Need some help for a paper I'm writing

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I'm taking my first InfoSec course, and we have to write a paper in
software and hardware vulnerabilities of an organizations IT

I chose a hospital.  It's kind of odd, this course has no
prerequisite, and I haven't started my networking courses yet, so I
know zero.

But I have to define the network infrastructure.  I was hoping someone
here could help.  It doesn't have to be "real," just basic and
requires a minimum of 2 LANS connected by a WAN link.  In a small
hospital that's gone paperless, how many different LAN's would you
expect to have?  All of their imaging and patient records are digital.

I'm at a loss.

Re: Need some help for a paper I'm writing
I think that this is too broad for anyone to give any answers specific
enough to follow.  Here are some guidelines and a few examples for you to
consider before making up your own solution:

Hospitals are subject to a bit more scrutiny due to HIPPA laws restricting
patient information.  In comparison to other company networks in today's
world, they are all mostly the same in security except for how the company
policies are written.  Every company worries about network security, not
just hospitals and the government.  Most of this is more specific to the
client/server access of the PCs to the servers and the files and databases
within the servers.  General data network connections and infrastructure
data access may not need to address this for your topic so you can look into
that after the majority of the design is drafted.

You stated that you need a minimum of 2 LANs connected by a WAN link.
Consider that this hospital has a main campus and another location on the
other side of town.  For this writing, I will call them "General Hospital
West" and "General Hospital East" as if they were on opposite sides of town.

WAN is pretty simple because of the less detailed overview.  If the
hospitals are in the same metropolitan area, a telecomunications company
will provide a data connection between sites.
Perhaps a T-1 line capable of 1.5mb/s (megabits per second) across the
strech of land, perhaps 20 miles, might run a couple hundred dollars a
month.  Perhaps leasing 2 T-1 lines and having 3mb/s would be better.  Are
all of the file servers and e-mail servers in the west hospital?  Perhaps a
total of 6mb/s is better.  Are there file servers and e-mail servers in both
locations to reduce going across the WAN?  Perhaps just 1 or 2 T-1 lines
would be fine.
If you want to go beyond the common T-1 line solution, research the idea of
having ethernet connections provided by a telecommunications company that
connects both remote sites together.  Some may call this metro ethernet or
perhaps behind the scenes the telecommunication company uses a fraction of a
T-3 line (45mb/s) and coverts this to a 10mb/s ethernet connection on both
ends.  You pay based on the bandwidth provided in most cases.
Possibilities include point-to-point T-1, ATM T-1, frame-relay using T-1
(multipoint cloud), MPLS multi-point cloud using T-1 or other connections,
VPN across the Internet, direct ISDN dial-up, and many other WAN
Now that you have some ideas for a WAN connection between sites, which would
be connected to routers on both sides, consider having two different
telecommunications companies provide WAN connections.  There might be a need
for this in case one WAN conection has a problem or the telecommunications
company plans scheduled maintenance on the connection.  Also consider having
two routers on each end, one corresponding set for each vendor's WAN
connection, in case your own equipment needs maintenance or has a problem.
This shows that you are considering redundancy and continuing operation in
case of a realistic connection problem.  A down WAN link would impact the
24/7 operation of the important work of the hospital staff and might be
worth the extra cost.

LAN structure can have many different configurations.  WAN between two sites
is simple because there is really one connection (or one set of connections)
between them.  A LAN can have hundreds of PCs, network printers, servers,
and other systems that could be structured and semented in a number of ways.
The easiest topology is that of a pyramid.  The bottom consists of bundles
of hosts (PCs, printers, etc.) in groups that connect to ethernet switches
at the next level up.  This is called the "access layer" by Cisco textbooks
to show that this provides the PCs with basic connections into the network.
Several of these access switches connect at the next higher layer to
routers.  Several of these routers connect into the core equipment of the
LAN that interconnects everything, including a connection to the Internet
(optional but practical) and the WAN link to the other location.
One approach used by many text books is to divide that "access layer" by
department.  In this case, all radiology PCs and network printers connect to
a radiology department switch, all emergency room PCs and network printers
connect to an emergency room department switch, and so on.  Several switches
connect into each router and all of these routers connect into a core router
or switch.  Yes, a switch at the core is the Cisco model mindset but it is
workable because this core switch interconnects the links between the
intermediary routers.
In review, the top (core layer) of the pyramid is a big router or switch.
The middle layer (distribution layer) has many routers which have
connections to each other through the big router or switch in the layer
above.  The bottom layer (access layer) contains all of the ethernet
switches that the hosts connect to and several of these switches connect
into a router in the layer above.

Scott Perry
Indianapolis, IN

Quoted text here. Click to load it

Re: Need some help for a paper I'm writing

Mitch remember on June 24th when giving advice about the CCENT I said to
you "Do this before you start thinking about a security course.  If you
don't know about how a router works, binary math, IP Addressing, ACLs,
routing protocols, etc., you'll struggle with how to secure a network."?

You didn't listen to me then, why would I think you'd listen now?

Mitch@_._ wrote:
Quoted text here. Click to load it

Site Timeline