MEDICAL FACILITY NETWORK DESIGN

MANAGING NETWORKS LIS4482-01

DATE COMPLETED: 11/26/12

CREATED BY: CHELSEA COLLINS KARA JAMES ERIC LOPEZ TREVOR NORWOOD

LIS4482-01 Group 3 2012

EXECUTIVE SUMMARY
As part of this new medical facility that cares for the terminally ill we want to provide efforts to improve access to patients medical records, and maintain a high uptime percentage. This facility has approximately 225 users and 180 of those are mobile users that will need wireless support. In order to stay connected there will be wireless connectivity throughout the building and there will also be a data center on site that will contain all patient information and one offsite for backup. Internet access will be available on every computer and workstation and user authentication will be requested when accessing the internet. All patient information and records will be readily accessible using remote access. Depending on an employees position, some may have more access than others. All information will be encrypted to keep information secure. Employees that will be working outside of the office will have secure access to the network through a VPN account. The company we will be working hand in hand with is Microsoft. Microsoft has many products that our medical facility will benefit from. With Microsoft HealthVault we will be able to keep track of all patient records and have the ability to collaborate and query with other employees and share information. The importance of the access and uptime of the information servers is crucial. It is patients lives we are dealing with everyone needs to be able to have full access 24/7 to up-to-date information and records. A proper and effective networking infrastructure will be needed. The budget for this project is approximately $159,643.

PROJECT DESCRIPTION
The Medical Facility design will be using the most up to date technologies to ensure the 24/7 availability of crucial information. The network policies, design, and software choices reflect how critical the needs are of a Medical Facility. Our physical design is represented in Appendix A, where you can see that we have a Main Office Building with wireless routers and access points set up in specific locations. As seen in our physical diagram, Appendix A, for each workstation, on every floor, we will install a Dell Vostro 430 computer, a monitor, physical access to the networks and servers, printer access, and a VoIP Cisco SPA525G phone system. We will be using 1000BaseT Cat6 cable throughout the first, second and third floors of the building for more secure and reliable connections. In our Appendix B, you can see detailed information regarding the IP addresses of each device located at the Medical Facility and at the Data Center. In our Main Office Medical Building, the routers and switches will be placed in a secure room with key lock access to ensure that unauthorized users do not have physical access. Only authorized users will be able to gain access to the wireless

LIS4482-01 Group 3 2012

internet and the VPN. In our policy, we state that only approved devices from the IT Department will have access to any of our servers and networks. We decided that we design three servers total while also implementing shared storage devices to ensure easy storing for information and access.

NETWORK POLICIES
The configuration and design of this network was created with the intention being as reliable and efficient as possible. Since the Hospital is required to run continuously, these network policies reflect the importance of the patients reliability on the network and corresponding technology. The standard operating procedures given are meant to maintain the best connection and communication required for all users of the Hospital networking technology. Due to the importance of these networks, any misuse or alteration of the procedures could result in failure of the network or death of a patient, and as such must not occur without consequences. Below is a guide as to how the Network at the Hospice Medical and Data Center facilities will be used.

I. Printing Services All workstations within the Hospice Medical Facility will have access to printers. Each printer will be assigned an IP address with a password to access through FTP, and will be assigned to the closest workstation within the facility. The passwords assigned to access the FTP server will follow the strict password guidelines. Printing services should be used for Hospice Medical Facility purposes only. II. Internet Access All workstations within the Hospice Medical Facility will have access to an extremely high-speed Internet network. Networking, computing, and resources can be utilized from any workstation within the facility. All users must have a designated user name and password to be able to access the Internet, and will be able to do so from most computers. Internet usage will be constantly monitored to reduce security threats and protection of the Network. The Internet should be used for Hospice Facility research and communication purposes only. Remote access to the Hospice Internet network is only allowed to request or access required information by a certified user. III. User Administrations Account management and user information will be configured and managed by the IT department. After research of users and access restrictions, the IT department will assign authentication levels to certain users, depending on their rank within the facility and their requirement to access certain data. The only staff that will be given full credentials with no restrictions will be the IT department.

LIS4482-01 Group 3 2012

IV. E-mail usage All users will be assigned a designated company email and password to be able to access the Email Server, and will be able to do so from most computers. Emails will be constantly monitored to reduce security threats and protection of the Network. The company email address should be used for Hospice Facility research and communication purposes only. Email accounts will have a limited capacity of 25MB to save as much room for data as possible on the servers. V. Naming Conventions User Account Guidelines: First Name Initial Full Last Name Last two digits of year of employment If all guidelines overlap for 2 users, begin adding letters of alphabet Example: o Name: Edward Lopez o Employed: 2012 o Username: elopez12 o Name: Erik Lopez o Employed: 2012 o Username: elopez12a Administrator user accounts will have .admin o Elopez12.admin Equipment will be labeled by Type-Department-Room#-Equipment# o iPad-Nursing-223-6 (iPad #6 used for the Nursing Department in room 223)

VI. Storage allocation Users may use as much storage as needed in order to efficiently complete their tasks. The accounts will have access to their own personal user folder from any computer as well. Email is limited to 25MB an account and is stored on the mail server, allowing for a superfluous amount of memory that users may utilize. Considering the importance of Storage allocation, it is important for users to only store material and information related to the Hospice Medical Facility.

VII. Workstation Configuration Hardware Desktop Computers

LIS4482-01 Group 3 2012

Each workstation will be equipped with a: Dell Vostro 430 Mini Tower desktop computer with the following specifications: Intel Core i7-920 2.66GHz Processor 8GB DDR RAM 500GB Hard Drive Wireless-N LAN card 22in Samsung Monitor Phone lines Each workstation will also be equipped with a Cisco landline phone with a specific number and routing number. - Model: CISCO SPA525G *Other equipment such as tablets, cables, speakers, and other accessories will be provided upon request. Laptop Computers: Not all staff and employees will require use of a laptop. Those who wish to acquire one may write a request to the IT department. Doctors, Physicians, and Medical Directors will most likely require a more mobile form of accessing the networking, and will this be given priority over most other users. The IT department will research and determine if it is necessary to give out a laptop to a certain user when the request is received. Software Configurations: Each workstation will come equipped with the following software: Windows 7 (Microsoft Network version for servers) Microsoft Office 2010 Professional Adobe Acrobat Reader 11 Bit9 Cyber security and Spyware protection DropBox Palo Alto Firewall Symantec Endpoint Encryption VIII. Network Device Placement There will be dedicated room on each floor for a switch. All of these switches are wired to a single router located on the first floor. The first floor will have its own WAP exclusively for purposes of lobby and registration. The second and third floor will share a separate personal WAP.

LIS4482-01 Group 3 2012

IX. Protocol Standards Protocols such as Telnet and TACACS, along with any other remote access protocol, will be blocked from workstation computers. FTP and other such transfer protocols are only allowed to be used with the combination of SSH, considering the clear text of FTP is not the most secure, and as such will be monitored.

X. Environmental Issues The dedicated servers for the network will be contained within a temperaturecontrolled room to remove the possibility of overheating. A constant temperature of 70* Fahrenheit is suggested, as well as the average humidity around 55%. The room will also be equipped with many detection systems to ensure all systems are working fine with no threat. This includes fire and safety control, and humidity control. All these systems can be monitored remotely, with the option of sending remote alerts.

The use of surge protectors is important in the prevention of total system power failures. Uninterruptable Power Supplies (UPS) would be the best choice in this situation to protect the equipment from possible electrical problems. EMI issues can also be avoided through the use of shielded cables if need be.

XI. Patches All patches will be made Mondays at 6am, with the assumption that the network will be used the least during this time.

SECURITY POLICY
Security for the Medical Facility is extremely important because they hold very sensitive medical record information on all of their patients. We must take certain measures to ensure the safety and protection of patients and their information. These policies will be monitored and implemented by the hired IT department staff. We will be using highly secure technology including password requirements, alarm systems, access control systems, photo identification, CCTV, two-way voice communications, and weapons screening systems Electronic Access Control System will ensure protection of our data from the misuse of information by intruders and authorized members. We will implement four levels of users (Administrators, Level 3, Level 2, Level 1.) Level 1 Users will have the

LIS4482-01 Group 3 2012

most restrictions on access to information. These individuals will be the registration desk staff where they only need access to general information about patients, like appointment times, dates, room numbers, ect. There will be an appropriate authorization process for all of these users when they are hired on as staff. Background checks will be provided and the IT staff will create credentials based on the position of each employee. For remote access, the IT department will assign credentials to those authorized members or those who request access to the VPN. The IT department will give these individuals a secured device or laptop to access this system that has software and programs installed essential for the security of the laptop and the VPN. Our password policy will be as follows: Strong Passwords are required Requirements for each password are: o Must be 8 to 14 characters o Use both upper and lower-case letters o At least one special character (!@$%^&*) o Must be changed every 6 months o No writing passwords down or sharing passwords

For encryption, to prevent attacks, for firewall, and for antivirus we will be using Symantec Endpoint Protection software and installing this software on each device. Encryption software will be used for information shared across the network and information on all devices. Medical Facilities have highly confidential information that is being sent over a network and needs to be encrypted on all Laptops, Desktops, Flash drives, CD and DVD, External Hard drives, portable hard drives, E-mails.

Physical Access will be controlled to ensure the protection of all employees and patients by using the following systems: Alarm System Photo Identification- smart card access cards with appropriate information Closed-circuit television camera system Weapons Screening systems Security Guards Two-way voice communications

LIS4482-01 Group 3 2012

Disaster Recovery Policy Goal: To minimize the potential for information loss, legalities from information loss and get back fully operational after a disaster. Three aspects Loss prevention During disasters After disaster Disaster Recovery: Loss Prevention Setup Cloud Storage Office 365 Salesforce Accounting and payroll software Backup onsite files 4x 9am, 12pm, 3pm and 7 pm Send backups offsite twice per week Wednesdays and Fridays Insurance Malware attacks/intrusions Firewall Bit9 Barracuda Server Install Cameras Disaster Recovery: During Disasters Natural disasters Evacuate personnel

LIS4482-01 Group 3 2012

Away from equipment Shutdown breaker Information attack Take infected devices off network immediately Minimize damage/possible infections. Recovery: After Disasters Assess damage losses Implement solutions for replacements Utilizing insurance Creating budget for hardware replacements Restoration Restore data from backups Replacing damage hardware Get back full operation ASAP

Information attack/intrusions Determine the malware or type of attack on systems. Check to make sure attacks did not affect any other devices. Run the proper malware software to quarantine or remove threat.

LIS4482-01 Group 3 2012

BUDGET

10

LIS4482-01 Group 3 2012

APPENDIX A: PHYSICAL DIAGRAM

11

LIS4482-01 Group 3 2012

APPENDIX B: LOGICAL DIAGRAM

12

LIS4482-01 Group 3 2012

TEAM CONTRIBUTION
As a team we all contributed to this project. There were 8 sections that needed to be completed; therefore we each chose the items we would do. Chelsea Collins: Executive Summary, Budget, Assembled Deliverable, Contribution Summary Kara James: Written Description, Security Policy Eric Lopez: Network Policies Trevor Norwood: Disaster Recovery Policy, Appendix A, Appendix B Executive Summary: Researched and compiled information on medical facility networks. Reviewed our plan and wrote a summary. This summary would be used to inform upper-level management of the proposal. Budget: Created a list of items that will be needed to implement a new network infrastructure. Researched prices of the items and created a spreadsheet to reflect the information found. Computed the costs and came up with a final budget price. Written Description: Review our plan for the network infrastructure. Describe the network proposed and explain reasoning behind decisions. Security Policy: Decide on policies that need to be in place to secure the network. Compile policies that will be used in the medical facility to protect information and security violations. Network Policies: Decide on policies that need to be in place to operate efficiently and safe. Compile policies that will be used in the medical facility. Disaster Recovery Policy: Compile procedures and policies that will be followed in case of a disaster. Decide on the best recovery techniques if a disaster were to happen. Appendix A: Configure a physical layout of the medical facility network, created in the software program Visio. Appendix B: Configure a logical layout of the medial facility network, created in the software program Visio.

13