Medical Facility Network Design Mgt Networks & Telcm LIS4482

Executive Summary
The Medical Facility Network Design Team is here to present several implementations in which the medical facility will undergo. This plan is guaranteed to provide successful and beneficial results to quality care of the customers, as well as give confidence to the employees who work to achieve great customer service and care. To start, the policies written are meant to guide the employees into using the new equipment effectively. The policies consist of different subjects that should be reviewed with each department. In our report we have Network Polices in which explain how our Network is made up and important information that must be followed by the IT department to ensure maximum use implemented from the system. Next we cover our security policy which helps set a standard for protective and defensive measures against internal and external threats. The security policies go in depth with Account Access, Password Requirements, Network Access, Logging Practices and Regular Vulnerability Assessments. All of these points were stressed, explained and reiterated for maximum clarification. Along with the Security Policies we have a Disaster Recovery plan in which details steps to be taken in response to a disaster. The Disaster Recovery plan goes in depth about how lost information will be attained again, power failures and how we plan to keep computers, servers and other networking equipment running when power is not available. Along with our Disaster Recovery plan, detailed diagrams of our physical network and logical network will be available to the medical facility. With these diagrams we hope to have a detailed record of everything in order to make complete use of the systems. Lastly the budget will be in a spreadsheet available to senior management. This will allow the company to take a look at exactly where the money is going and what systems are being implemented. With all of this we hope that you will consider our proposal and trust our company will work hard to keep the customers and the employees of the company as happy and successful as possible. Thank you The Medical Facility Network Design Team.

Written Description
Network Description Medical Facility Data Center The Medical Facility Data Center is the central information technology hub for IT services and applications. These include: Medical Records management, email, file and print services. SMTP, HTTP, DNS, File and Print, Databases and Centralized User Management. Separate database for Patient Data from other databases. Core Switches, Firewall / VPN (ASA), ISP Routers, Switch, Internet Service Provider (ISP), ISP Demarks Two Internet Service Providers, ISP1 and ISP2, provide separate, non-overlapping, T3 (45MB) Internet access connections to ensure continuous Internet access. A stringent climate controlled environment is maintained for the servers and network equipment. All devices are on Uninterruptible Power Supplies (UPS) and a building backup generator to ensure no loss of power. Medical Facility Office Building Office Areas Each office is wired with one or more CAT6 Ethernet drops, which physically connect to edge switches in the network closets located on that floor. All network drops are less than 300 feet from the network switches. Wireless Access Points are located throughout the floor, connected to the edge switches in the network closets and power using Power over Ethernet (POE). Network Closets Each floor has a network closet located in the center of the floor, next to the stairwell. Each network closet contains mid-tier/edge switches which aggregate the physical network drops for that floor, including the wireless access points. The mid-tier/edge switches provide Power over Ethernet (POE) to the Voice over IP (VOIP) phones and Wireless Access Points. The mid-tier / edge switches connect via fiber to core switches located in the network access room. Network Access Room Core Switches, Firewall / VPN (ASA), ISP Routers, Switch, Internet Service Provider (ISP), ISP Demarks, UPS, Generator, Automatic Transfer Switch Inter-Building Communications Medical Facility Data Center and Medical Facility Office Building are connected via a 260MB wireless bridge connection using directional antennas. A backup communications route is provide by a point-to-point encrypted VPN tunnel using a T3 (45MB) Internet Service Provider (ISP) connection. Remote Client Access Remote clients connect to the Medical Facility by establishing a VPN connection to the Medical Facility Data Center.

Network Policy
i. ii. iii. iv. v. vi. vii. viii. Internet Access Printing Storage Allocation Email Usage User Administrations Naming Conventions Protocol Standards Workstation Configuration a. Hardware b. Software Network Device Placement Environmental Issues Power Patches to Operating Systems

ix. x. xi. xii.

i. Internet Access A web browser is made available on all hospital machines. Users are responsible for all access points they reach and all information they receive from the Internet. If any information is viewed that is considered inappropriate, obscene, illegal, or that violates any part of this policy, network privileges may be revoked. Users may only copy resources from sites that have a copyright policy that allows it. A pop-up blocker will be installed on browsers to avoid harmful websites and annoying advertisements. Any illegal action may subject the user to prosecution from local, state, or federal authorities and is considered a violation of policy. Websites containing adult content, streaming media, peer-to-peer software, social networking, and games are filtered from the websites accessible by employees. Attempting to access these services using a proxy or other software is prohibited and considered a violation of policy. Use of the Internet in any way that is considered disruptive or harmful to others or any attempt to conceal ones identity from others by using an IP blocker or similar tool is prohibited. All attempts to gain access to unauthorized information through the Internet such as passwords or personal data are considered a violation of this policy. Using network services to solicit or advertise any product or service is strictly prohibited. ii. Printing Printers are provided on each floor of the building and can be accessed through the network without a physical connection from a users computer. Printers are for hospital employees only. Staff should be considerate of other employees printouts by keeping the pages together and not removing them from the printing area. Forgotten printouts can be picked up the following day at the receptionists desk and will be shredded and thrown away at the end of the week if there is no

name associated and they are not claimed. When more than one print job is submitted at once, or if the printer is out of paper or ink, print jobs will be stored in the print queue until the printer becomes operational again, and print jobs will resume in the order they were submitted. Employee can check the status of a print job or delete a print job from the Network Print Queue icon located on their desktop. Paper and toner are supplied, monitored, and installed by support personnel. Other personnel should not open the printers to add or remove paper or clear any printer malfunctions. Printer malfunctions should be reported to the IT helpdesk. Abuse of network printer resources will result in suspension from printing privileges. Abuses include, but are not limited to, printing on a medium not designed for network printers, activities that could harm network printers, and activities that could deny other users access to network printers. iii. Storage Allocation All network accounts are created with a limited amount of allocated storage space. The amount of space varies depending on user authority and privileges. When the allocated storage space is 90% full or above, a warning will be displayed on the users screen once an hour until enough files are compressed or deleted so that the users storage falls under 90% of their total storage quota. If the user fills their storage quota to 100%, a warning will be displayed once an hour for 24 hours or until the users files are compressed or deleted so that the total amount of storage space used falls under 100% of the storage quota. If enough space is not made in time, the user will temporarily lose storage privileges and will not be able to create files until falling back under the storage quota. No games or copyrighted material may be stored on the allocated storage space unless specific permission is given. The system administrator may give extra storage to users temporarily on a case-by-case basis. iv. Email Usage Microsoft Outlook is provided as the email solution for hospital staff. An email address is created with each new account username. The address for each user is username@hospital.com. The hospital reserves the right to deny any inappropriate, obscene or offensive email addresses. Users are encouraged to read their email often and file or delete any unwanted messages. Users are given 100MB allocated storage space for email messages and are limited to 50MB per email. It is recommended users use FTP for any files larger than 50MB. To prevent the loss of confidential patient information, no file attachments will be allowed to be sent or forwarded outside of the hospital network. File extensions .scr, .exe, .bat, .com, .help, and .pif will not be allowed into the network as email attachments to avoid viruses. Users should be aware that email is not private or secure although the hospital makes an effort to ensure confidentiality. Do not send secure or confidential information over email. All email is processed by a spam filter to prevent any security threats from entering the network. The IT department must preapprove connection to any external servers used to receive email on the network. v. User Administrations Creating a new user account constitutes an agreement between the user and the hospital that the user understands and will abide by all company network and security policies. Each user account is intended for a single user only and sharing usernames and passwords is strictly prohibited.

Each user is responsible for the security of their account and is responsible for any actions taken by their username on the network. An account may be revoked if it is found to have been used to violate any portion of the hospitals policies. Any usage of an account that violates any local, state, or federal regulation is considered a violation of hospital policy even though that activity may not be explicitly restricted by this policy. Active accounts are changed to inactive prior to deletion. When inactive, a user account has no access to the network and email sent to the user is returned to the sender. Once an account is deleted, the username will be considered unused and all files on the users allocated storage space will be deleted. Accounts may also be placed on restricted status if a misuse of network resources occurs. In this case, when a user attempts a login, a warning will be displayed requiring the user to see the system administrator before account privileges are reinstated. Users should always log out when they leave their workstation to avoid security risk. Accounts will log themselves out after 10 minutes of inactivity. vi. Naming Conventions A hospital wide naming convention must be used to identify all devices on the network. When naming a device the format is as follows: building name, room number, and a unique numerical or alphabetical suffix. For example, if there were three devices connected to the network from the data center, room 101, they would be named DAT-101-1, DAT-101-2, and DAT-101-3. vii. Protocol Standards Only TCP/IP suite traffic will be routed across the network backbone to prevent security risks. Unencrypted UDP traffic will be dropped before entering the network. Use of FTP must be used through an SSH client and sensitive files must remain on the network at all times. SMTP and IMAP will be used for email. The IT department will use a firewall to keep out other potentially harmful protocols such as ICMP to avoid smurf attacks. viii. Workstation Configuration a. Hardware The IT department will perform the initial configuration of all workstations on the network and will have full administrative access to workstations. Connection and use of any unauthorized network devices such as switches, hubs, routers, firewalls, servers, etc. will be detected by hospital security software and may result in disruption of network services. This is a violation of policy and may result in loss of network privileges or termination. Wiring may not be modified by anyone other than the appropriate hospital personnel. All hardware connected to the network must be preapproved in writing by the IT department. The IT department is responsible for timely review of a requested device and authorizing its purchase and use on the network. IT is also responsible for management and maintenance of all network devices and cabling. Providing outside access to anyone through the network is strictly prohibited and may result in loss of network privileges or termination. b. Software In order to comply with copyright laws, use of peer to peer and multimedia sharing software such as Limewire and Bittorrent are prohibited on the network. Also, streaming media websites such as YouTube are prohibited to preserve CPU cycles and network bandwidth for work related

use. Installation of multicast software must be approved and scheduled by the IT department to prevent disruption of network services. Any software downloaded from the web must first be approved by IT before download. Other software required for work will be provided and installed by the hospitals IT department as needed. Macros for processing programs such as Microsoft Office will be disabled to avoid macro viruses. ix. Network Device Placement No new network devices may be placed at any point on the network without approval by the IT department. Placement of a network device or modifying wiring in any way without explicit written permission from the IT department is a violation of policy. Network devices have been placed for the most secure and efficient use of network resources and any modification to their placement, or addition or removal of devices is the responsibility of the IT department. x. Environmental Issues The hospital aims to reduce its impact on the environment as much as possible and reduce its effect on natural resources. It is the hospitals policy to also ensure that no waste is left unmanaged so that no human beings are harmed. Hazardous chemicals will be disposed of quickly and properly, and emptied weekly by an external hire. Every desk will have its own trash receptacle that the hospitals custodial staff will empty daily. Employees should never throw away any documents containing sensitive information without shredding them first. Shredders will be located on each floor for this purpose. xi. Power The hospital employees machines will run on Windows Vista operating system, which has three power policy options as follows: Power Saver- delivers maximum power savings at the expense of reduced performance; Balanced- automatically balances power consumption and performance according to demand; and High Performance- delivers highest performance at the expense of higher power consumption. It is recommended that users only run their operating systems on Power Saver or Balanced settings to conserve energy, although in some circumstances when time is an issue exceptions can be made. Users are responsible for their own power consumption and are asked to use discretion when switching to High Performance and switch back to Balanced or Power Saver when High Performance is no longer needed. Power settings can be changed by clicking the Power Options icon in the Control Panel. xii. Patches to Operating Systems It is the IT departments responsibility to ensure that all the devices on the network have up to date virus protection software, virus definition libraries, and the most recent operating system and security patches installed. It is the responsibility of the Network Operations division of IT to install these defenses and keep them current. They will be responsible for researching new patches and scanning the network for any potential vulnerability or security breaches, and relaying this information to the chief information security officer. This division will be responsible for installing all patches, and will prioritize them based on the criticality of their installation. Criticality levels are as follows: Emergency- patches an imminent threat to the network; critical- targets a security vulnerability in the network; non-critical- standard patch

release upgrade. Network Operations will evaluate the effect of the patch on the system before upgrading and will assess its criticality to each type of device on the network. If the patch is considered critical or non-critical, the patch will undergo testing before implementing it on the entire network. If it is considered an emergency, Network Operations will forgo testing so as to not pose a security threat to the network. After the patches are installed Network Operations is responsible for verifying that there are no adverse effects of the patches installation.

Security Policy
Account Access Policy User account access into systems is highly important, and very much so taken seriously in the IT department. Account access allows for users such as your selves to attain information certain systems that they are in. For example doctors and receptionists will need to be allowed account access into patients personal files. However janitors and accountants will not need this information, allowing access to this information to anyone will create UN needed controversies in the work place. For these reasons being said, account access to certain systems by certain employees will be allowed. Each employee will be evaluated and questioned about their duties on site, and will there for be appointed a certain account access pass which will allow that employee access to the information their job requires them to use. Password Requirements It is important to note that passwords are very important and will be strictly enforced. With the account access policy being placed another form of security that will help is password security. It is important to note that the longer your password the better protected you are. However it is also important to note that the longer the password the easier it is to forget. Because of this fact a password of 8 characters will be required. These 8 characters can use letter (ABC), Symbols (%$#@), and number (123). It is imperative that every employee use these methods for maximum protection. Network Access Network access to the Internet will be in a structure like so. The 200 users on mobile devices will have wireless Internet. The wireless Internet will have a password to keep outside civilians from access into the network. However that does not guarantee security from your information being stolen and or used against YOU! It is important to remember that wireless Internet is NEVER safe and should never be taken lightly when doing personal banking, instant messaging, and or anything else that could go against you. Network access for the other 25 users will be mostly wired access into the Internet, although private WPA2 protected wireless is available in the office building. It is important to note that the chances of information theft is much lower, however it does not make you completely immune from threat. Logging Practices It is important to keep in mind that activity done at work is to be only work activity. This will not only help in keeping our networks safe but will also help in keeping our networks secure from extra web related hassles. Along with these guidelines logging practices will be administered 24/7. We will be keeping track of all incoming and outgoing activity, as well as making sure that the networks are not being used for malicious activity. All activity on the web will be watched

monitored and recorded for network safety. It is important that all employees understand the importance of this implementation on the network. As many employees are aware there is much information that must be kept secret and or protected from outside influence. Because of this precautions such as 24/7 monitoring of the network, and intense logging practices must be implemented. IDS/IPS & Regular vulnerability assessments As stated above the importance of the It Systems are the core essentials needed for the hospital. Because of this we are well aware that unfortunate mishaps may occur due to a malfunction in the system, viruses and or malicious activity. Because of these concerns regular vulnerability Assessments will be taken place. However before continuing it is important to explain the IDS and IPS systems. An IDS (Intrusion Detection System) does exactly what the name suggests. It detects when the network has been infected and or attacked with malicious software. It makes this prediction with data that it compares the malicious software too. The system then compares and contrasts the malicious software eventually determining whether the software is malicious or not. Once it is determined an alert is sent, which then causes an event that something is wrong. A IPS (Intrusion Prevention System) does what the name suggest once again, except this time the IPS prevents the malicious software from actually entering the mainstream data (granted the IDS and IPS are placed in front of the servers where all the information is held). These assessments will take place every Sunday at the end of the work day. With this in place we plan to apply various stress tests on the network to see how responsive the system is. We will also apply various situations on the system that a hacker may attempt to achieve when attacking the system. With these tests we plan to test the vulnerability of the current system, test the responsive system of the IDS and also test the fluency of the IPS as well as apply various patches to help with the problems that are run into during the tests. Encryption use Protection many of you can tell is a very important part of keeping our systems safe. As well as making sure that the systems we have in place are protected we also care about our customers and your personal information. Sometimes the use of passwords and firewalls are not enough to do the job, because of this encryption will also be a part of our systems configurations. Many of you right now may be asking what exactly an encryption is. Well to keep it short and sweet it simply protects your already protected data even further. It will help with making information that is sent along the data from being able to be read aside from who the message is intended for. The way data will be transfers is over Secure Shell protocol, and also File Transfer Protocol. These protocols allow for users such as you to transfer data from one place to another safely. Without protocols such as these, it is possible for people who have unauthorized access to steal the information. Although it may seem a little over done and or stressed. It is important to remember that data should be protected no matter what the circumstance and over protecting data from outside influence helps to keep patient and your data safe and secure.

Physical Access to buildings Gaining access to the building will be granted to everyone with an authorized Smart Card. However when inside the smart card+Pin# will allow employees access to different rooms in which they are authorized access for. For example building access will be granted to doctors as well as nurses, however when inside the building doctors and nurses will all have different security clearances with different security requirements. Doctors may be able to access room in which customer files may be regarding surgery which will consist of the smart card and also the pin#. A nurse will not have to need access to files regarding surgeries so this extra security measure will increase security. The same will account for the computer analysts and the accountants. Computer analysts may be needed in the server room which will require their smart card and pin#, however accountants will not need to have access to that same room. This implementation will help with adding security and preventing people from wanting to access information that they dont need to.

Disaster Recovery Plan

Risk Assessment Each item below has been assessed for risk in relation to the hospital. The escalations of risk levels are as follows: low, medium, or high risk. Items labeled high risk will be addressed as more valuable to secure than those with lower risk levels. Environmental Disasters: Tornado- low Hurricane- medium Tornado and hurricane related damage will be avoided by installing hurricane shutters on all windows in the data center building and having no windows into the server room itself. Flood- medium Flooding will be avoided by building the data center on the second floor. Snowstorm- low Drought- low Earthquake- medium Should an earthquake occur and damage to the server room occurs, it will be a designated employees responsibility to reinstate the system from the latest virus-free backup. Electrical Storms- medium Fire- medium Fires will be suppressed by Aero-K. No sprinklers will be installed inside the data center. AeroK dispensers will be installed because they are aerosol based suppression systems that snuff out fires by removing oxygen from the air, and they leave little residue. They also have a smaller impact on the environment than other suppressors such as Halon 1301. Landslides- low Freezing- low Contamination- low Epidemic- low Deliberate Disruption: Terrorism- medium Sabotage- medium War- low Theft- high Theft will be avoided by installing a security system in the data center, which will have only one entrance. Authorized employees will use a smart card and accompanying passphrase to access the server room. Cameras will be installed in the server room to monitor employee activities and there will be a 24-hour guard watching the camera feeds.

Arson- medium Loss of Utilities and Services: Loss of electricity and communications will be avoided by establishing redundancy in the network, as shown in the network diagram. Backup generators will be installed in all buildings and a water tank will be used as a backup water supply. Should regular communications services be interrupted, employees will have battery-operated walkie-talkies to communicate important information, with separate designated channels for medical staff, IT, HR, Billing, and Accounting. Electrical power failure- high Loss of gas supply- medium Loss of water supply- high Petroleum and oil shortage- medium Communications services breakdown- high Loss of drainage and waste removal- low Equipment or System Failure: Internal power failure- high Should internal power failure occur, backup generators will go online as soon as possible until the problem can be fixed. Uninterruptable power supplies will be installed on important hardware to ensure it will be back on immediately after the outage occurs. Air conditioning failure- medium Information Security Incidents: Cyber crime (includes all forms of computer-based attacks)- high Anti-virus software will be installed throughout the hospitals entire system, and will be updated as often as patches are released. A firewall will be added to the network to ensure only safe traffic enters the network. A network-based Intrusion Prevention System (IPS) will also be installed to monitor traffic to make sure there are no intrusions from external or internal systems. It bases its detection of intrusion on both misuse and anomaly detection. If any irregular activity occurs, the IPS operator will be notified immediately. It can take active measures to drop connections, disable systems, end sessions, or drop traffic from a certain IP address. In case a virus does get through the systems defenses, the infected machine will be reformatted and the latest backup will be installed after scanning the tape for viruses. Loss of records or data- high Backups of all data stored on the hospitals system will be made using tapes and the grandfather, father, son system. A backup of the system will be made daily, weekly, and monthly. Backups older than one year will be moved to a secure location and stored in a weather-safe vault for safekeeping. This will ensure that the hospitals data will maintain its integrity in case of

modification attacks or a virus. The system will be restored from the latest backup after the backup is scanned for viruses. Disclosure of sensitive information- high Sensitive information will only be allowed to be accessed by authorized employees. Employees statuses in the network will be moved to inactive once they are terminated or retire so that they may not access the hospitals data once they are no longer a part of the staff. Email will be monitored so if a leak of sensitive information is made through the mail system it will be traceable back to the employees account. Employees will be held individually accountable for the sensitive patient data they are responsible for. IT system failure- high IT systems failure will be dealt with by the IT department by developing software in separate environments before any software is made available hospital wide. The first environment will be a sandbox where any changes made will not affect the actual hospitals systems. When a general structure has been developed, this software will be escalated into a development environment, where further development will take place until functionality requirements are met. Once this occurs, software will be moved into a testing environment, where testing and final tweaks will me made to ensure that the program is functional, efficient, and secure. Then, finally, the software can be escalated into production, where it will be made available to other hospital employees. This process will ensure that the lowest possible amount of software failure will occur. In case of hardware failure the servers have been linked together using clustering, distributing the network service requests across multiple servers. So if one server goes down, the another server will take over that servers request load, providing an extra layer of fault tolerance for over 99.99% uptime. Other Situations: Workplace violence- medium Public transportation disruption- low Employee morale- medium Negative publicity- low Health and safety regulations- high All health and safety regulations put into effect will be strictly adhered to and failure to comply with these regulations may result in suspension or termination. Legal problems- high Legal issues arising from medical care and malpractice are somewhat common and will be dealt with by the legal department on a case-by-case basis. Disaster Procedures All hospital employees should be familiar with these procedures put in place to reduce risk of data loss and to help restore services as quickly as possible. Designated employees will be responsible for reestablishing telecommunication and data services at an offsite location in a

timely manner. This group will be referred to as the Crisis Management Team (CMT). Following a disaster, the recovery plan will be as follows: Immediate Reaction Contact the fire marshal and appropriate emergency personnel. Evacuate the medical facility to another hospital as quickly as possible. Should any patients be in a condition where they cannot be evacuated, they will be taken to a secure wing of the hospital where a few designated members of staff will monitor their condition until the danger passes. A member of the CMT will pack up critical data from the data center and backup tapes as quickly as possible. A member of the CMT will gather work in process and unprocessed work. All employees who are not helping evacuate or care for patients gather at a predetermined safe location. Each department should have a list of disabled employees so they can be helped to the location. A headcount will be made to ensure all employees are present. Should anyone be missing, contact emergency services. Remain in this location until emergency services give the ok to go back to work or to go home. Crisis Management Team Mobilization Crisis Management will be responsible for saving and recovering as much valuable data as possible at the time of the disaster and also for reestablishing prior business practices after the disaster. The leader of the CMT and the entire Disaster Recovery Plan is the Disaster Recovery Specialist, who will be responsible for mobilizing each team. The CMT should enlist any ablebodied employees who cannot perform their regular function to support them in restoring the facility. All services and hardware that needs purchasing will be requested through the CMT so they can prioritize them. In the event that the hospital and data center are no longer fit for habitation by employees, the CMT will work from a remote location such as a hotel room nearby and use it as the Emergency Command Center. This center will act as a place to orchestrate the entire recovery as well as act as become the Data Recovery Center, where vital information will be moved. Logistical Support Team This team will be responsible for contacting emergency personnel, and supplying food and water, other supplies, or mass transportation should the hospital be in lockdown. They will provide administrative support to the CMT as well and provide all teams with the supplies they require. Damage Assessment Team

This team will go back to the site when the danger has ended to assess the damage to the location. They will have the power shut off before entry so they can verify that it is safe. They will mark each piece of hardware to indicate whether or not it needs to be replaced or if it can be salvaged. This process will be documented with photos and on paper so insurance can sort through the damage at a later time. Technical Recovery Team This team will be responsible for reestablishing data, voice, and network connectivity between the hospital, data center, teams and the Emergency Command Center after the disaster as well as aiding the CMT in whatever support they require. They will also be responsible for maintaining this connectivity at all times. Restoration Process This involves all aspects of returning to business practices as usual. The CMT will coordinate the other teams until the process is complete. Once connectivity has been restored by the TRT, hardware that must be replaced must be purchased by the CMT and installed in a temporary facility that connects with the hospital. All systems will be restored from the latest backup of data. Post-Restoration Process Once the crisis has been managed and systems are back up and functioning, return to business as usual. Document the lessons learned from the disaster and take measures to prevent mistakes that were made from happening again in the case of another disaster. Update the Disaster Recovery Plan to reflect these changes.

Budget
Data Center Name Description Model Vendor Qty. Cost Per Unit $45,000.00 Recurring Cost $3,600.00

DAT-6109BR1 DAT-6109BR2 DAT-4506SW1 DAT-4506SW2 DAT-5540ASA1 DAT-5540ASA2 DAT-6509CR1 DAT-6509CR2 DAT-4506SW3 DAT-4506SW4 DAT-4506SW5 DAT-4506SW6 DAT-

Border Router

6509

Cisco

Border Router

6509

Cisco

$45,000.00

$3,600.00

Access Switch

4506

Cisco

$25,000.00

$2,000.00

Access Switch

4506

Cisco

$25,000.00

$2,000.00

Firewall,IPS,VPN

ASA5540 Cisco

$30,000.00

$2,400.00

Firewall,IPS,VPN

ASA5540 Cisco

$30,000.00

$2,400.00

Core Router

6509

Cisco

$45,000.00

$3,600.00

Core Router

6509

Cisco

$45,000.00

$3,600.00

Access Switch

4506

Cisco

$25,000.00

$2,000.00

Access Switch

4506

Cisco

$25,000.00

$2,000.00

Access Switch

4506

Cisco

$25,000.00

$2,000.00

Access Switch

4506

Cisco

$25,000.00

$2,000.00

Wireless Bridge

Cisco

$15,000.00

$1,200.00

BRDG-01 T3 Line T3 Line Sprint Quest 1 1 Total Office Building Name Description Model Vendor Qty. Cost Per Unit $35,000.00 Recurring Cost $2,800.00 $2,900.00 $2,900.00 $410,800.00 $2,900.00 $2,900.00 $38,200.00

MF-6109BR1 MF-4506SW1 MF-4506SW2 MF-3750F1 MF-3750F2 MF-3750F3 MF-BRDG01

Office Router Firewall Office Building Core Switch Office Building Core Switch Edge Switch Floor 1

6010

Cisco

4506

Cisco

$25,000.00

$2,000.00

4506

Cisco

$25,000.00

$2,000.00

3750

Cisco

$17,000.00

$1,360.00

Edge Switch Floor 2

3750

Cisco

$17,000.00

$1,360.00

Edge Switch Floor 3

3750

Cisco

$17,000.00

$1,360.00

Wireless Bridge

Cisco

$15,000.00

$1,200.00

T3 Line

Quest

1 Total

$2,900.00 $153,903.00

$2,900.00 $38,200.00

Grand Total

$564,703.00

$53,180.24

Network Components Justification

1. Border Router a. First line of defense against external threats and main connection to the Internet. 2. Access Switch a. Breaks up broadcast domains to reduce internal network traffic. 3. Firewall,IPS,VPN a. Main defense system against external threats. The firewall keeps out intruders based on a predetermined set of rules and filters packets sent through to the internal network. The IPS can take an active response if an event occurs and prevent unauthorized users from gaining access to confidential company information. VPN allows remote users secure access to the network. 4. Core Router a. The core router will be used to interconnect the different buildings and offer high bandwidth. 5. Wireless Bridge a. Used for wireless connectivity between the data center and main building. 6. Office Router Firewall a. Office buildings main defense against external threats. 7. Edge Switch a. These switches break up the office buildings broadcast domains between floors and also connect to wireless access points on each floor for wireless connectivity. 8. DMZ Switches a. These switches allow the public access to Last Hopes web services and public information without giving them access to the hospitals internal network. 9. Failover Servers a. Having dual servers for each network service allows for a layer of fault tolerance that the hospital needs to ensure data is always readily available. If one server goes out then the other server can pick up its request load almost immediately. Both servers will stay online at all times for a form of true clustering that allows load balancing to avoid overload and establish redundancy in the network and over 99.99% uptime. 10. Dual Internet Service Providers a. Purchasing service from two separate ISPs adds redundancy to the network. If one ISP fails to provide service, the internal network will still be connected to the Internet through the other provider.