Healthcare Network System Design and Implementation

Scenario Description: Healthcare Network:

Jilo Health Services is a well-established health provider in USA, which offers health solutions and services to its clients. The institution operates in two locations within the same city, having the hospital headquarters 20km away from the branch hospital. Therefore, it has the following departments within its main headquarters Admin, IT, and Radiology. The branch hospital was designed to share the workloads with the headquarters hence it contains the following departments; Medical Services, Laboratory, Pharmacy, and Customer Services.
So far the network was using third-party services to maintain its IT services. The senior management has decided to own their network infrastructure including Local Area Network (LAN), Wide Area Network (WAN), and a Server-Side site that is expected to be located separately. The server-side site will host the DHCP server, DNS Server, Web Server, and Email Server. The network is expected to be cost-effective and observes the information security rule of the CIA (Confidentiality, Integrity, and Availability).
The network is expected to have a hierarchical model with two already purchased Core routers (one at HQ and one Branch) each connecting to two subscribed ISPs. Due to security requirements, it has been decided that all the departments will be on a separate network segment within the same local area network.
You have been hired as a network security engineer to design the network according to the requirements set by the senior management. You will consult an appropriate robust network design model to meet the design requirements. You will also implement Access Control Lists and Virtual Private Network (VPN) to enable secure communication considering security and network performance factors paramount to safeguarding Confidentiality, Integrity, and Availability of data and communication. The network security policy will comprehensively dictate the user's access to each site using Access Control List (ACL).

Assessment Criteria/Marking Scheme:

1. VLANs (Virtual Local Area Networks): Segment the network to improve security, reduce broadcast traffic, and organize traffic based on departments.
2. EtherChannel: Increase bandwidth and provide redundancy between the switches.
3. OSPF (Open Shortest Path First): Ensure dynamic routing between multiple network segments.
4. DHCP (Dynamic Host Configuration Protocol): Automate IP address assignment and management.
5. NAT (Network Address Translation): Enable internal devices to access the internet securely using a single public IP address.
6. Other Servers: DNS Server- Resolves domain names for internal and external use. File Server- Centralized data storage for employee collaboration. Web Server- Hosts the company’s internal applications and public-facing website. RADIUS Server- Provides centralized authentication for network access control.
7. SSH (Secure Shell): Enable secure remote management of network devices.
8. WLAN (Wireless Local Area Network): Provide wireless connectivity for employees and guests.
9. Site-to-Site IPsec VPN: IPSec tunnelling to enhance the security.
10. ISP Routers: Connect the company network to the internet.

Network Topology Created
The network topology below satisfy the user requirements above and everything is verified, tested and working fine.