Medical Facility Network Design Presented By: Chelsea Collins Kara James Eric Lopez Trevor Norwood

Medical Facility Needs  Required 99.99% system uptime  Medical record access 24/7  Up-to-date information sharing between staff  225 Users on Network  180 Laptop Users

Network Policy  The configuration and design of this network was created with the intention being as reliable and efficient as possible. Since the Hospital is required to run continuously, these network policies reflect the importance of the patient’s reliability on the network and corresponding technology.

Network Policy: Printing Services  Each printer will be assigned an IP address with a password to access through FTP, and will be assigned to the closest workstation within the facility.  The passwords assigned to access the FTP server will follow the strict password guidelines. Printing services should be used for Hospice Medical Facility purposes only.

Network Policy: Internet Access  All users must have a designated user name and password to be able to access the Internet  Internet usage will be constantly monitored to reduce security threats and protection of the Network.  The Internet should be used for Hospice Facility research and communication purposes only.  Remote access is only allowed to request or access required information by a certified user

Network Policy: Administrators  After research of users and access restrictions, the IT department will assign authentication levels to certain users  The only staff that will be given full credentials with no restrictions will be the IT department.  All Patches will be made Mondays at 6am or during a time the network will be used least

Network Policy: Account Guidelines  User Accounts:  First Name Initial  Full Last Name  Last two digits of year of employment  If all guidelines overlap for 2 users, begin adding letters of alphabet  Administrator Accounts:  “.admin”  Example: Elopez12.admin

Network Policy: Storage  is limited to 25 MB per account and is stored on the mail server  It is important to only store information that is related to the Medical Facility

Network Policy: Hardware  Dell Vostro 430 Mini Tower desktop computer  Each workstation will also be equipped with a Cisco landline phone. CISCO SPA525G  Laptops: Those who wish to acquire a laptop may request one through the IT Department

Network Policy: Software  Windows 7  Microsoft Office 2010 Professional  Adobe Acrobat Reader  Bit9  DropBox  Palo Alto Firewall  Symantec Endpoint Protection

Network Policy : Device Placement  Dedicated room on each floor for a switch.  All Switches are wired to a single router located on the first floor.  The first floor will have its own WAP exclusively for purposes of lobby and registration.  The second and third floor will share a separate personal WAP.

Network Policy: Protocol Standards  Protocols such as Telnet and TACACS, along with any other remote access protocol, will be blocked from workstation computers  FTP and other such transfer protocols are only allowed to be used with the combination of SSH, considering the clear text of FTP is not the most secure, and as such will be monitored.

Network Policy: Environmental Issues  The dedicated servers for the network will be contained within a temperature-controlled room to remove the possibility of overheating.  A constant temperature of 70* Fahrenheit is suggested, as well as the average humidity around 55%.  Detection systems  Surge Protectors  EMI issues can also be avoided through the use of shielded cables

Security Policy  Security for the Medical Facility is extremely important because they hold very sensitive medical record information on all of their patients. We must take certain measures to ensure the safety and protection of patients and their information.

Security Policy : Access Control  Protect misuse of information  Administrators, Level 1, 2, and 3 Users  Requiring Authentication process for these users by the IT Department

Security Policy: Authentication Process  The IT Department will give permissions and roles for every employee.  Each user will be given credentials to access systems based on their roles with the Medical Facility.  No user will be given access to data that they do not need for their job

Security Policy: Physical Access  Alarm System  Photo Identification- smart card access cards with key information  Closed-circuit television camera system  Weapons Screening systems  Security Guards  Two-way voice communications

Security Policy: VPN and Firewalls VPN  Certified members will be given credentials to access a VPN  Should only use the VPN while on a secure and authorized device Firewall/Antivirus  Symantec Endpoint Protection Software  Virus scans should be performed daily.  Updates to software should be done weekly

Security Policy: Passwords  Strong passwords must be used  Requirements:  Must be 8 to 14 characters  Both upper and lower-case letters  At least one special character  Must be required to change password every 6 months  No sharing of passwords or writing down passwords

Security Policy: Encryption  Encryption is an essential part of keeping information secure.  Encryption should be used on all devices and media types that contain sensitive data: Laptops, Desktops, Flash Drivers, CD’s and DVD’s, External Hard Drives, Portable Hard Drivers, s and all file attachments  Encrypt all data going across the network  Symantec Endpoint Protection software

Security Policy: Vulnerability Checks  System logs should be stored onto the server and regulated by a log analyzer in the IT Department.  Vulnerability checks should be performed weekly to check for any serious security flaws that may be present in the network

Security Policy: Back-ups  Backing up data can help with prevention loss but also with security of information. Providing back-ups of logs and data make it possible for security audits to be performed if it is ever needed  Back-ups should be timed to automatically perform several times a day

Disaster Recovery Policy  Goal:  To minimize the potential for information loss, legalities from information loss and get back fully operational after a disaster.  Three aspects  Loss prevention  During disasters  After disaster

Disaster Recovery: Loss Prevention  Setup Cloud Storage  Office 365  Salesforce  Accounting and payroll software  Backup onsite files 4x  9am, 12pm, 3pm and 7 pm  Send backups offsite twice per week  Wednesdays and Fridays  Insurance  Malware attacks/intrusions  Firewall  Bit9  Microsoft Intune  Barracuda Server  Install Cameras

Disaster Recovery: During Disasters  Natural disasters  Evacuate personnel  Away from equipment  Shutdown breaker  Information attack  Take infected devices off network immediately  Minimize damage/possible infections.

Recovery: After Disasters  Assess damage losses  Implement solutions for replacements  Utilizing insurance  Creating budget for hardware replacements  Restoration  Restore data from backups  Replacing damage hardware  Get back full operation ASAP

Recovery- After Disaster  Information attack/intrusions  Determine the malware or type of attack on systems.  Check to make sure attacks did not affect any other devices.  Run the proper malware software to quarantine or remove threat.

Budget

Appendix A: Physical Diagram

Appendix A: Physical Layout 1 st and 3 rd Floor

Appendix A: Physical Layout 2 nd Floor

Appendix B: Logical Diagram

Appendix C: Network Operating System Recommendations  Red Hat  Novell  Microsoft

Red Hat  Number of clients supported: Unlimited (as long as hardware is capable)  Number of processors supported: 32  Minimum and suggested hardware specifications: 1.5 GHz, 768MB RAM, 10GB Disk Space  Support for SMTP, HTTP, DNS, File & Print and Remote administration:  SMTP: Included  HTTP: Included  DNS: Included  File & Print Support: Included  Remote Administration: Included  Support for Windows, Linux, UNIX & Apple clients: Included  Back up capabilities: Included  Security Features: Open Directory & Kerberos  Licensing: $1,499 per year (starting)  Support Services: Phone support, web support, unlimited incidents

Why Red Hat  The reasons for Red Hat being our first choice is because Red Hat provides operating system platforms, middleware, applications, management products, support, training, and consulting services.  Linux operating system overall is more secure  Failover  Redundancy  Backup features  Some interoperability which makes for a more efficient environment.

Novell  Number of clients supported: Unlimited (as long as hardware is capable)  Number of processors supported: 32  Minimum and suggested hardware specifications: 1.5 GHz, 768MB RAM, 10GB Disk Space  Support for SMTP, HTTP, DNS, File & Print and Remote administration:  SMTP: Included  HTTP: Included  DNS: Included  File & Print Support: Included  Remote Administration: Included  Support for Windows, Linux, UNIX & Apple clients: Included  Back up capabilities: Included  Security Features: Open Directory & Kerberos  Licensing: $799 per year (starting)  Support Services: Phone support, Unlimited technical Support, web support, 4 hour incident response time

Why Novell?  Novel has a broad range of support options and tools available, including cross platform support for Windows, Linux, and Mac clients.  A centralized server deployment which allows administrators to manage server upgrades from a single location.  Allows Microsoft Active Directory-based applications to authenticate directly from Novell eDirectory.

Microsoft  Number of clients supported: 32  Number of processors supported: 256  Minimum and suggested hardware specifications: 1.4 GHz, 512MB RAM, 10GB Disk Space  Support for SMTP, HTTP, DNS, File & Print and Remote administration:  SMTP: Included, needs to be configured  HTTP: Included through IIS (Internet Information Services)  DNS: Included  File & Print Support: Included  Remote Administration: Included  Support for Windows, Linux, UNIX & Apple clients: Included  Back up capabilities: Included  Security Features: Active Directory & Kerberos  Licensing: $3,999, includes 25 Licenses  Support Services: By contract, also large knowledge database

Why Microsoft?  Microsoft is our 3 rd choice because it has great tools, resources, and the ability to give more control to an individual. What makes Microsoft the last option is the cost of a Windows Server, the limited support for clients, and there is a limit on the number of clients for each license.

Questions?