SlideShare uma empresa Scribd logo

Medical facility network design

Transferir como DOCX, PDF
N
nephtalie
1 de 13
LIS4482 sECTION 1 MGT NETWORKS & TELCM Leon County Medical Facility Medical Facility Network Design 12/3/2012 GROUP MEMBERS: Nephtalie Pierre John Idasetima KensleyAgenor
I: EXECUTIVE SUMMARY We understand that there are plans for a new medical facility. There is a definite need for an efficient and dependable networking infrastructure to support a facility of this type. After receiving your requests and requirements, our group is confident that we can implement a networking infrastructure that: • Requires minimum upkeep costs • Supports an organization of 225 users with room for expansion • Meets the requirements of HIPAA • Supports offsite workstations The purpose of this report is to give a better understanding for the new plans that we have for this new medical facility. We will give an overview of the written description of the Physical and logical network diagram that will be on Appendix A and B. Also, this report will include network policies for standard operating procedures (SOP) for Internet Access, Printing, Storage allocation, E-mail usage, User Administrations, Naming Conventions, Protocol Standards, Workstation Configuration (hardware & software), Network Device Placement, Environmental Issues, Power and applying Patches to operating systems. We will also include documentation of Security policies. This document will include procedures for user account access, password requirements, network access, hardware firewalls, encryption use, logging practices, physical building/hardware access rules, Intrusion Detection System (IDS)/Intrusion Prevention (IPS) System & regular vulnerability assessments. Procedures for these will be included. It will include procedure on handling security violations as well.
NETWORK POLICIES 1.0 Introduction Technologies have become an integral part to the lives of medical patients everywhere and our medical staffs depend on them to insure patient safety and overall good health. These technologies can make the difference between life and death situation if not used effectively and correctly. This Standard Operating Procedure applies to all integrated medical staff, medical patients, and users who will be utilizing the following: Access to Internet, printers, Storage allocation, E-mail usage, User Administrations, Naming Conventions, Protocol Standards, Workstation Configuration (hardware & software), Network Device Placement, Environmental Issues, Power and applying Patches to operating systems. The Standard Procedure that follows explains how we intend to do this in order to help protect medical records, staff, patient, users information, privacy, and the overall performance of the network. 1.1 Internet Access Access to the Internet and the other networking component can put medical staff and patient in potential danger if used inappropriately due to sensitive documents and medical records. All users with Internet access need to abide by the following rules:Authorized access or share medical records and other personal information with 3rd party company are prohibited. The sharing / distribution of personal images of patients or medical staff at work without an
individual’s consent or knowledge is prohibited. · Do not access to unsuitable video (pornography) / Internet games, etc. · Illegal downloading of music or video files or any download not work related is not allowed. · Potentially excessive use of the Internet for personal use of social networking (Facebook, Twitter, LinkedIn, etc.) may result in termination of Internet access. Remember that access to the Internet is a privilege and not a right. Failure to follow the basic rules and guideline above may result in serious consequences: loss of job, fines, and possible imprisonment. SECURITY POLICY The Leon County Medical Facility local area network is critical to the provision of information services to Leon County Medical Facility staff and patients. Specific security measures and procedures will be implemented to protect the confidentiality of information transactions being processed on the network and to keep critical systems operational. Because all employees of LCMF are encouraged and expected to use the network for work related activities, security risks have increased and more stringent practice in protecting resources is necessary. These security procedures are addressed in the following network security policy. The purpose of this policy is emphasizing to all LCMF employees the importance of network security in the medical facility and their roles in maintaining that security. The goal for the LCMF Information Security Policy isto preserve the integrity, availability and confidentiality of all employees and patientsinformation. The LCMF Network Access Policy applies equally to all individuals with access to any LCMF network. The intent of this Security Policy is to protect the information assets owned by LCMF.
This security policy will give an overview of procedures for the following: user account access, password requirements, network access, hardware firewalls, encryption use, logging practices, physical building/hardware access rules, Intrusion Detection System (IDS)/Intrusion Prevention (IPS) System & regular vulnerability assessments User Account Access: All user access attempts will be authenticated by a user name and password. There will be specific permissions provided to account access rights according to employees job position (i.e. system admin, CIO, Doctors, etc.). The user name and password assigned to employees should NOT be shared. If an employee is found violating this policy, disciplinary actions will be applied. User accounts will also organized into groups. Rights and access permissions will be granted individually to users or to agroup, in which case they also apply to the group’s members. There will also be Special user accounts, (also known as maintenance accounts), these individuals will be used for maintaining and managing the network. These accounts will be renamed and only used for performing maintenance functions. Standard accounts will be used for regular day-to-day activities. Additional rights and permissions will be added to users only if it is needed for the job duty or promotion of job that require it. When a user account is no longer needed the account will either be deleted (i.e. if an employee leaves the company) or disabled (i.e. if the employee will be gone for an extended period), so that no one has access. Password
Passwords are a very important to information security. Passwords must be at least eight characters long .Password should also have three of the following requirements: include uppercase characters lowercase characters numbers (0-9) And/or non-alphanumeric (For example:!, $, #, or %) Three password attempts are allowed. If failure to login occurs, user will be locked out and Administrative password will be required for access. We will also enforce password history, users will also have to create at least 25 passwords (includes current one). This will keep users from reusing old ones making the network more secure. There will be a maximum password age. Users will be notified days before to change passwords. The user must be changed every 60 days. Employees may not disclose their passwords to anyone or display it anywhere where it may be seen. Network access We will be using a network management system to monitor and maintain the network. This program is crucial for the up-to-date information on the health of the network. Network management system reduces the time involved in managing the network by performing performance checks, configuration changes as well as notifying of network failures. Employees are permitted to use only those network addresses issued to them by LCMF information security personnel. Employees cannot extend or re-transmit network services in any way. This means you must not install a router, switch, hub, or wireless access point to the LCMF network without LCMF information security personnel approval. Employees cannot install network hardware or
software that provides network services without LCMF information security personnel approval. Employees are not permitted to alter network hardware in any way. Desktop workstations will only have wired access. Laptop can use wired or wireless access. Also, Wireless access will be secured by WPA2. Encryptions use Physical building/ Hardware access rule The Server room can only be accessed with a passcode as key. Only IT administrative employees will have access. The room will be kept at 70 degrees Fahrenheit. Intrusion Detection System Intrusion detection is very important in enforcing organizational security policy Intrusion detection systems provide assurance that the systems and networks are secure from identifiable threats and/or threat agents.Audit logs from the perimeter access control systems will be monitored/reviewed daily by the security analyst. System integrity checks of the firewalls and other network perimeter access control systems will be performed on a monthly basis. Host based intrusion tools will be checked on a weekly basis. All trouble reports will be reviewed for anything that indicates intrusive activity. All suspected and confirmed instances of successful and attempted intrusions must be immediately reported. Procedure for violating security policy
If any employees are found guilty of violating these security policy procedures, they are subject to the following: Verbal/ written warning, Final warning, and/or Suspension or Termination. DISASTER RECOVERY POLICY The Disaster Recovery Plan ensures data integrity and redundancy in the case of unexpected data loss (i.e. power outage, fire, water damage). Since the information being held by this facility is so critical, we suggested having two separate disaster recovery plans. These plans can be separated into the onsite disaster recovery plan and offsite disaster recovery plan. Onsite Disaster Recovery Plan Our Onsite Disaster Recovery begins with having generators in the case of sudden power failure. There will be generators to support each building on the facility’s campus. These generators will be powered by the electricity that they constantly store during normal electrical utility conditions. Though the servers provided in the proposal are top-of –line, we have also included a plan in the case of a server failure. This plan entails having two complete servers to run the facility. There will be a third stand-alone server strictly used for back-up. This server will daily conduct a full back- up of each of the other two servers. This server will also take hourly images of each of the servers to stay up-to-date through-out the day. Offsite Disaster Recovery Plan The Offsite Disaster Recovery Plan is in the case of loss of communication with all three of the onsite servers. Our Offsite Disaster Recovery Plan involves a third party. This party is the Cerner Corporation. Cerner provides a service called Skybox that is a cloud backup of a medical facility’s
medical files. The files are sent from the facility’s servers to the cloud daily. These files are encrypted. The files are accessible by the medical facility at any time through Cerner programs and the online cloud. BUDGET
PHYSICAL NETWORK AND LOGICAL DIAGRAM WRITTEN DESCRIPTION Networking/Logical Design The network design perfectly suits the situation of this facility. Let’s begin with the four servers that will be implemented. The Bridges Since the two buildings cannot be connected through a physical means, the buildings will be wirelessly connected through two Cisco WET200 Wireless-G Ethernet bridges. One bridge will be located in the main building and the other in the datacenter. These bridges have an uninterrupted line of sight. Servers Dell Power Edge 1620 Power servers will be used for this project. There will be 3 servers at the data center. 1 of these servers will be for the patient’s files. Another server will be allocated for the website, email, print, and employee files. The third and final server will be used solely as a backup server for the other two (For more information on this server, please refer to the Onsite Disaster Recovery section). The fourth and final server will be a print server. It will be located in the main building. Each of these servers will be secured by an individual firewall. Switches This proposal calls for multiple switches to organize the many departments. There will be
one switch to separate the 3 servers located in the data center. There will be one more switch also located in the data center for the IT department that is within the building. The other 9 switches will be used to separate the numerous departments in the main building. Wireless Routers There will be a Cisco 891W Gigabit EN Security Wireless Router on each floor of the facility. The routers will be WPA2 protected. The router access will only be available to employees. Desktop Workstations The onsite workstations will have HP Compaq Pro 4300 All-in-one PC. Each of these workstations will run Windows 7 and only Windows 7. Laptops A Dell Latitude E5430 laptop will be to each employee that requires a mobile computer. These laptops will be pre-imaged to have all of the programs necessary for the employee’s job. (The operating systems and specs of all computers will be standardized to an extent so that maintenance is simpler.)
Group Member Contributions Nephtalie Pierre contributed to the final product in many ways. Nephtalie was in charge of researching and writing the following: Executive summary, Security policy, and the budget for the network policy. The executive summary just consists of the basic overview of the whole report. The security policy was the longest part to do. Nephtalie researched a lot on the different type of security policies and then proceed to write the network security policy from there with help of the book as well as other internet resources. The budgetwas also time consuming. Researching included: finding the best hardware that would best compliment the new network design as well as looking for the most cost efficient equipment. She also initiated and organized meetings for this group project. She also compiled the final product together.

Recomendados

Network proposal ppt
Network proposal pptNetwork proposal ppt
Network proposal pptFrankNitty II
 
Srs
SrsSrs
SrsHareharan KrishnamoorthyMurali
 
Online Help Desk ppt
Online Help Desk pptOnline Help Desk ppt
Online Help Desk pptnagarjunagoud
 
Network Design and Management
Network Design and ManagementNetwork Design and Management
Network Design and Managementtlerell
 
Srs hospital management
Srs hospital managementSrs hospital management
Srs hospital managementmaamir farooq
 
Wireless network design hospital case study
Wireless network design hospital case studyWireless network design hospital case study
Wireless network design hospital case studynikshaikh786
 
Ca Service Desk Presentation
Ca Service Desk PresentationCa Service Desk Presentation
Ca Service Desk PresentationEmirates Computers
 
Network Operations Center
Network Operations CenterNetwork Operations Center
Network Operations CenterLorenta Erhabor
 

Recomendados

Network proposal ppt
Network proposal pptNetwork proposal ppt
Network proposal pptFrankNitty II
 
Srs
SrsSrs
SrsHareharan KrishnamoorthyMurali
 
Online Help Desk ppt
Online Help Desk pptOnline Help Desk ppt
Online Help Desk pptnagarjunagoud
 
Network Design and Management
Network Design and ManagementNetwork Design and Management
Network Design and Managementtlerell
 
Srs hospital management
Srs hospital managementSrs hospital management
Srs hospital managementmaamir farooq
 
Wireless network design hospital case study
Wireless network design hospital case studyWireless network design hospital case study
Wireless network design hospital case studynikshaikh786
 
Ca Service Desk Presentation
Ca Service Desk PresentationCa Service Desk Presentation
Ca Service Desk PresentationEmirates Computers
 
Network Operations Center
Network Operations CenterNetwork Operations Center
Network Operations CenterLorenta Erhabor
 
Ict infrastructure management
Ict infrastructure managementIct infrastructure management
Ict infrastructure managementParamaguru Kandasamy
 
IT Infrastructure Project
IT Infrastructure ProjectIT Infrastructure Project
IT Infrastructure ProjectRobert D. Williams
 
Help desk project
Help desk projectHelp desk project
Help desk projectjoshuacrotts
 
Hospital Management System
Hospital Management SystemHospital Management System
Hospital Management SystemPranil Dukare
 
Network Operations Center (NOC)
Network Operations Center (NOC)Network Operations Center (NOC)
Network Operations Center (NOC)Boni Yeamin
 
Hospital management system
Hospital management systemHospital management system
Hospital management systemAdil Riaz Siddiqi
 
Use case of hospital managment system
Use case of hospital managment systemUse case of hospital managment system
Use case of hospital managment systemMohin Uddin Majumder (Sanofi Mohin)
 
Network Design for a Small & Medium Enterprise
Network Design for a Small & Medium EnterpriseNetwork Design for a Small & Medium Enterprise
Network Design for a Small & Medium EnterpriseThamalsha Wijayarathna
 
Hospital management system
Hospital management systemHospital management system
Hospital management systemRai Saheb Bhanwar Singh College Nasrullaganj
 
Hospital management system
Hospital management systemHospital management system
Hospital management systemMehul Ranavasiya
 
Self-Diagnosis Hospital Management System
Self-Diagnosis Hospital Management SystemSelf-Diagnosis Hospital Management System
Self-Diagnosis Hospital Management SystemNeelam Priya
 
What is NOC?
What is NOC?What is NOC?
What is NOC?VaradMangalvedhekar
 
Pharmacy management system fyp documentation
Pharmacy management system fyp documentationPharmacy management system fyp documentation
Pharmacy management system fyp documentationAbubakr Cheema
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised EnvironmentPeter Wood
 
IP addressing and Subnetting PPT
IP addressing and Subnetting PPTIP addressing and Subnetting PPT
IP addressing and Subnetting PPTPijush Kanti Das
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery PlanIndeevari Ramanayake
 
Online Appointment System
Online Appointment SystemOnline Appointment System
Online Appointment SystemSamiha Tabassum Haque
 
Hospital management system (php project) web engineering
Hospital management system (php project) web engineeringHospital management system (php project) web engineering
Hospital management system (php project) web engineeringIftikhar Ahmad
 
Hospital Management Record System Proposal
Hospital Management Record System ProposalHospital Management Record System Proposal
Hospital Management Record System ProposalBishal Bista
 
Introduction to Freshservice
Introduction to FreshserviceIntroduction to Freshservice
Introduction to FreshserviceFreshservice
 
Access control policy
Access control policyAccess control policy
Access control policyBsmah Fahad
 
IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policyssuser06c4a6
 

Mais conteúdo relacionado

Mais procurados

Hospital Management System
Hospital Management SystemHospital Management System
Hospital Management SystemPranil Dukare
 
Network Operations Center (NOC)
Network Operations Center (NOC)Network Operations Center (NOC)
Network Operations Center (NOC)Boni Yeamin
 
Network Design for a Small & Medium Enterprise
Network Design for a Small & Medium EnterpriseNetwork Design for a Small & Medium Enterprise
Network Design for a Small & Medium EnterpriseThamalsha Wijayarathna
 
Hospital management system
Hospital management systemHospital management system
Hospital management systemMehul Ranavasiya
 
Self-Diagnosis Hospital Management System
Self-Diagnosis Hospital Management SystemSelf-Diagnosis Hospital Management System
Self-Diagnosis Hospital Management SystemNeelam Priya
 
Pharmacy management system fyp documentation
Pharmacy management system fyp documentationPharmacy management system fyp documentation
Pharmacy management system fyp documentationAbubakr Cheema
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised EnvironmentPeter Wood
 
IP addressing and Subnetting PPT
IP addressing and Subnetting PPTIP addressing and Subnetting PPT
IP addressing and Subnetting PPTPijush Kanti Das
 
Hospital management system (php project) web engineering
Hospital management system (php project) web engineeringHospital management system (php project) web engineering
Hospital management system (php project) web engineeringIftikhar Ahmad
 
Hospital Management Record System Proposal
Hospital Management Record System ProposalHospital Management Record System Proposal
Hospital Management Record System ProposalBishal Bista
 
Introduction to Freshservice
Introduction to FreshserviceIntroduction to Freshservice
Introduction to FreshserviceFreshservice
 

Mais procurados (20)

Ict infrastructure management
Ict infrastructure managementIct infrastructure management
Ict infrastructure management
 
IT Infrastructure Project
IT Infrastructure ProjectIT Infrastructure Project
IT Infrastructure Project
 
Help desk project
Help desk projectHelp desk project
Help desk project
 
Hospital Management System
Hospital Management SystemHospital Management System
Hospital Management System
 
Network Operations Center (NOC)
Network Operations Center (NOC)Network Operations Center (NOC)
Network Operations Center (NOC)
 
Hospital management system
Hospital management systemHospital management system
Hospital management system
 
Use case of hospital managment system
Use case of hospital managment systemUse case of hospital managment system
Use case of hospital managment system
 
Network Design for a Small & Medium Enterprise
Network Design for a Small & Medium EnterpriseNetwork Design for a Small & Medium Enterprise
Network Design for a Small & Medium Enterprise
 
Hospital management system
Hospital management systemHospital management system
Hospital management system
 
Hospital management system
Hospital management systemHospital management system
Hospital management system
 
Self-Diagnosis Hospital Management System
Self-Diagnosis Hospital Management SystemSelf-Diagnosis Hospital Management System
Self-Diagnosis Hospital Management System
 
What is NOC?
What is NOC?What is NOC?
What is NOC?
 
Pharmacy management system fyp documentation
Pharmacy management system fyp documentationPharmacy management system fyp documentation
Pharmacy management system fyp documentation
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised Environment
 
IP addressing and Subnetting PPT
IP addressing and Subnetting PPTIP addressing and Subnetting PPT
IP addressing and Subnetting PPT
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Plan
 
Online Appointment System
Online Appointment SystemOnline Appointment System
Online Appointment System
 
Hospital management system (php project) web engineering
Hospital management system (php project) web engineeringHospital management system (php project) web engineering
Hospital management system (php project) web engineering
 
Hospital Management Record System Proposal
Hospital Management Record System ProposalHospital Management Record System Proposal
Hospital Management Record System Proposal
 
Introduction to Freshservice
Introduction to FreshserviceIntroduction to Freshservice
Introduction to Freshservice
 

Semelhante a Medical facility network design

Access control policy
Access control policyAccess control policy
Access control policyBsmah Fahad
 
IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policyssuser06c4a6
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
Policy and procedure of hospitals
Policy and procedure of hospitalsPolicy and procedure of hospitals
Policy and procedure of hospitalsMohammed Alabdali
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxmelbruce90096
 
VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaHanaysha
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 
Maintenance of Hospital Information System
Maintenance of Hospital Information SystemMaintenance of Hospital Information System
Maintenance of Hospital Information SystemDr Jasbeer Singh
 
Capstone Finished Presentation.doc
Capstone Finished Presentation.docCapstone Finished Presentation.doc
Capstone Finished Presentation.docKapricia Morris
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Risk Analysis Report review
Risk Analysis Report reviewRisk Analysis Report review
Risk Analysis Report reviewLarry Yurdin
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxcockekeshia
 
6 computer systems
6 computer systems6 computer systems
6 computer systemshccit
 
Consensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicConsensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicAlleneMcclendon878
 
Consensus policy resource community remote access polic
Consensus policy resource community remote access policConsensus policy resource community remote access polic
Consensus policy resource community remote access policARIV4
 

Semelhante a Medical facility network design (20)

Access control policy
Access control policyAccess control policy
Access control policy
 
IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policy
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security Policies
 
IT Policy
IT PolicyIT Policy
IT Policy
 
Policy and procedure of hospitals
Policy and procedure of hospitalsPolicy and procedure of hospitals
Policy and procedure of hospitals
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone Finished
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docx
 
VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq Hanaysha
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
 
Maintenance of Hospital Information System
Maintenance of Hospital Information SystemMaintenance of Hospital Information System
Maintenance of Hospital Information System
 
Capstone Finished Presentation.doc
Capstone Finished Presentation.docCapstone Finished Presentation.doc
Capstone Finished Presentation.doc
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
Risk Analysis Report review
Risk Analysis Report reviewRisk Analysis Report review
Risk Analysis Report review
 
Policy for PDO
Policy for PDOPolicy for PDO
Policy for PDO
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
 
6 computer systems
6 computer systems6 computer systems
6 computer systems
 
Consensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicConsensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access Polic
 
Consensus policy resource community remote access polic
Consensus policy resource community remote access policConsensus policy resource community remote access polic
Consensus policy resource community remote access polic
 

Medical facility network design

  • 1. LIS4482 sECTION 1 MGT NETWORKS & TELCM Leon County Medical Facility Medical Facility Network Design 12/3/2012 GROUP MEMBERS: Nephtalie Pierre John Idasetima KensleyAgenor
  • 2. I: EXECUTIVE SUMMARY We understand that there are plans for a new medical facility. There is a definite need for an efficient and dependable networking infrastructure to support a facility of this type. After receiving your requests and requirements, our group is confident that we can implement a networking infrastructure that: • Requires minimum upkeep costs • Supports an organization of 225 users with room for expansion • Meets the requirements of HIPAA • Supports offsite workstations The purpose of this report is to give a better understanding for the new plans that we have for this new medical facility. We will give an overview of the written description of the Physical and logical network diagram that will be on Appendix A and B. Also, this report will include network policies for standard operating procedures (SOP) for Internet Access, Printing, Storage allocation, E-mail usage, User Administrations, Naming Conventions, Protocol Standards, Workstation Configuration (hardware & software), Network Device Placement, Environmental Issues, Power and applying Patches to operating systems. We will also include documentation of Security policies. This document will include procedures for user account access, password requirements, network access, hardware firewalls, encryption use, logging practices, physical building/hardware access rules, Intrusion Detection System (IDS)/Intrusion Prevention (IPS) System & regular vulnerability assessments. Procedures for these will be included. It will include procedure on handling security violations as well.
  • 3. NETWORK POLICIES 1.0 Introduction Technologies have become an integral part to the lives of medical patients everywhere and our medical staffs depend on them to insure patient safety and overall good health. These technologies can make the difference between life and death situation if not used effectively and correctly. This Standard Operating Procedure applies to all integrated medical staff, medical patients, and users who will be utilizing the following: Access to Internet, printers, Storage allocation, E-mail usage, User Administrations, Naming Conventions, Protocol Standards, Workstation Configuration (hardware & software), Network Device Placement, Environmental Issues, Power and applying Patches to operating systems. The Standard Procedure that follows explains how we intend to do this in order to help protect medical records, staff, patient, users information, privacy, and the overall performance of the network. 1.1 Internet Access Access to the Internet and the other networking component can put medical staff and patient in potential danger if used inappropriately due to sensitive documents and medical records. All users with Internet access need to abide by the following rules:Authorized access or share medical records and other personal information with 3rd party company are prohibited. The sharing / distribution of personal images of patients or medical staff at work without an
  • 4. individual’s consent or knowledge is prohibited. · Do not access to unsuitable video (pornography) / Internet games, etc. · Illegal downloading of music or video files or any download not work related is not allowed. · Potentially excessive use of the Internet for personal use of social networking (Facebook, Twitter, LinkedIn, etc.) may result in termination of Internet access. Remember that access to the Internet is a privilege and not a right. Failure to follow the basic rules and guideline above may result in serious consequences: loss of job, fines, and possible imprisonment. SECURITY POLICY The Leon County Medical Facility local area network is critical to the provision of information services to Leon County Medical Facility staff and patients. Specific security measures and procedures will be implemented to protect the confidentiality of information transactions being processed on the network and to keep critical systems operational. Because all employees of LCMF are encouraged and expected to use the network for work related activities, security risks have increased and more stringent practice in protecting resources is necessary. These security procedures are addressed in the following network security policy. The purpose of this policy is emphasizing to all LCMF employees the importance of network security in the medical facility and their roles in maintaining that security. The goal for the LCMF Information Security Policy isto preserve the integrity, availability and confidentiality of all employees and patientsinformation. The LCMF Network Access Policy applies equally to all individuals with access to any LCMF network. The intent of this Security Policy is to protect the information assets owned by LCMF.
  • 5. This security policy will give an overview of procedures for the following: user account access, password requirements, network access, hardware firewalls, encryption use, logging practices, physical building/hardware access rules, Intrusion Detection System (IDS)/Intrusion Prevention (IPS) System & regular vulnerability assessments User Account Access: All user access attempts will be authenticated by a user name and password. There will be specific permissions provided to account access rights according to employees job position (i.e. system admin, CIO, Doctors, etc.). The user name and password assigned to employees should NOT be shared. If an employee is found violating this policy, disciplinary actions will be applied. User accounts will also organized into groups. Rights and access permissions will be granted individually to users or to agroup, in which case they also apply to the group’s members. There will also be Special user accounts, (also known as maintenance accounts), these individuals will be used for maintaining and managing the network. These accounts will be renamed and only used for performing maintenance functions. Standard accounts will be used for regular day-to-day activities. Additional rights and permissions will be added to users only if it is needed for the job duty or promotion of job that require it. When a user account is no longer needed the account will either be deleted (i.e. if an employee leaves the company) or disabled (i.e. if the employee will be gone for an extended period), so that no one has access. Password
  • 6. Passwords are a very important to information security. Passwords must be at least eight characters long .Password should also have three of the following requirements: include uppercase characters lowercase characters numbers (0-9) And/or non-alphanumeric (For example:!, $, #, or %) Three password attempts are allowed. If failure to login occurs, user will be locked out and Administrative password will be required for access. We will also enforce password history, users will also have to create at least 25 passwords (includes current one). This will keep users from reusing old ones making the network more secure. There will be a maximum password age. Users will be notified days before to change passwords. The user must be changed every 60 days. Employees may not disclose their passwords to anyone or display it anywhere where it may be seen. Network access We will be using a network management system to monitor and maintain the network. This program is crucial for the up-to-date information on the health of the network. Network management system reduces the time involved in managing the network by performing performance checks, configuration changes as well as notifying of network failures. Employees are permitted to use only those network addresses issued to them by LCMF information security personnel. Employees cannot extend or re-transmit network services in any way. This means you must not install a router, switch, hub, or wireless access point to the LCMF network without LCMF information security personnel approval. Employees cannot install network hardware or
  • 7. software that provides network services without LCMF information security personnel approval. Employees are not permitted to alter network hardware in any way. Desktop workstations will only have wired access. Laptop can use wired or wireless access. Also, Wireless access will be secured by WPA2. Encryptions use Physical building/ Hardware access rule The Server room can only be accessed with a passcode as key. Only IT administrative employees will have access. The room will be kept at 70 degrees Fahrenheit. Intrusion Detection System Intrusion detection is very important in enforcing organizational security policy Intrusion detection systems provide assurance that the systems and networks are secure from identifiable threats and/or threat agents.Audit logs from the perimeter access control systems will be monitored/reviewed daily by the security analyst. System integrity checks of the firewalls and other network perimeter access control systems will be performed on a monthly basis. Host based intrusion tools will be checked on a weekly basis. All trouble reports will be reviewed for anything that indicates intrusive activity. All suspected and confirmed instances of successful and attempted intrusions must be immediately reported. Procedure for violating security policy
  • 8. If any employees are found guilty of violating these security policy procedures, they are subject to the following: Verbal/ written warning, Final warning, and/or Suspension or Termination. DISASTER RECOVERY POLICY The Disaster Recovery Plan ensures data integrity and redundancy in the case of unexpected data loss (i.e. power outage, fire, water damage). Since the information being held by this facility is so critical, we suggested having two separate disaster recovery plans. These plans can be separated into the onsite disaster recovery plan and offsite disaster recovery plan. Onsite Disaster Recovery Plan Our Onsite Disaster Recovery begins with having generators in the case of sudden power failure. There will be generators to support each building on the facility’s campus. These generators will be powered by the electricity that they constantly store during normal electrical utility conditions. Though the servers provided in the proposal are top-of –line, we have also included a plan in the case of a server failure. This plan entails having two complete servers to run the facility. There will be a third stand-alone server strictly used for back-up. This server will daily conduct a full back- up of each of the other two servers. This server will also take hourly images of each of the servers to stay up-to-date through-out the day. Offsite Disaster Recovery Plan The Offsite Disaster Recovery Plan is in the case of loss of communication with all three of the onsite servers. Our Offsite Disaster Recovery Plan involves a third party. This party is the Cerner Corporation. Cerner provides a service called Skybox that is a cloud backup of a medical facility’s
  • 9. medical files. The files are sent from the facility’s servers to the cloud daily. These files are encrypted. The files are accessible by the medical facility at any time through Cerner programs and the online cloud. BUDGET
  • 10.
  • 11. PHYSICAL NETWORK AND LOGICAL DIAGRAM WRITTEN DESCRIPTION Networking/Logical Design The network design perfectly suits the situation of this facility. Let’s begin with the four servers that will be implemented. The Bridges Since the two buildings cannot be connected through a physical means, the buildings will be wirelessly connected through two Cisco WET200 Wireless-G Ethernet bridges. One bridge will be located in the main building and the other in the datacenter. These bridges have an uninterrupted line of sight. Servers Dell Power Edge 1620 Power servers will be used for this project. There will be 3 servers at the data center. 1 of these servers will be for the patient’s files. Another server will be allocated for the website, email, print, and employee files. The third and final server will be used solely as a backup server for the other two (For more information on this server, please refer to the Onsite Disaster Recovery section). The fourth and final server will be a print server. It will be located in the main building. Each of these servers will be secured by an individual firewall. Switches This proposal calls for multiple switches to organize the many departments. There will be
  • 12. one switch to separate the 3 servers located in the data center. There will be one more switch also located in the data center for the IT department that is within the building. The other 9 switches will be used to separate the numerous departments in the main building. Wireless Routers There will be a Cisco 891W Gigabit EN Security Wireless Router on each floor of the facility. The routers will be WPA2 protected. The router access will only be available to employees. Desktop Workstations The onsite workstations will have HP Compaq Pro 4300 All-in-one PC. Each of these workstations will run Windows 7 and only Windows 7. Laptops A Dell Latitude E5430 laptop will be to each employee that requires a mobile computer. These laptops will be pre-imaged to have all of the programs necessary for the employee’s job. (The operating systems and specs of all computers will be standardized to an extent so that maintenance is simpler.)
  • 13. Group Member Contributions Nephtalie Pierre contributed to the final product in many ways. Nephtalie was in charge of researching and writing the following: Executive summary, Security policy, and the budget for the network policy. The executive summary just consists of the basic overview of the whole report. The security policy was the longest part to do. Nephtalie researched a lot on the different type of security policies and then proceed to write the network security policy from there with help of the book as well as other internet resources. The budgetwas also time consuming. Researching included: finding the best hardware that would best compliment the new network design as well as looking for the most cost efficient equipment. She also initiated and organized meetings for this group project. She also compiled the final product together.