Medical

Facility Network Design Proposal

LIS4482- Management of Networks and Telecom India Pittman, Joaquin Coston, Lavhonte Davis December 8, 2011


Executive Summary
Network systems are interactive infrastructures comprised of several factors that enable optimal sharing of information and resources. This dynamic system of networking has become imperative to every aspect of human life, from business operations to health care. Network systems and telecommunications play a vital role in the function of todays society, shortcomings and interruptions within the network are costly and therefore impermissible. Standardization and regulation specifications are determined by policies in order to minimize the occurrence of drawbacks within systems. Most faults within network systems can be attributed to disregard of conventional network system requirements and specifications. Network policies are instrumental in maintaining homogeny between network systems. Effective standardization and regulation of networks is achieved through the implementation of a network policy. This policy outlines the various procedures related to standardizing network operations. Network policies serve as a guideline to assure that systems abide by the proper specifications to assure that the system maintains a consistent flow. Network policies address many areas of focus such as user administration, protocol standards, internet access, storage allocation, web station configuration, printing, email usage, network device placement, naming conventions, environmental issues, and power and patch policy. This promotes conventionality amongst networks to assure consistency and reliability in the functionality of systems. Network systems contain sensitive information related to network administrators and users. For that purpose, security measures are adopted to protect the user against threats of privacy invasion or corruption within the system. A major issue with maintaining security is that users are not fully knowledgeable about how to prevent possible security threats and violations. Security policies are thorough documents containing effective procedures necessary to maintain system security as well as physical security. These documents brief the user with knowledge regarding security matters such as user account access, password requirements, encryption use and other issues pertaining to security. Procedures relating to security violations are also outlined in the security policy. Security policies serve as a highly effective resource in defending networks against attacks that may harm the system. Disaster recovery policies include all information relating to disaster recovery and business continuity related action. These documents are valuable because they have the potential to save a substantial amount of time and money in disaster recovery efforts. Very critical practices, such as backup procedures and virus management, provide users with tools necessary to prevent the loss or corruption of crucial information. Fault tolerance is also an issue that is observed by the disaster recovery policy with the objective to maintain a dependable and functional network system. Hosting a reliable network infrastructure can be quite costly. However, these costs are justified by the caliber of resources and tools needed to establish and maintain an efficient network. The budget for the proposal is outlined in a spreadsheet document. This document contains a list of

expenses and finance allocations. With this budget we intend to provide optimal network experience at a reasonable and affordable price.

Network Policies
User Administration All the users of the medical facility will be required to have a username or password to be able to use the network at the facility. The password will have to be 8 characters alphabetical numerical. Every user of the medical facility will have to sign into the centralized network to be able to use the resources and to access the internet to complete task. All the activity that you do through the network will be traced and monitored by the administration. So as users make sure you are being very responsible in what you are doing on the network. The network is here to help you be the best workers here for the medical facility and take our company to unimaginable heights. We trust in you to do your best and bring great things to this company. Once again do not consider anything that is done on a computer while that is connected to the network to be private. We will monitor your moves while you are on the network. If we find out you have been doing strange things, we will give you a verbal warning. If the activity continues it will lead to termination of your job. So most importantly as user be responsible for your actions and other while you are on the network. Protocol Standards HTTP- Used to allow web browsers to connect to web servers. SFTP- Used to transfer files and data to and from remote locations to a back-up site. SMTP- Used to monitor email in the network. TCP/IP- Used to monitor Internet traffic. DNS- Used to resolves domain names in IP addresses. IPsec- Used to securely connect devices in the main office to the centralized data location with the help of L2TP L2TP- Used to for encryption to securely connect to devices in the main office to the centralized data with the help of IPsec SNMP- Used to help check the activity and security on the network. VoIP- Used for the phone systems throughout the buildings. Internet Access The medical facility has allowed Internet access in the buildings to help allow users to fulfill their needs to complete tasks within the job. They have the capability now to connect and communicate with other companies and also other users within the building. We are not responsible for any of the information that is found while on the Internet. We are leaving that responsibility with the users to make sure everything they are looking up on the Internet is reasonable with the company. Also to make sure it doesnt jeopardize any of the other users in the company that are using the Internet. In order for users to use the Internet they will have to use their user names and passwords that the used for the network to get on. This also will help the administration track to see what everybody is doing while they are using the Internet. Users will also be responsible to not go to sites that will bring any harm to the networks systems. Such as pornographic sites or fake sites that lead you to viruses. None of this will be tolerated in the medical facility. If you are caught

using this sites it will result in losing you Internet access up to 6 months and if it happens again if will result in termination. We have also given the users the ability to use some of the social networks only for the use of the job. If you are caught using it for personal use, it will result in the same violations are going to the forbidden sites. We also ask that you not use the Internet too for your on personal use such as to check billing accounts, chat with friends etc. because it can bring security issues to our company. Though if you follow these rules, be a responsible user and dont break any of the violations you have nothing to worry about. Storage allocation There will be storage on each laptop and desktop for a user at the medical facility to use. Each user will be responsible for managing there on data storage on their computer. Each computer will have at least 100 GB of space to use. We expect our users to be able to organize their work and not to save so much unnecessary stuff on the storage system that they do not need. Each department in the medial facility will be given enough data storage to use for their task and assignments. All users will also have to make sure they save their work on the backup location too just in case something bad happens and they will have their work to get from another place. If you ever have problems with your storage you can always contact administration for help. Workstation configuration Every workstation in the medical facility will be suitable for each user. Every laptop or desktop computer will be a dell product and it will be fully operational. The will come equip RAM and 100 GBs of space for storage. They each will also have Windows 7 programed on the computers along with Microsoft office 2010. Programs such as adobe reader and flash player will already be installed on them too. Each laptop and desktop will come with Norton security 2011 for protection against harmful malware and viruses. Depending on which department the device is from, each device will be programed with software that is suitable for each department. If a type of software is not on that laptop or desktop, please contact the administration and they will definitely provide you with the software that you need. Printing The medical facility will have printers throughout the building. There will be a printer for each department and each user will have to make sure they have their user name and password to be able to print things out. There will be a maximum of 50 pages a day for each user and we will monitor that for each user. If a user does need to print out more than 50 pages, the will have to go to the administration to ask for permission. The reason for this is to try to save material in the medical facility. Printing will be free to each user and the will have the choice to print it in color or in black or white. Every user is responsible for their printing and making sure they clean up their mess if they have left something around the printers. Email Usage Policy

All the email will be will be user through the medical facility accounts, and each user is responsible for what they email. Emails should always be professional to whoever you send it to in the company or to another company. User should not use emails for person use because we see this as a distraction and security reasons. Also sexual harassment will not be tolerated through emails. This will also go for racism, gender and religion harassment. Any violation of these things and you will be terminated from this company. We will like to keep the cyberspace environment a nice clean place for everybody to enjoy. To make sure these things go through we have the right to monitor your emails to make sure everything is going according to policy. Remember as users you are responsible for everything you say through emails. Network Device Placement All the laptops and desktops tops will be connected to the medical facility network so we can be able to track them at any time. This will help us keep up with knowing where our products are at every day and making sure that none of it gets stolen. There will be wireless access points throughout the building that will help us located where our products are at all times. Once again these products will be things such as the printers, desktops, and laptops. The technical support department will have the knowledge knowing where these devices are and also helping you too if you just so happen to have any problems with them. Naming Conventions For the laptops, desktops and printers in the medical facility they will all have names. The names will help us located and keep up with these products throughout the buildings. The name will be broken down into three sections for you to identify them. The first part will be two letters that describe what department it is from. After that it will be a dash in between to separate the two sections. The second section will be to describe what type of device it is such as printer, laptop etc. After that there will be another dash to separate the next two sections. Then, the third and final section will be a number that technical support has given to the device for it to be tracked. An example of a device name would be IT-printer-01. The IT would stand for the information technology department. Then Printer would stand for the device the name is on. Then 01 would be the number given to the device by technical support. Environmental issues There are some issues in the building that we would like to ask the users to help us with because we cannot do it all by ourselves. The first thing would be to make sure you cut the power off anything you are not using. By doing this it will have use save energy, time and money for the medical facility and it will be greatly appreciated if all users did it. Another thing we would like our users to do it to recycle paper or anything that can be used again. We do not want to keep spending lots of money on things we can use over and over again. It would hurt us as a business if we did and you by the possibility of getting in trouble. The last thing we will also want users to do is try to clean whatever area you in nice and clean as possible. When you do that you are being respectful to others, yourself and most of all the company. If you can do these things we will greatly appreciate your help and trying to clean this business looking as best as possible.

Power and patching policy We ask that all devices stay plugged up with you are using them, so they can help you out to the best of your ability and the next person to the best of their ability. Keep the devices plugged ensures that they have the power to keep working and functioning properly. If you just so happen to come across a device thats unplugged or isnt hooked up right, we ask that you please contact the administration so they are able to fix this problem. We also ask that whenever we send you emails about patching or updating your system, that you please do so. If you refuse to do it, it will be a violation and it could results in some consequences of even termination. We want all our products at the best for the company and its users. When this happens great things start to happen for everybody and the company. We are able complete task and soar to goals that we would never even think we would reach. So again we ask that you help your company out, by following these policies.

Security Policies
User Account Access Policy All account access control is to be set by the network administrator and only the network administrator. They are set up for use to enjoy the use of the devices. Any of the users caught tampering with the access control can be terminated. We dont anybody messing with the access control because the users can mess up the whole network by something so simple. So we say out of the respect for the company and others please do not tamper with the access control. We ask that you never share your user information or password with anyone else. This is for the safety of you and the company. You never know what people may do with that information when they get it. Users should use a computer that they are not logged into, if you see it being occupied we asked that you go used another or see if the person using it is done with it. Doing this will help with a lot of confusion or anything else bad that can happen. Password Requirement Policy All passwords for users must be strong passwords and have these attributes: - A minimum of eight characters. - One lower case letter. - One upper case letter. - If cannot have any part of your name - It must use one special character (examples are !, @, #, $, %, ^, &, *,) - Has to have one number. Network Access The network should be used for work purposes only; it should never be used for personal use. All users are responsible for their actions of what they do while they are on the network. Users should make sure that they complete all there task through the network using their user name and password. If you ever are experiencing should technical difficulties with the network, you should contact administration and they will be able to assist you with your problems. While on the network you should never do an illegal downloading such as music, videos, or programs, if you are caught doing things of this such, it will result in termination. Hardware firewalls The hardware firewalls have been programmed on the companys devices for protection of harmful threats. Never ever should a user turn off the fire wall on a device. If a user is caught doing that they will lose their Internet access up to 3 months. The firewall is to be considered the outer most layer of the network. There will be a backup for it if anything unusual has happen to it. Encryption use

Any time information is sent from a workgroup that is considered to be confidential or sensitive must be done from either a secure website or done over Secure Shell. It should never to be done over any website that is not considered secured unless done with Secure Shell. If users are unsure about whether the information is considered confidential or not, users should ask administration. It is never acceptable for a user to take chances with unknown information Logging practices policy A log should be kept weekly about the firewall, servers, network, or individual workgroups. If this log is erased or not kept it could result in loss of Internet access. Physical building/hardware access policy Inside the building the main hardware that we have are the workstations, the servers, printers, and the wireless access points. These four things are located in different parts of the buildings and somethings are only open to certain personnel. Starting off with the workstations, they open to all users and they are located all over the building. They usually have the desktops and laptops at the workstations for users to use. Near these workstations are always technical support for users to go to when they need help with their hardware. Next are the servers which are located in a private room by themselves where only technical support people can get in to check up on them and control them. We ask that user never enter these areas only if they have permission from the administration. If a users does violate this rule it will end in termination. The next thing are the printers were they are also located everywhere in the building and they are for everybody to use. To operate the printers you have to have your user name and password there to use it. While using the printers, users have to make sure that they follow the printing policy that was stated before. Then the last thing are the wireless access point, they are located in a room to that only technical support people can go to. If any users are caught trying to go in there they will be terminated. IDS/IPS & Regular Vulnerabilities Policies An IDS watches over the whole network, they are suppose to keep record of everything that is going on in the network. An ynotifications the get are suppose to be reported to a member of administration right away. Any questions from that point on should be directed to the network administrator. Doing this will allow the company to take the appropriate action to user involved in the situation. Now for the IPS, the administration has to make sure that it is installed correctly and turn on properly just in case of an emergency. It is always requested to be turned on by the network administrator. For a user to turn on the IPS without permission will be subject to loss of Internet access for 3 months. Also to check for vulnerabilities the administration has place a virus scanner and firewall to protect from incoming malware and viruses that try to invade the companys network.

Security Violations Any security violations are to be record and reported by the administration all the time. Any time a person commits on of these violations it should be in the system. Depending on how many minor violations a person can get, it can result into a termination. Every security violation is looked at from a legal standpoint and the user will be judge based upon his/her actions. When recording a violation administration has to make sure they put down when it happen, where it happen and how it happen. having this things in documentation will help the company out further down the line.

Disaster Recovery Policy

Back up Procedures A disaster recovery plan should be defined as the ongoing process of planning, developing and implementing disaster recovery management procedures and processes to ensure the efficient and effective resumption of critical functions in the event of an unscheduled interruption in hardware or data. Backup Exec for Windows Server will be used to backup all server data. Backup Exec is proprietary backup software currently developed by Symantec. Backup Exec is a data protection solution that provides continuous disk-to-disk-to-tape backup and recovery. Backup of server data will occur nightly and will be recorded to tape by a dedicated backup server that connects to the same switch as the rest of the servers. A rotation of the backup tapes will be implemented. Differential, full backups will be generated on every Sunday at 2:00am, which serves as the weekly backup. Modified data will be backed up on each daily tape until the next full weekly backup. At the end of the month, three complete copies will be made of the tape. One will be kept in the data center, one goes to the corporate office and the last will be sent to the hot site for safe keeping and possible emergency restoration. The data backed data will also be stored for two weeks on the local backup server located in the data center. This will insure the quickest way to recover data in case of a disaster. Users will be encouraged to store any valuable data to the file server; for data stored on workstations will not be backed up unless the user of the workstation does so themselves. Virus Management Every work PC will be provided with a copy of Malware bytes Anti-Malware Pro. Malware consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior. Malware bytes helps to protects the computer from infection by malware including viruses, worms, trojans, rootkits, dialers and spyware. We encourage all users to run a full scan on their PC at least once a week. In addition to the Malware bytes Anti-Malware, Norton 360 will be maintained on all servers, laptops and workstations. Full scans will be set to run automatically daily, so that no one forgets to run software. Daily scans help prevent infected data from being transferred to the backup server. Any infected objects that get to the sever could possible infect other objects currently on the server. Therefore it is very important that these scans are performed. Disk/Fault Tolerance RAID 6, storage virtualization, will be used on all servers to help prevent disk failures.

RAID 6 provides fault tolerance of two drive failures; the array continues to operate with up to two failed drives. This makes larger RAID groups more practical, especially for high-availability systems. This becomes increasingly important as large-capacity drives lengthen the time needed to recover from the failure of a single drive. RAID 6 allows time to rebuild the array without the data being at risk if a single additional drive fails before the rebuild is complete. The only time data can be lost to disk failure using this configuration is if two or more disks fail in the production environment at the same time that two or more different disks fail in the hot site environment. In this unlikely case, data would be restored from the most recent tapes. Hot Sites The hot site contract is a duplicate of the original site of the business, with full computer systems as well as near-complete backups of user data. Following a disaster, the hot site will enable the company to relocate with minimal losses to normal operations. Ideally, the hot site will be up and running within a matter of hours. This will be necessary should an incident occur in production that prevents the normal server from performing its duties. Cold Sites The cold site contract is a type of disaster recovery service that provides office space, but the customer provides and installs all the equipment needed to continue operations. Cold sites take more time than hot sites, to get an enterprise in full operation after the disaster.

 Budget

Assets
Item Dell Inspirion 1525 laptop HP LaserJet Enterprise P3015x Printer Dell Desktops RCA 25201RE1 2-Line Phones IntelliFax-4100e High Speed Business Class Laser Fax Total

Price Batch $399.00 200 $1,000.00 7 $299.00 25 $39.99 28 $299.99 1

Total $79,800.00 $7,000.00 $7,475.00 $1,119.72 $299.99 $95,694.71

New Items
Item Norton Security w/5 licenses Cisco 500 Series Secure Routers NETGEAR FVS318 ProSafe VPN Firewall Cisco 300 Series Managed Switches Cisco AP 500 Series Wireless Access Points Cables To Go Cat5e Network Installation Kit Network tool/tester kit PowerVault Tape Drives 3 tapes Backup Exec for Windows Server Malware bytes Anti-Malware Pro Promise Technology Pegasus R6 6TB RAID System Total

Price Batch Total $95.00 40 $3,800.00 $369.99 1 $369.99 $104.00 3 $312.00 $342.99 3 $1,028.97 $1,350.00 2 $2,700.00 $93.00 $1,999.00 $380.00 $49.99 $1,450.00 2 1 5 1 1 $186.00 $1,999.00 $1,190.00 $49.99 $1,450.00 $13,085.95

Assets
200 laptops 26 desktops Printer Business Phones Fax Machine

Detailed Cost
There are total of five Cisco 300 Series Managed Switches. One will be located on the first floor of the work building, two are located on the second floor, one located in the data center, and one for the hot site. Cisco 300 Series Switches deliver the ideal combination of price, performance, and capabilities in a solution designed specifically for small businesses. They are affordable, easy to manage switches that provide a powerful foundation to support the Medical Facilitys network. Cisco 500 Series Secure Routers will be used for in both buildings. There is one secure router located in the user building. The Medical Facility can combine advanced security, Internet access, VPN connectivity, and optional wireless networking in a single, easy-to-use device. A component of the Cisco Smart Business Communications System, the Cisco 500 Series Secure Router brings together multiple technologies to help lower costs, improve network security, and simplify network management. Two Cisco AP 500 Series Wireless Access Points are high-quality, high-powered WAPs that support both 2.4GHz and 5Ghz. They help to simplify wireless deployments by creating a single point of administration for multiple APs. Clustering technology replicates a configuration, pushes it out to other APs, and continuously manages the frequency channels for each device reducing network interface. A Gigabit Ethernet LAN interface provides higher throughput. Wireless radio complies with the 802.11n wireless standard, using MIMO technology to enhance network coverage, capacity, and throughput for data and multimedia applications while maintaining compatibility with a/b/g clients. The access points also allow client fast roaming while maintaining good voice quality with 802.11i preauthenticated standards. NETGEAR FVS318 ProSafe VPN Firewalls are located in all buildings to secure the networks integrity. Norton Security will be put on all laptops. Norton 360 version 5 keeps all the features that worked well last year and adds some welcome additions. But rather than adding features just for the sake of adding features, each new addition is purpose-driven, with a meaningful, positive impact on the ultimate goal: better security without slowdown. The Cables To Go Cat5e Network Installation Kit Network tool/tester kit has everything we need for a successful installation: 1000 feet of gray Cat5E UTP solid PVC cable, 110 impact punchdown tool, and the LANtest Network/Modular Cable Tester. This tester works up to 200 meters to read actual wiring configurations and find most cable faults for Cat5, coaxial and modular telephone cables. The PowerVault Tape Drives offer exceptional value with incredibly low cost per Gigabyte of data backup. The PowerVault 110T LTO-3 offers the highest capacity Dell LTO technology available. The media is also reasonably priced giving a complete cost-effective solution. Promise Technology Pegasus R6 6TB RAID System will be implemented to reduce disk failure. Thunderbolt technology is a new, high-speed, dual-protocol I/O technology designed for

performance, simplicity, and flexibility. This high-speed I/O technology is capable of delivering a blistering two channels of 10 Gb/s (1.25GB/s) per port of performance. Malware bytes Anti-Malware Pro will be implemented on all computers to to detect and remove all traces of malware including worms, trojans, rootkits, rogues, dialers, spyware and more.

Appendix A Physical Network Diagram

Appendix A Physical Network Diagram (continued)

Appendix A Physical Network Diagram (continued)

Appendix B Logical Network Diagram

Contributions
Lavhonte Davis was responsible for composing the Executive Summary and the Written Description. In the executive summary he briefly outlines the purpose of the proposal and the impact it has on the company operations. The written description describes the network detail and references the diagrams we created in Appendix A & B. Joaquin Coston was responsible for constructing the Network and Security Policies. In the network policies Joaquin put together sets of conditions, constraints, and settings that allows company administrators to designate who is authorized to connect to the network and the circumstances under which they can or cannot connect. This also includes; the SOP for Internet Access, printing, storage allocation, E-mail usage, user Administrations, naming conventions, protocol Standards, workstation configuration (hardware & software), network device placement, environmental issues, and power and applying patches to operating systems. The security policy contains all policies in place for security on the network. It includes information for systems security as well as physical security. This also includes; user account access, password requirements, network access, hardware firewalls, encryption use, logging practices, physical building/hardware access rules, IDS/IPS and regular vulnerability assessments. India Pittman was responsible for implementing the Disaster Recovery Policy and the Budget. The Disaster and Recovery Policy prepares the company for recovery or continuation of technology infrastructures after a natural or human-induced disaster. Disaster recovery is a subset of business continuity, while business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that support business functions. The disaster recovery policy includes backup procedures, virus management, disk/fault tolerance, power failure and cold/warm sites. The budget that India implemented is a spreadsheet outlining the costs relating to the companys proposal. A written description is proved to justify each cost. All team members contributed to the fabrication of the Physical and Logical Network Diagrams, located in Appendix A & B. We choose to divide our project into parts allowing all members equal contribution. This also made our project more time efficient, taking in account, the expeditious deadline.