the dual wan router will need an ip address.
Storage
The network area storage will be configured in a raid 10 because it is the best raid array for
mission critical operations. It is the most expensive but it will save lives if something were to
happen like disk failures. It can easily handle the load until the new hard drives are hot swapped
out. We will have a normal set up in the server room and the raid 10 in the data center. Please
correct me if this wont work. I know some about this but not a lot.
Router
We will have two different ISP companies in order to have redundancy for our connection. So
that means two modems that hook into the dual wan router. Dual WAN allows you to connect to
different ISPs. After that the hardware firewall should be placed for security measures.
Communication Rooms
Each communication room has either one 48 port patch panel and switch or 2 24 port patch
panels and switches. They are on UPS to protect for power surges or drops. The switches on
the opposite side of the building from the Server room will be connected with a multimode fiber
optic cable. From the switch to the patch panels and to the computers/printers/voip phones we
will use ethernet cables either cat 6 or cat 5e.
Nurse Station Rolling Computer
There is a computer near each nursing station that will be on a cart and can be rolled into the
rooms of the patients. It will be connected to the wall with the ethernet jacks provided in the
rooms(so that they can retrieve and send data faster).
Phones
Due to ip address limitations not all rooms could have voip so I decided to do a PBX/voip hybrid.
Which is actually pretty common in businesses since upgrading to voip can be difficult. Plus not
all rooms need voip like the patients rooms.
Cabling
Like I mentioned we can either use cat 5e or cat 6 whichever you want. From comm room to
server room will be multimode fiber for faster transfer of patient records. From the data center to
the main building we will use dark fiber from the city or a company that has fiber. It will be single
mode fiber optic cable since it is a further distance. We will use a vlan to transfer the data.