medical facility network design
DESCRIPTION
Create and design the infrastructure for a medical facility as a team.TRANSCRIPT
MEDICAL FACILITY
NETWORK DESIGN
MANAGING NETWORKS
LIS4482-01
DATE COMPLETED: 11/26/12
CREATED BY:
CHELSEA COLLINS
KARA JAMES
ERIC LOPEZ
TREVOR NORWOOD
LIS4482-01 Group 3 2012
2
EXECUTIVE SUMMARY
As part of this new medical facility that cares for the terminally ill we want to provide efforts to improve access to patient’s medical records, and maintain a high uptime percentage. This facility has approximately 225 users and 180 of those are mobile users that will need wireless support. In order to stay connected there will be wireless connectivity throughout the building and there will also be a data center on site that will contain all patient information and one offsite for backup. Internet access will be available on every computer and workstation and user authentication will be requested when accessing the internet. All patient information and records will be readily accessible using remote access. Depending on an employee’s position, some may have more access than others. All information will be encrypted to keep information secure. Employees that will be working outside of the office will have secure access to the network through a VPN account.
The company we will be working hand in hand with is Microsoft. Microsoft has many products that our medical facility will benefit from. With Microsoft HealthVault we will be able to keep track of all patient records and have the ability to collaborate and query with other employees and share information.
The importance of the access and uptime of the information servers is crucial. It is patients’ lives we are dealing with everyone needs to be able to have full access 24/7 to up-to-date information and records. A proper and effective networking infrastructure will be needed. The budget for this project is approximately $159,643.
PROJECT DESCRIPTION
The Medical Facility design will be using the most up to date technologies to ensure the
24/7 availability of crucial information. The network policies, design, and software
choices reflect how critical the needs are of a Medical Facility.
Our physical design is represented in Appendix A, where you can see that we
have a Main Office Building with wireless routers and access points set up in specific
locations. As seen in our physical diagram, Appendix A, for each workstation, on every
floor, we will install a Dell Vostro 430 computer, a monitor, physical access to the
networks and servers, printer access, and a VoIP Cisco SPA525G phone system. We
will be using 1000BaseT Cat6 cable throughout the first, second and third floors of the
building for more secure and reliable connections. In our Appendix B, you can see
detailed information regarding the IP addresses of each device located at the Medical
Facility and at the Data Center.
In our Main Office Medical Building, the routers and switches will be placed in a
secure room with key lock access to ensure that unauthorized users do not have
physical access. Only authorized users will be able to gain access to the wireless
LIS4482-01 Group 3 2012
3
internet and the VPN. In our policy, we state that only approved devices from the IT
Department will have access to any of our servers and networks. We decided that we
design three servers total while also implementing shared storage devices to ensure
easy storing for information and access.
NETWORK POLICIES
The configuration and design of this network was created with the intention being as reliable and efficient as possible. Since the Hospital is required to run continuously, these network policies reflect the importance of the patient’s reliability on the network and corresponding technology. The standard operating procedures given are meant to maintain the best connection and communication required for all users of the Hospital networking technology. Due to the importance of these networks, any misuse or alteration of the procedures could result in failure of the network or death of a patient, and as such must not occur without consequences. Below is a guide as to how the Network at the Hospice Medical and Data Center facilities will be used.
I. Printing Services All workstations within the Hospice Medical Facility will have access to printers. Each printer will be assigned an IP address with a password to access through FTP, and will be assigned to the closest workstation within the facility. The passwords assigned to access the FTP server will follow the strict password guidelines. Printing services should be used for Hospice Medical Facility purposes only. II. Internet Access All workstations within the Hospice Medical Facility will have access to an extremely high-speed Internet network. Networking, computing, and resources can be utilized from any workstation within the facility. All users must have a designated user name and password to be able to access the Internet, and will be able to do so from most computers. Internet usage will be constantly monitored to reduce security threats and protection of the Network. The Internet should be used for Hospice Facility research and communication purposes only. Remote access to the Hospice Internet network is only allowed to request or access required information by a certified user. III. User Administrations Account management and user information will be configured and managed by the IT department. After research of users and access restrictions, the IT department will assign authentication levels to certain users, depending on their rank within the facility and their requirement to access certain data. The only staff that will be given full credentials with no restrictions will be the IT department.
LIS4482-01 Group 3 2012
4
IV. E-mail usage All users will be assigned a designated company email and password to be able to access the Email Server, and will be able to do so from most computers. Emails will be constantly monitored to reduce security threats and protection of the Network. The company email address should be used for Hospice Facility research and communication purposes only. Email accounts will have a limited capacity of 25MB to save as much room for data as possible on the servers. V. Naming Conventions User Account Guidelines:
- First Name Initial - Full Last Name - Last two digits of year of employment - If all guidelines overlap for 2 users, begin adding letters of alphabet - Example:
o Name: Edward Lopez o Employed: 2012 o Username: elopez12
o Name: Erik Lopez o Employed: 2012 o Username: elopez12a
- Administrator user accounts will have ‘.admin’
o Elopez12.admin - Equipment will be labeled by Type-Department-Room#-Equipment#
o iPad-Nursing-223-6 (iPad #6 used for the Nursing Department in room 223)
VI. Storage allocation Users may use as much storage as needed in order to efficiently complete their tasks. The accounts will have access to their own personal user folder from any computer as well. Email is limited to 25MB an account and is stored on the mail server, allowing for a superfluous amount of memory that users may utilize. Considering the importance of Storage allocation, it is important for users to only store material and information related to the Hospice Medical Facility. VII. Workstation Configuration Hardware Desktop Computers
LIS4482-01 Group 3 2012
5
Each workstation will be equipped with a: Dell Vostro 430 Mini Tower desktop computer with the following specifications:
- Intel® Core™ i7-920 2.66GHz Processor - 8GB DDR RAM - 500GB Hard Drive - Wireless-N LAN card - 22in Samsung Monitor
Phone lines Each workstation will also be equipped with a Cisco landline phone with a specific number and routing number. - Model: CISCO SPA525G
*Other equipment such as tablets, cables, speakers, and other accessories will be provided upon request. Laptop Computers: Not all staff and employees will require use of a laptop. Those who wish to acquire one may write a request to the IT department. Doctors, Physicians, and Medical Directors will most likely require a more mobile form of accessing the networking, and will this be given priority over most other users. The IT department will research and determine if it is necessary to give out a laptop to a certain user when the request is received. Software Configurations: Each workstation will come equipped with the following software:
- Windows 7 (Microsoft Network version for servers) - Microsoft Office 2010 Professional - Adobe Acrobat Reader 11 - Bit9 Cyber security and Spyware protection - DropBox - Palo Alto Firewall - Symantec Endpoint Encryption
VIII. Network Device Placement
There will be dedicated room on each floor for a switch. All of these switches are
wired to a single router located on the first floor. The first floor will have its own WAP
exclusively for purposes of lobby and registration. The second and third floor will share
a separate personal WAP.
LIS4482-01 Group 3 2012
6
IX. Protocol Standards
Protocols such as Telnet and TACACS, along with any other remote access
protocol, will be blocked from workstation computers. FTP and other such transfer
protocols are only allowed to be used with the combination of SSH, considering the
clear text of FTP is not the most secure, and as such will be monitored.
X. Environmental Issues
The dedicated servers for the network will be contained within a temperature-
controlled room to remove the possibility of overheating. A constant temperature of 70*
Fahrenheit is suggested, as well as the average humidity around 55%. The room will
also be equipped with many detection systems to ensure all systems are working fine
with no threat. This includes fire and safety control, and humidity control. All these
systems can be monitored remotely, with the option of sending remote alerts.
The use of surge protectors is important in the prevention of total system power
failures. Uninterruptable Power Supplies (UPS) would be the best choice in this
situation to protect the equipment from possible electrical problems. EMI issues can
also be avoided through the use of shielded cables if need be.
XI. Patches
All patches will be made Mondays at 6am, with the assumption that the network
will be used the least during this time.
SECURITY POLICY
Security for the Medical Facility is extremely important because they hold very
sensitive medical record information on all of their patients. We must take certain
measures to ensure the safety and protection of patients and their information. These
policies will be monitored and implemented by the hired IT department staff.
We will be using highly secure technology including password requirements,
alarm systems, access control systems, photo identification, CCTV, two-way voice
communications, and weapons screening systems
Electronic Access Control System will ensure protection of our data from the
misuse of information by intruders and authorized members. We will implement four
levels of users (Administrators, Level 3, Level 2, Level 1.) Level 1 Users will have the
LIS4482-01 Group 3 2012
7
most restrictions on access to information. These individuals will be the registration
desk staff where they only need access to general information about patients, like
appointment times, dates, room numbers, ect.
There will be an appropriate authorization process for all of these users when
they are hired on as staff. Background checks will be provided and the IT staff will
create credentials based on the position of each employee.
For remote access, the IT department will assign credentials to those authorized
members or those who request access to the VPN. The IT department will give these
individuals a secured device or laptop to access this system that has software and
programs installed essential for the security of the laptop and the VPN.
Our password policy will be as follows:
- Strong Passwords are required
- Requirements for each password are:
o Must be 8 to 14 characters
o Use both upper and lower-case letters
o At least one special character (!@$%^&*)
o Must be changed every 6 months
o No writing passwords down or sharing passwords
For encryption, to prevent attacks, for firewall, and for antivirus we will be using
Symantec Endpoint Protection software and installing this software on each device.
Encryption software will be used for information shared across the network and
information on all devices. Medical Facilities have highly confidential information that is
being sent over a network and needs to be encrypted on all Laptops, Desktops, Flash
drives, CD and DVD, External Hard drives, portable hard drives, E-mails.
Physical Access will be controlled to ensure the protection of all employees’ and
patients by using the following systems:
- Alarm System
- Photo Identification- smart card access cards with appropriate
information
- Closed-circuit television camera system
- Weapons Screening systems
- Security Guards
- Two-way voice communications
LIS4482-01 Group 3 2012
8
Disaster Recovery Policy
Goal: To minimize the potential for information loss, legalities from information
loss and get back fully operational after a disaster.
Three aspects
Loss prevention
During disasters
After disaster
Disaster Recovery: Loss Prevention
Setup Cloud Storage
Office 365
Salesforce
Accounting and payroll software
Backup onsite files 4x
9am, 12pm, 3pm and 7 pm
Send backups offsite twice per week
Wednesdays and Fridays
Insurance
Malware attacks/intrusions
Firewall
Bit9
Barracuda Server
Install Cameras
Disaster Recovery: During Disasters
Natural disasters
Evacuate personnel
LIS4482-01 Group 3 2012
9
Away from equipment
Shutdown breaker
Information attack
Take infected devices off network immediately
Minimize damage/possible infections.
Recovery: After Disasters
Assess damage losses
Implement solutions for replacements
Utilizing insurance
Creating budget for hardware replacements
Restoration
Restore data from backups
Replacing damage hardware
Get back full operation ASAP
Information attack/intrusions
Determine the malware or type of attack on systems.
Check to make sure attacks did not affect any other devices.
Run the proper malware software to quarantine or remove threat.
LIS4482-01 Group 3 2012
10
BUDGET
LIS4482-01 Group 3 2012
11
APPENDIX A: PHYSICAL DIAGRAM
LIS4482-01 Group 3 2012
12
APPENDIX B: LOGICAL DIAGRAM
LIS4482-01 Group 3 2012
13
TEAM CONTRIBUTION
As a team we all contributed to this project. There were 8 sections that needed to be
completed; therefore we each chose the items we would do.
Chelsea Collins: Executive Summary, Budget, Assembled Deliverable, Contribution
Summary
Kara James: Written Description, Security Policy
Eric Lopez: Network Policies
Trevor Norwood: Disaster Recovery Policy, Appendix A, Appendix B
Executive Summary: Researched and compiled information on medical facility
networks. Reviewed our plan and wrote a summary. This summary would be used to
inform upper-level management of the proposal.
Budget: Created a list of items that will be needed to implement a new network
infrastructure. Researched prices of the items and created a spreadsheet to reflect the
information found. Computed the costs and came up with a final budget price.
Written Description: Review our plan for the network infrastructure. Describe the
network proposed and explain reasoning behind decisions.
Security Policy: Decide on policies that need to be in place to secure the network.
Compile policies that will be used in the medical facility to protect information and
security violations.
Network Policies: Decide on policies that need to be in place to operate efficiently and
safe. Compile policies that will be used in the medical facility.
Disaster Recovery Policy: Compile procedures and policies that will be followed in case
of a disaster. Decide on the best recovery techniques if a disaster were to happen.
Appendix A: Configure a physical layout of the medical facility network, created in the
software program Visio.
Appendix B: Configure a logical layout of the medial facility network, created in the
software program Visio.