1 / 40

Medical Facility Network Design

Medical Facility Network Design. Presented By: Chelsea Collins Kara James Eric Lopez Trevor Norwood. Medical Facility Needs. Required 99.99% system uptime Medical r ecord access 24/7 Up-to-date information sharing between staff 225 Users on Network 180 Laptop Users. Network Policy.

bisa
Download Presentation

Medical Facility Network Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Medical Facility Network Design Presented By: Chelsea Collins Kara James Eric Lopez Trevor Norwood

  2. Medical Facility Needs • Required 99.99% system uptime • Medical record access 24/7 • Up-to-date information sharing between staff • 225 Users on Network • 180 Laptop Users

  3. Network Policy • The configuration and design of this network was created with the intention being as reliable and efficient as possible. Since the Hospital is required to run continuously, these network policies reflect the importance of the patient’s reliability on the network and corresponding technology.

  4. Network Policy: Printing Services • Each printer will be assigned an IP address with a password to access through FTP, and will be assigned to the closest workstation within the facility. • The passwords assigned to access the FTP server will follow the strict password guidelines. Printing services should be used for Hospice Medical Facility purposes only.

  5. Network Policy: Internet Access • All users must have a designated user name and password to be able to access the Internet • Internet usage will be constantly monitored to reduce security threats and protection of the Network. • The Internet should be used for Hospice Facility research and communication purposes only. • Remote access is only allowed to request or access required information by a certified user

  6. Network Policy: Administrators • After research of users and access restrictions, the IT department will assign authentication levels to certain users • The only staff that will be given full credentials with no restrictions will be the IT department. • All Patches will be made Mondays at 6am or during a time the network will be used least

  7. Network Policy: Account Guidelines • User Accounts: • First Name Initial • Full Last Name • Last two digits of year of employment • If all guidelines overlap for 2 users, begin adding letters of alphabet • Administrator Accounts: • “.admin” • Example: Elopez12.admin

  8. Network Policy: Storage • Email is limited to 25 MB per account and is stored on the mail server • It is important to only store information that is related to the Medical Facility

  9. Network Policy: Hardware • Dell Vostro 430 Mini Tower desktop computer • Each workstation will also be equipped with a Cisco landline phone. CISCO SPA525G • Laptops: Those who wish to acquire a laptop may request one through the IT Department

  10. Network Policy: Software • Windows 7 • Microsoft Office 2010 Professional • Adobe Acrobat Reader • Bit9 • DropBox • Palo Alto Firewall • Symantec Endpoint Protection

  11. Network Policy : Device Placement • Dedicated room on each floor for a switch. • All Switches are wired to a single router located on the first floor. • The first floor will have its own WAP exclusively for purposes of lobby and registration. • The second and third floor will share a separate personal WAP.

  12. Network Policy: Protocol Standards • Protocols such as Telnet and TACACS, along with any other remote access protocol, will be blocked from workstation computers • FTP and other such transfer protocols are only allowed to be used with the combination of SSH, considering the clear text of FTP is not the most secure, and as such will be monitored.

  13. Network Policy: Environmental Issues • The dedicated servers for the network will be contained within a temperature-controlled room to remove the possibility of overheating. • A constant temperature of 70* Fahrenheit is suggested, as well as the average humidity around 55%. • Detection systems • Surge Protectors • EMI issues can also be avoided through the use of shielded cables

  14. Security Policy • Security for the Medical Facility is extremely important because they hold very sensitive medical record information on all of their patients. We must take certain measures to ensure the safety and protection of patients and their information.

  15. Security Policy : Access Control • Protect misuse of information • Administrators, Level 1, 2, and 3 Users • Requiring Authentication process for these users by the IT Department

  16. Security Policy: Authentication Process • The IT Department will give permissions and roles for every employee. • Each user will be given credentials to access systems based on their roles with the Medical Facility. • No user will be given access to data that they do not need for their job

  17. Security Policy: Physical Access • Alarm System • Photo Identification- smart card access cards with key information • Closed-circuit television camera system • Weapons Screening systems • Security Guards • Two-way voice communications

  18. Security Policy: VPN and Firewalls VPN Firewall/Antivirus Symantec Endpoint Protection Software Virus scans should be performed daily. Updates to software should be done weekly • Certified members will be given credentials to access a VPN • Should only use the VPN while on a secure and authorized device

  19. Security Policy: Passwords • Strong passwords must be used • Requirements: • Must be 8 to 14 characters • Both upper and lower-case letters • At least one special character (!@#$%^&*) • Must be required to change password every 6 months • No sharing of passwords or writing down passwords

  20. Security Policy: Encryption • Encryption is an essential part of keeping information secure. • Encryption should be used on all devices and media types that contain sensitive data: Laptops, Desktops, Flash Drivers, CD’s and DVD’s, External Hard Drives, Portable Hard Drivers, E-mails and all file attachments • Encrypt all data going across the network • Symantec Endpoint Protection software

  21. Security Policy: Vulnerability Checks • System logs should be stored onto the server and regulated by alog analyzer in the IT Department. • Vulnerability checks should be performed weekly to check for any serious security flaws that may be present in the network

  22. Security Policy: Back-ups • Backing up data can help with prevention loss but also with security of information. Providing back-ups of logs and data make it possible for security audits to be performed if it is ever needed • Back-ups should be timed to automatically perform several times a day

  23. Disaster Recovery Policy • Goal: • To minimize the potential for information loss, legalities from information loss and get back fully operational after a disaster. • Three aspects • Loss prevention • During disasters • After disaster

  24. Disaster Recovery: Loss Prevention • Setup Cloud Storage • Office 365 • Salesforce • Accounting and payroll software • Backup onsite files 4x • 9am, 12pm, 3pm and 7 pm • Send backups offsite twice per week • Wednesdays and Fridays • Insurance • Malware attacks/intrusions • Firewall • Bit9 • Microsoft Intune • Barracuda Server • Install Cameras

  25. Disaster Recovery: During Disasters • Natural disasters • Evacuate personnel • Away from equipment • Shutdown breaker • Information attack • Take infected devices off network immediately • Minimize damage/possible infections.

  26. Recovery: After Disasters • Assess damage losses • Implement solutions for replacements • Utilizing insurance • Creating budget for hardware replacements • Restoration • Restore data from backups • Replacing damage hardware • Get back full operation ASAP

  27. Recovery- After Disaster • Information attack/intrusions • Determine the malware or type of attack on systems. • Check to make sure attacks did not affect any other devices. • Run the proper malware software to quarantine or remove threat.

  28. Budget

  29. Appendix A: Physical Diagram

  30. Appendix A: Physical Layout 1st and 3rd Floor

  31. Appendix A: Physical Layout 2nd Floor

  32. Appendix B: Logical Diagram

  33. Appendix C: Network Operating System Recommendations • Red Hat • Novell • Microsoft

  34. Red Hat • Number of clients supported: Unlimited (as long as hardware is capable) • Number of processors supported: 32 • Minimum and suggested hardware specifications: 1.5 GHz, 768MB RAM, 10GB Disk Space • Support for SMTP, HTTP, DNS, File & Print and Remote administration: • SMTP: Included • HTTP: Included • DNS: Included • File & Print Support: Included • Remote Administration: Included • Support for Windows, Linux, UNIX & Apple clients: Included • Back up capabilities: Included • Security Features: Open Directory & Kerberos • Licensing: $1,499 per year (starting) • Support Services: Phone support, web support, unlimited incidents

  35. Why Red Hat • The reasons for Red Hat being our first choice is because Red Hat provides operating system platforms, middleware, applications, management products, support, training, and consulting services. • Linux operating system overall is more secure • Failover • Redundancy • Backup features • Some interoperability which makes for a more efficient environment.

  36. Novell • Number of clients supported: Unlimited (as long as hardware is capable) • Number of processors supported: 32 • Minimum and suggested hardware specifications: 1.5 GHz, 768MB RAM, 10GB Disk Space • Support for SMTP, HTTP, DNS, File & Print and Remote administration: • SMTP: Included • HTTP: Included • DNS: Included • File & Print Support: Included • Remote Administration: Included • Support for Windows, Linux, UNIX & Apple clients: Included • Back up capabilities: Included • Security Features: Open Directory & Kerberos • Licensing: $799 per year (starting) • Support Services: Phone support, Unlimited technical Support, web support, 4 hour incident response time

  37. Why Novell? • Novel has a broad range of support options and tools available, including cross platform support for Windows, Linux, and Mac clients. • A centralized server deployment which allows administrators to manage server upgrades from a single location. • Allows Microsoft Active Directory-based applications to authenticate directly from Novell eDirectory.

  38. Microsoft • Number of clients supported: 32 • Number of processors supported: 256 • Minimum and suggested hardware specifications: 1.4 GHz, 512MB RAM, 10GB Disk Space • Support for SMTP, HTTP, DNS, File & Print and Remote administration: • SMTP: Included, needs to be configured • HTTP: Included through IIS (Internet Information Services) • DNS: Included • File & Print Support: Included • Remote Administration: Included • Support for Windows, Linux, UNIX & Apple clients: Included • Back up capabilities: Included • Security Features: Active Directory & Kerberos • Licensing: $3,999, includes 25 Licenses • Support Services: By contract, also large knowledge database

  39. Why Microsoft? • Microsoft is our 3rd choice because it has great tools, resources, and the ability to give more control to an individual. What makes Microsoft the last option is the cost of a Windows Server, the limited support for clients, and there is a limit on the number of clients for each license.

  40. Questions?

More Related