I'm taking my first InfoSec course, and we have to write a paper in software and hardware vulnerabilities of an organizations IT infrastructure.
I chose a hospital. It's kind of odd, this course has no prerequisite, and I haven't started my networking courses yet, so I know zero.
But I have to define the network infrastructure. I was hoping someone here could help. It doesn't have to be "real," just basic and requires a minimum of 2 LANS connected by a WAN link. In a small hospital that's gone paperless, how many different LAN's would you expect to have? All of their imaging and patient records are digital.
I think that this is too broad for anyone to give any answers specific enough to follow. Here are some guidelines and a few examples for you to consider before making up your own solution:
Hospitals are subject to a bit more scrutiny due to HIPPA laws restricting patient information. In comparison to other company networks in today's world, they are all mostly the same in security except for how the company policies are written. Every company worries about network security, not just hospitals and the government. Most of this is more specific to the client/server access of the PCs to the servers and the files and databases within the servers. General data network connections and infrastructure data access may not need to address this for your topic so you can look into that after the majority of the design is drafted.
You stated that you need a minimum of 2 LANs connected by a WAN link. Consider that this hospital has a main campus and another location on the other side of town. For this writing, I will call them "General Hospital West" and "General Hospital East" as if they were on opposite sides of town.
WAN is pretty simple because of the less detailed overview. If the hospitals are in the same metropolitan area, a telecomunications company will provide a data connection between sites. Perhaps a T-1 line capable of 1.5mb/s (megabits per second) across the strech of land, perhaps 20 miles, might run a couple hundred dollars a month. Perhaps leasing 2 T-1 lines and having 3mb/s would be better. Are all of the file servers and e-mail servers in the west hospital? Perhaps a total of 6mb/s is better. Are there file servers and e-mail servers in both locations to reduce going across the WAN? Perhaps just 1 or 2 T-1 lines would be fine. If you want to go beyond the common T-1 line solution, research the idea of having ethernet connections provided by a telecommunications company that connects both remote sites together. Some may call this metro ethernet or perhaps behind the scenes the telecommunication company uses a fraction of a T-3 line (45mb/s) and coverts this to a 10mb/s ethernet connection on both ends. You pay based on the bandwidth provided in most cases. Possibilities include point-to-point T-1, ATM T-1, frame-relay using T-1 (multipoint cloud), MPLS multi-point cloud using T-1 or other connections, VPN across the Internet, direct ISDN dial-up, and many other WAN technologies. Now that you have some ideas for a WAN connection between sites, which would be connected to routers on both sides, consider having two different telecommunications companies provide WAN connections. There might be a need for this in case one WAN conection has a problem or the telecommunications company plans scheduled maintenance on the connection. Also consider having two routers on each end, one corresponding set for each vendor's WAN connection, in case your own equipment needs maintenance or has a problem. This shows that you are considering redundancy and continuing operation in case of a realistic connection problem. A down WAN link would impact the
24/7 operation of the important work of the hospital staff and might be worth the extra cost.
LAN structure can have many different configurations. WAN between two sites is simple because there is really one connection (or one set of connections) between them. A LAN can have hundreds of PCs, network printers, servers, and other systems that could be structured and semented in a number of ways. The easiest topology is that of a pyramid. The bottom consists of bundles of hosts (PCs, printers, etc.) in groups that connect to ethernet switches at the next level up. This is called the "access layer" by Cisco textbooks to show that this provides the PCs with basic connections into the network. Several of these access switches connect at the next higher layer to routers. Several of these routers connect into the core equipment of the LAN that interconnects everything, including a connection to the Internet (optional but practical) and the WAN link to the other location. One approach used by many text books is to divide that "access layer" by department. In this case, all radiology PCs and network printers connect to a radiology department switch, all emergency room PCs and network printers connect to an emergency room department switch, and so on. Several switches connect into each router and all of these routers connect into a core router or switch. Yes, a switch at the core is the Cisco model mindset but it is workable because this core switch interconnects the links between the intermediary routers. In review, the top (core layer) of the pyramid is a big router or switch. The middle layer (distribution layer) has many routers which have connections to each other through the big router or switch in the layer above. The bottom layer (access layer) contains all of the ethernet switches that the hosts connect to and several of these switches connect into a router in the layer above.
----- Scott Perry Indianapolis, IN
-----
wrote in message news: snipped-for-privacy@4ax.com...
Mitch remember on June 24th when giving advice about the CCENT I said to you "Do this before you start thinking about a security course. If you don't know about how a router works, binary math, IP Addressing, ACLs, routing protocols, etc., you'll struggle with how to secure a network."?
You didn't listen to me then, why would I think you'd listen now?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.