MEDICAL FACILITY NETWORK DESIGN GROUP ASSIGNMENT

Management of Networks & Telecommunication Systems (LIS4482) Sam Levine, Christopher Dick, Andrew Dentzau, Daniel Cohen, & Jason Lee December 9th, 2010

Executive Summary (Andrew)

The purpose of this proposal is to design a networking infrastructure for your medical facility. Given the nature of your business, this infrastructure is to be designed with an up time of 99.99%. The network will primarily be accessed through wireless devices, but will also serve wired users, such as the billing, accounting, IT and public outreach departments. The two buildings of your medical facility will be split up, one for administrative, medical, business and support staff hardware, the other for patient and administrative databases. These buildings will be connected virtually. Each building will also be split up virtually into smaller, more manageable networks. The actual connections in the network will be designed with a high fault tolerance, which means that one failure will not bring the entire network down. We have also designed the network with redundancy, so that when one path fails, there are many other paths for the information to take. This is how we will achieve 99.99% up time. In order to secure these networks, we will be implementing firewalls on all of the networks. Additionally, all employees will have their e-mail automatically scanned for viruses and any suspicious e-mails should be reported to the System Administrator. Our backup procedures are designed to ensure that all of the valuable information that is housed and generated on a day to day basis is backed up in case of failure. A daily backup procedure will be used and this data will be stored in an off site location so that even in the event of a natural disaster at your medical facility, this data will be safe. This will require all system administrators to conduct daily backups and all personnel should keep efficient records to reduce the volume of data that is backed up. Additionally, the facility will house an uninterruptible power supply that will power on the system in the event of a power failure. Given these specifications, this network will provide maximum up time and safety of data, which is crucial to the operation of this facility.

Written Description (Sam)

The medical facility is comprised of two separate buildings. These buildings are not connected by any physical means, and must be capable of accessing the resources available in each building's networks. Building 1 will house the administrative, medical, business, and support staff hardware. Building 2 will house the patient and administrative databases. Each building can connect to one another through a dedicated Virtual Private Network (VPN) connection. Each building's network contains an internet-facing proxy server, protected by a firewall. Each aggregate connection (of parent switches and hardware resources) connects to a grandparent switch, which logically separates the network into individual virtual local area networks (VLAN). Within each building, the networks and their associated resources are structured so that they provide 99.99% uptime by using topologies that provide the most fault tolerance. Each department's resources are connected through a physical star topology, where their parent switch is the central point of failure. If one network's switch fails, other networks are unaffected. Please refer to the appendices for a visual representation of the networks. Appendix A contains the physical network layout, and Appendix B contains the logical network layout. On Appendix B, the network separated by the internet link on the left side is associated with Building 1, and the right side is associated with Building 2. Building 1's proxy server connects to a switch, which connects email, web, file, and DNS servers to the local side of the proxy server. These servers are accessible, regardless of the physical location of the user, through the building's VPN router. The proxy server is also connected to a router, which separates the server resources from the local physical network. The router provides these server resources through a [grandparent] switch to 5 separate logical networks (according to department). Each department can have multiple computers attached to its parent switch. This grandparent switch also acts as a parent switch to the receptionist's desk (with fax machine and printer) and the Information Technology (IT) workstations. The second parent switch connects the billing and accounting departments. The third parent switch connects the director's office, the office manager's office, the Human Relations department, the Counseling office, and the Public Outreach department. The fourth parent switch connects two meeting room computers, a shared printer, and two wireless access points (WAP). The fifth parent switch connects the Medical Records department, the Medical Supplies department, the Chief Medical Officer's office, and the doctor's workstations. Building 2's proxy server connects to a switch, which connects email, web,and DNS servers to the local side of the proxy server. These servers are accessible, regardless of the physical location of the user, through the building's VPN router. The proxy server is also connected to a router, which separates the server resources from the local physical network. The router provides these server resources through a switch to one separate physical network. The physical network is separated into two logical networks, and also contains a connection to the

administrative workstations. The first logical network connects two patient databases and one backup patient database. The second logical network connects two business databases and one backup business database.

Network Policies (Chris)

Internet Access: Internet access is restricted to approved whitelists, approved and managed through the IT department. Due to the sensitive nature of information available on the local network, and unapproved internet access or circumvention of established security procedures is grounds for formal reprimand. In the case of required usage for a web address not on the approved whitelist, a request can be made for access by submitting a usage report to the IT Department detailing intended use and business function. Printing: Printing is available through the group work area. As the office is moving towards a green paperless stance, printing is discouraged whenever possible. Printing will be restricted to work related items only. Storage Allocation: Each user is allocated 1 gibibyte for document storage. This storage space is accessable through the mapped drive available on each users workstation. For offsite users, access will be provided through VPN connections to the same servers used for storage. Email: Email is to be used for business purposes only. Email accounts are stored on the network server, and as such are limited in space; each user is allocated 250 mebibytes per account. Email will be regularly backed up and archived on the fifth of each month. User Privileges: User privileges are restricted to local accounts only. Access privileges to servers are based on usage and need only. No unauthorized software is to be installed on any system. Software can be authorized for install by submitting a usage report to the IT Department detailing intended use and business function. Naming Conventions: Servers will be named based on logical and thoughtful names. Whimsical and jovial names are not permitted. This is a place of business, not a comedy club. Protocol Standards: Industry standard protocols are to be used at all times. When a choice is available between cleartext and encrypted protocol, the encrypted protocol is to be used every time.

Workstation Configurations (Hardware, Software): Hardware and software configurations are to be managed exclusively by the IT Department. Any unauthorized modification of software packages or hardware configuration is subject to official reprimand. Network Device Placement: Network devices will be located in access restricted sections of working areas. Switches are located in ceiling access areas, along with cable bundles. Cable drops are provided in each room for the authorized number of connections. Environmental Issues: The office is moving towards a green stance, and as such all trash will be recycled when possible. Also, paper is to be used as little as possible for business transactions. The goal of the office is to be as environmentally sound as possible. Power: All computers are to be shut down or placed in standby mode each day after close of business on weekdays. On the weekend all computers are to be left in standby mode for hardware and software maintenance. Patching: Patching is to be managed through the centralized patch server. Patches are to be thoroughly tested on VM ware images of deployed hardware configurations before deployment. Patches are to be performed over the weekends on Saturday, after close of business.

Security Policy (Dan)

1.0 Overview Consistent standards for network access and authentication are critical to the company's information security and are often required by regulations or third-party agreements. Any user accessing the company's computer systems has the ability to affect the security of all users of the network. An appropriate Network Access and Authentication Policy reduces risk of a security incident by requiring consistent application of authentication and access standards across the network. 2.0 Purpose The purpose of this policy is to describe what steps must be taken to ensure that users connecting to the corporate network are authenticated in an appropriate manner, in compliance with company standards, and are given the least amount of access required to perform their job function. This policy specifies what constitutes appropriate use of network accounts and authentication standards. 3.0 Scope The scope of this policy includes all users who have access to company-owned or company-provided computers or require access to the corporate network and/or systems. This policy applies not only to employees, but also to guests, contractors, and anyone requiring access to the corporate network. Public access to the company's externally-reachable systems, such as its corporate website or public web applications, are specifically excluded from this policy. 4.0 Policy 4.1 Account Setup During initial account setup, certain checks must be performed in order to ensure the integrity of the process. The following policies apply to account setup: Positive ID and coordination with Human Resources is required Users will be granted least amount of network access required to perform his or her job function Users will be granted access only if he or she accepts the Acceptable Use Policy Access to the network will be granted in accordance with the Acceptable Use Policy

4.2 Account Use Network accounts must be implemented in a standard fashion and utilized consistently across the organization. The following policies apply to account use: Accounts must be created using a standard format (i.e., firstnamelastname, or firstinitiallastname, etc.)

Accounts must be password protected Accounts must be for individuals only and account sharing and group accounts are not permitted User accounts must not be given administrator or 'root' access unless this is necessary to perform his or her job function Occasionally guests will have a legitimate business need for access to the corporate network. When a reasonable need is demonstrated, temporary guest access is allowed. This access, however, must be severely restricted to only those resources that the guest needs at that time, and disabled when the guest's work is completed Individuals requiring access to confidential data must have an individual, distinct account. This account may be subject to additional monitoring or auditing at the discretion of the IT Manager or executive team, or as required by applicable regulations or third-party agreements

4.3 Account Termination When managing network and user accounts, it is important to stay in communication with the Human Resources department so that when an employee no longer works at the company, that employee's account can be disabled. Human Resources must create a process to notify the IT Manager in the event of a staffing change, which includes employment termination, employment suspension, or a change of job function (promotion, demotion, suspension, etc.). 4.4 Authentication User machines must be configured to request authentication against the domain at startup. If the domain is not available or authentication for some reason cannot occur, then the machine should not be permitted to access the network. 4.5 Firewall Our company will operate a perimeter firewall between the internal network and the Internet in order to create a secure environment for computers and network resources. The firewall will perform the following security measures: Block unwanted traffic as determined by the firewall rule set Access control between the trusted internal network and the untrusted external networks Log traffic to and from the internal network Provide virtual private network (VPN) connectivity Hide vulnerable internal systems from the Internet Provide robust authentication

4.6 Use of Passwords When accessing the network locally, username and password is an acceptable means of authentication. Usernames must be consistent with the requirements set forth in this document, and passwords must conform to the company's Password Policy.

4.7 Remote Network Access Remote access to the network can be provided for convenience to users but this comes at some risk to security. For that reason, the company encourages additional scrutiny of users remotely accessing the network. The company's standards dictate that username and password is an acceptable means of authentication as long as appropriate policies are followed. Remote access must adhere to the Remote Access Policy. 4.8 Screensaver Passwords Screensaver passwords offer an easy way to strengthen security by removing the opportunity for a malicious user, curious employee, or intruder to access network resources through an idle computer. For this reason screensaver passwords are required to be activated after 15 minutes of inactivity. 4.9 Minimum Configuration for Access Any system connecting to the network can have a serious impact on the security of the entire network. A vulnerability, virus, or other malware may be inadvertently introduced in this manner. For this reason, users must strictly adhere to corporate standards with regard to antivirus software and patch levels on their machines. Users must not be permitted network access if these standards are not met. This policy will be enforced with product that provides network admission control. 4.10 Encryption Industry best practices state that username and password combinations must never be sent as plain text. If this information were intercepted, it could result in a serious security incident. Therefore, authentication credentials must be encrypted during transmission across any network, whether the transmission occurs internal to the company network or across a public network such as the Internet. 4.11 IDS We will also implement IDS software which will establish intrusion detection and security monitoring to protect resources and data on the organizational network. This will: Increase the level of security by actively searching for signs of unauthorized intrusion. Prevent or detect the confidentiality of organizational data on the network. Preserve the integrity of organizational data on the network. Prevent unauthorized use of organizational systems. Keep hosts and network resources available to authorized users. Increase security by detecting weaknesses in systems and network design early.

4.12 Failed Log-ins Repeated log-in failures can indicate an attempt to 'crack' a password and surreptitiously access a network account. In order to guard against password-guessing and brute-force attempts, the company must lock a user's account after 3 unsuccessful log-ins. This can be

implemented as a time-based lockout or require a manual reset, at the discretion of the IT Manager. In order to protect against account guessing, when logon failures occur the error message transmitted to the user must not indicate specifically whether the account name or password were incorrect. The error can be as simple as "the username and/or password you supplied were incorrect." 4.13 Non-Business Hours While some security can be gained by removing account access capabilities during nonbusiness hours, the company does not mandate time-of-day lockouts. This may be either to encourage working remotely, or because the company's business requires all-hours access. 4.14 Applicability of Other Policies This document is part of the company's cohesive set of security policies. Other policies may apply to the topics covered in this document and as such the applicable policies should be reviewed as needed. 5.0 Enforcement This policy will be enforced by the IT Manager and/or Executive Team. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of company property (physical or intellectual) are suspected, the company may report such activities to the applicable authorities.

Disaster Recovery Policy (Jason Lee)

Backup Procedures: A daily backup procedure is used to backup up files. This is called the Son. It is necessary for information to be stored in and off the site location in case of an emergency (ex: weather, fire, hacking,) All System Administrators should conduct a back-up procedure daily and also keep an efficient record of all files and programs. Also, there are weekly backups that are called the Father. Lastly, there are backups of the whole month called the Grandfather. This backup is kept for a year. Virus Management: Viruses are hazardous to your business. It is critical that all employees monitor their action in preventing a virus. Emails are scanned for the protection of data. If you receive a suspicious email please contact your System Administrator. No employee should download any files without permission from the System Administrator. No Social Sites or Third party vendors should be used on the network. You should never give your personal information, passwords, credit card information, or any important information. Wireless devices should be updated with antivirus software and security updates before connecting to the network. The use of McAfee VirusScan Enterprise is ideal because it protects both PCs and Servers. If there is a risk that the device is infected the user will seek assistance from the System Administrator. Disk/Fault Tolerance: There are three areas of concerns of fault tolerance, hardware, software and application. To make sure your network is more reliable we strongly suggest that these guidelines are followed: Hardware: Add hot memory that allows expanding Ram while system is powered on, without having to boot. Hot Swappable PCI , power supplies and cooling fans to allow system to run in process of changing equipment. Hot swappable hard disks to allow SATA or SCSI disk changing while system running. UPS (Uninterruptible Power Supply), a Generator and a Voltage filter is required. Adequate Switches and Routers are necessary. A secondary WAN is required as a backup to the primary WAN. Hot swappable servers are also required. Software: The use of RAID software on systems where basic disks have been changed to dynamic disks. RAID 1 is an excellent method for providing fault tolerance for boot/system volumes, while RAID 5 boosts both the speed and reliability of hightransaction data volumes such as those hosting databases. Applications: All applications used showed be approved by the System Administrator. No individual should perform services on any applications Power Failure: Power failure needs to be avoided to have a successful uptime. Power failure is very popular with any type of electronics. The use of an UPS (Uninterruptible Power Supply) is strongly recommended. The UPS will back up your power if a power failure occurs. Hot Site: A Hot site is the best solution to be used for disaster recovery. Your companys status indicates downtime is kept to a minimum.

Budget (ALL)
Use VPN router Proxy server DNS server Hard drives for: Proxy servers (2), DNS servers (4), database servers (30), web servers (10), mail server (10), file server (5), active directory server (5) Server software for: web servers (2), (2) mail servers, file server, and active directory server Network router Network switch Software for the databases 6 database servers, 2 web servers, 2 email servers, 1 file server, 1 active directory server Wireless Access Points Wired network cabling Item Name LINKSYS 10/100 16PT VPN RTR CISCO CE-510A-80GB-K9 Proxy Server D-Link DNS-323 2-Bay Network Attached Storage Enclosure OCZ VERTEX 2 EX SERIES SATA II 2.5" SSD (200 GB) # 2 2 2 81 Price/Item $406.78 $833.14 $149.98 $4,076.09 Total Price $813.56 $1,666.28 $299.96 $330,163.00

Windows Server Standard 2008 R2 64Bit 10 Clt

$1,098.99

$6,593.94

Cisco Systems Cisco 891 Gigabit EN Security Router Router HP J8164A#ABA 26-Port Network Switch Microsoft SQL Server 2008 R2 Developer Edition HP ProLiant ML350 G6 Base - Server - tower - 5U - 2-way - 1 x Xeon E5520 / 2.26 GHz - RAM 6 GB - SAS hot-swap 2.5" Cisco 1941 Security Router - wireless router Cat5e UTP Stranded, In-Wall Rated (CM), 350MHz 1000FT Bulk 24AWG Cable

2 7 6 9

$801.64 $748.00 $49.12 $2,050.75

$1,603.28 $1,496.00 $294.72 $18,456.8

2 4

$1,919.99 $63.70

$3,839.98 $254.80

Wired network cabling connectors Racks to hold the rack-mountable hardware

RJ45 CAT5 Modular Plug for Round Stranded Cable (50 pieces) Cables To Go 10997 APW Bolt-down Relay Rack

10 2

$6.20 $148.99

$62.00 $297.98

Assets already owned PCs, Printers, & AV equipment UPS (Uninterruptible Power Supply) 3 APC - Smart-UPS 750VA Battery Backup and Power Conditioner System 8 McAfee VirusScan Enterprise for PCs and server TOTAL $514.60 $4,116.80 $314.99 $944.97

Antivirus software for the servers and PCs

Appendix A: Physical Network Diagram (Chris)

Figure 1 represents the main office building. Figure 2 represents the data center.

Figure 1.

Figure 2.

Appendix B: Logical Network Diagram (Chris)

Figure 1 represents the main office building. Figure 2 represents the data center.

Logical Diagram for Building #2

Figure 2.