Professional Documents
Culture Documents
Medical Facility Network Design: Management of Network & Telcom - LIS4482
Medical Facility Network Design: Management of Network & Telcom - LIS4482
Medical Facility Network Design: Management of Network & Telcom - LIS4482
User Administration: Each employee will be able to login to company computers and networks using their employee ID number as the username and a twelve-digit password, provided to them by the network administrator. Only the network administrator can change the employees password. Once an employees contract is terminated, their username and passwords will be deleted from the system. More information about user IDs and passwords can be found in the security policy. Internet Access: Internet access will be provided wirelessly throughout the medical facility and data center via user login. There will be temporary usernames and passwords provided to guests via check-in. The network will have a filter to block explicit content, social media websites, video content and adobe flash. This will allow the network to run faster during peak times. The network administrator will monitor all network traffic and handle any network issues reported. Printing Procedures: Printing is only available on VPN connected machines with Line Printer Daemon installed. Employees can choose from a provided list of printers within the LPD interface. Printing will be limited to 100 pages per printing session. Employees can refill paper trays, change ink and toner cartridges and adjust printer settings as needed. Printers are only for work related documents. The same guidelines apply for Fax machines. Printer and fax materials can be found in the division supply rooms. Storage Allocation:
Example: o 2934MF072111CC John H. Doe [2934], Medical Facility [MF], Date Received [07/21/11], Department: Critical Care [CC]
Protocol Standards: The following is a list of protocols that should be implemented for use within the company. FTP (File Transfer Protocol) a standard for the exchange of program and data files across a network. (TCP port 21) SFTP (Secure File Transfer Protocol) a more secure form of file transfer protocol because of encryption. (TCP port 22) TFTP (Trivial File Transfer Protocol) used for automated transferring of configuration or boot files between machines in a local environment. (UDP port 69) SMTP (Simple Mail Transfer Protocol) an Internet standard for e-mail transmission across networks. (TCP port 25) IMAP (Internet Message Access Protocol, V4) a protocol for transferring e-mail between servers. (TCP port 143) SNMP (Simple Network Management Protocol) used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. (UDP port 16) SSH (Secure Shell) a network protocol that allows data to be exchanged using a secure channel between two networked devices. (TCP port 22) HTTP (Hypertext Transfer Protocol) the data transfer protocol used on the World Wide Web. (TCP port 80)
Network Device Placement: Network devices will all be placed in appropriate places within each facility. Access will be restricted to only authorized users. In the data centers main server room, there will be four MacPro Servers and a Linksys switch to connect it to all the local workstations through multiple CAT5e-RJ45 cables. All external connections will be through the VPN, which is operational through the Airport Extreme connected to the main switch. All these hardware components are located in the secured server room.
Power Configurations: The implementation of the Advanced Configuration and Power Interface (ACPI) provides an open standard for device configuration and power management by the operating system. The standard brings power management under the control of the operating system. Because every machine in the medical facility and data center are powered by alternating
IV. Security Policies This section includes the policies of the security in place at the medical facility. IDS/IPS & Regular Vulnerability Assessments:
Overview
Intrusion Detection System (IDS) is used to monitor the network for malicious activity and creates a report based on data retrieved. Intrusion Prevention System also monitors the network for malicious activity and attempts to prevent said activity from occurring.
Purpose
The purpose of these policies is to ensure the overall security of the network.
Scope
Policies
Cisco ASA 5500 Series IPS Solution will be used Provides services such as URL blocking, anti-virus, anti-phishing, etc. Logs must be checked daily for suspicious activity. Network administrators will assess the overall vulnerability of the system every 6 weeks.
Enforcement
Any employee who does not follow these policies is subject to disciplinary actions.
Overview
Purpose
Scope
Policies
All users are accountable for any usage on their account. Users must log off their accounts when away from the computer. Users must not allow anyone else to access their account. User access is based on the principle of least privilege. All users are given limited access based on what they need to do their job.
Enforcement
Any employee who does not follow these policies is subject to disciplinary actions.
Physical Security:
Overview
Physical security is crucial in keeping the hospital personnel and patient information secure.
Purpose
The purpose of this policy is to ensure the protection of employees, patients, and sensitive information.
Scope
Policies
All employees must scan their badges before entering a secure room. Employees who do not have permissions to be in a room will not have badge access. Each time an employee scans their badge, their location is logged (time, date, and location).
Enforcement
Any employee who does not follow these policies is subject to disciniplanary actions.
Audit Policy:
Overview
Audit policies are used to track and monitor changes in the system. This is important because it helps identify any corruptions or malicious activity through the medical systems.
Purpose
Scope
All employees are accountable for their activities on hospital computers and networks.
Policies
Each time a user logins to a computer the time, date, and location is logged. Each time account information is changed the information is logged. This includes, but is not limited to password changes, account creation, disabled accounts, new accounts, and group changes.
Each time a computer is rebooted or turned off the time, date, and location is logged. When files or folders are accessed on a computer the user, date, time, and located is logged.
Enforcement
Any employee who does not follow these policies is subject to disciplinary actions.
Overview
The virtual private network (VPN) provides remote access to the medical facilities network.
Purpose
The purpose of these policies is to identify the acceptable usage of the VPN in order to protect the network and patient data.
Scope
Policies
Users must ensure that they are using a secure network connection prior to remotely accessing the virtual private network.
Only authorized users and employees may connect to the VPN. All devices connecting to the VPN must comply with the facilities rules and procedures.
Users must disconnect from the VPN when the device(s) is no longer being used.
Enforcement
Any employee who does not follow these policies are subject to disciplinary actions.
Password Policy:
Overview
Passwords are an important part of computer and network security. By choosing a poorly rated password, it could compromise the company.
Purpose
The purpose of these policies is to ensure the protection of the medical facilities computers and networks.
Scope
In order to ensure the security of the company every employee is required to follow the password policies.
Policies
All administration users must change their account passwords every 60 days. All users must change their account password every 4 months. Passwords must contain lower-case, upper-case letters and numbers (a-z, A-Z, 0-9). Passwords must end with four numbers (RuUz 7aK4 6325) Passwords must be at least 12 characters. Passwords may not contain dictionary words. Passwords may not be sent through email, or through any other means.
Password Protection
Do not trust anyone with your password. Do not use familiar names for your password. Dont use a family name or pets name. Do not write your password down.
Enforcement
Any employee who does not follow these policies is subject to disciplinary actions.
Overview
Federal law protects patient health information and it may only be given out to patient designated individuals. This is to ensure the privacy and safety of patients.
Purpose
The purpose of information sensitivity policy is to help health care professionals and employees determine what information can be released to non-employees.
Scope
Policies
Each healthcare professional must be aware of and follow HIPAA regulations. All employees are required to keep all patient information private. Sensitive data must be discarded appropriately using HIPAA standards.
Enforcement
Any employee who does not follow these policies is subject to disciplinary actions.
Wireless Policies:
Overview
Wireless Internet is offered throughout the hospital for the use of employees and authorized guests.
Purpose
This policy is designed to ensure the protection of the wireless network and patient information.
Scope
All employees and guests with access to the wireless network must abide by these policies.
Policies
Only Wi-Fi enabled devices may connect to the wireless network. The SSID must not contain any characters that reveal the location of the wireless. The SSID broadcast must remain disabled. The wireless network must be WPA encrypted.
Enforcement
Any employee who does not follow these policies is subject to disciplinary actions.
V. Disaster Recovery Policy Back up Procedures: The system will perform several different types of backups including full, differential, and incremental. The system will perform a full back up once a month. These backups will be performed on the last Sunday of every month at 3:00am. These backups will be kept for one
Disconnect your computer from the internet If connected wirelessly, disable all wireless connections. If wired connection, disconnect Ethernet cord from computer. Call the IT department as soon as possible to decrease the risk of further
infections.
Disk/fault tolerance: Fault tolerance refers to the ability of a system to function after part of the system fails. Without this feature, data loss and software corruption could cause significant problems throughout the medical facility. Servers will be equipped with RAID 5. This will ensure that
VI. Budget Spreadsheet Product Name Cost # Total Cost Annual Cost
Apple Mac Mini with Lion Server Apple Mac Pro w/ Lion Server Apple Time Capsule 3TB Airport Extreme 802.11N Apple iMac21.5- Inch: 27 GHZ Verizon Mobile Broadband Plans 10GB data @ $80/ month Apple MacBook Pro 13 Inch 2.4 GHZ iPhone 3gs 8GB 20FT 24AWG Cat6 550MHz UTP Ethernet Bare Copper Network Cable - Black
1 4 2 2 14
$959.45
$0.00
$14,796.00 $0.00 $978.00 258 $20,986 $0.00 $0.00 $0.00 $192,000 $0.00 $202,473 $0.00 $0.00
$74.99 monthly 225 $8,322.75 36.99 one time fee $3.16 20 1 $63.20 $110.30
1000FT 24AWG Cat6 550MHz UTP Stranded, In- $110.30 Wall Rated (CM), Bulk Ethernet Bare Copper Cable - Red High Quality 8P8C RJ-45 Network Cable Crimper $5.23 RJ-11 and RJ-45 Modular Plug Tester RJ-45 MODULAR PLUGS RJ45 - 100 PACK FOR SOLID $6.89 5.25
9 3 3 6
Acer S200HLAbd Black 20" 5ms LED Backlight Widescreen LCD Monitor
$89.99
XEROX WorkCentre 4260/XF MFC / All-In-One $4,954.98 Up to 55 ppm Monochrome Laser Printer Brother MFC-5490CN Up to 35 ppm 6000 x 1200 $131.99
1 1
$4,954.98 $131.99
$0.00 $0.00
ZyXEL ZyWALL USG20 Internet Security $158.99 Firewall with 4 Gigabit LAN/DMZ Ports, 2 IPSec VPN, SSL VPN, and 3G WAN Support Cisco-Linksys EZXS16W EtherFast 10/100 16Port Workgroup Switch McAfee VirusScan Enterprise IBackup 1000GB Plan $62.75
$158.99
$0.00
$188.25
$0.00
5757.75 $1999.50
$326,912.85 $402,230.25
Cost Justification 1. Cisco SPA 504G VoIP Phone (20 @ $126.43 each)
a. Ethernet cables to provide all desktop nodes, printers, and fax machines with network access.
2. 1000FT 24AWG Cat6 550MHz UTP Stranded, In-Wall Rated (CM), Bulk Ethernet Bare
Copper Cable - Red ($110.30) a. Cat 6 network cable used for all internal office wiring. 2. High Quality 8P8C RJ-45 Network Cable Crimper (Nine @ $5.23) a. Used to crimp RJ-45 to Cat6 network cable 2. RJ-11 and RJ-45 Modular Plug Tester (Three @ $6.89) a. Test cables that have been crimped 2. RJ-45 MODULAR PLUGS RJ45 - 100 PACK (Three @ $5.25) a. RJ-45 plugs for Cat6 cable. 2. XEROX WorkCentre 4260/XF MFC / All-In-One Up to 55 ppm Monochrome Laser Printer ($4954.98)
resilient system for fast, scalable delivery of mission-critical business applications 2. ZyXEL ZyWALL USG20 Internet Security Firewall with 4 Gigabit LAN/DMZ Ports, 2 IPSec VPN, SSL VPN, and 3G WAN Support ($158.99) a. Comprehensive threat protection firewall, vpn, and content filtering. Offers bandwidth
management for traffic prioritization for VoIP or mission critical applications. 2. Cisco-Linksys EZXS16W EtherFast 10/100 16-Port Workgroup Switch (Three @ $62.75) a. 16 port workgroup switch. 2. McAfee VirusScan Enterprise (225 @ $25.59/year) a. Virus scanner for all computers. 2. IBackup 1000Gb/month Plan