Complete Computer Network Infrastructure for a Real or Ficticious Business - Research Paper Example

?Contents 3 2 Introduction 3 3 Network Architecture 4 4 Wide Area Network 13 5 Proposed Network Model 21 6 Network Security 23 7 DNS 25 8 Wireless Networks 26 9 Conclusion and Recommendations 28 10 References 29 1 Abstract We have assumed a proposed network of a hospital that will remotely connect to maternity homes. Our IT strategy executes by defining the topology of the network. The topology will define the structure of the entire network along with preferred cable to be used. Secondly, hardware specification of all departmental workstations and will be carried out along with the cost. After defining the specification, we will address network devices along with switch and router deployment. Moreover, we will define all the associated servers that will play a vital role in synchronizing data with remote offices in this scenario. Furthermore, a proposed network diagram will be represented for each site i.e. site 1 and site 2. Sub netting will play a dominant role in breaking down global IP addresses into local IP addresses for each node on the network. For the WAN architecture, we will discuss the technologies, protocols and services that will be used for connecting these sites together. Moreover, for maintaining and monitoring the network, we will discuss network security features that will be implemented in this proposed network. The RADIUS access server will provide synchronization of data between both sites operating on a Virtual Private Network. In addition, Domain name Service will also be discussed. 2 Introduction Organizations associated with health care needs to acquire up to date technological trends in delivering patient care at the optimal level. Medical information systems developed for supporting health care, facilitate organizations to align with best practices and quality and to make these health organizations successful in the market. However, acquiring and maintaining computer networks can be a difficult task along with its alignment with the goals and objectives of the organization. Moreover, along with the alignment with organizational objectives, involvement of all stakeholders in the implementation of a network is vital for understanding the purpose and benefits. Likewise, customization of network design is a requirement for supporting organizational goals and objectives, which can be a complex task. 3 Network Architecture 3.1 Topology We will apply star topology, as the network design will follow a centralized server / client architecture. Star topology will provide centralized administration and configuration of all the nodes on the network. Moreover, star topology initiates low broadcasts on the network, consequently, consuming low bandwidth and at the same time making the network capacity on optimal levels. 3.2 Workstations The minimum hardware specifications of the workstations that will be installed in the current scenario are: System Specification Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive DVD Drive 16 X Chassis Thermal HT Support 3.3 Network devices Network devices are the objects for any network. The network functionality relies on the network devices .The dependability of the network devices emphasizes on the requirements of the organization. For example, an organization dealing with 3D animation and rich media may require a Gigabit Ethernet rather than Fast Ethernet. This is because the subordinates share the animated data among themselves for various purposes. The 3D animation contents are large in volume and require gigabit Ethernet for moving files at a high speed within the network. Hospitals may share high quality medical images with remote offices, resulting in a consideration of bandwidth requirement of the Internet or site to site VPN as well. 3.4 Switch Implementation Fast Ethernet switches will be implemented instead of hubs. Switches are more powerful and intuitive as compared to hubs. There are 6 departments excluding the board room. Six fast Ethernet 10/100 switches will be installed in each department. The switches will be connected to the router. 3.5 Router Implementation Routers are implemented on a Wide Area Network (WAN) as well as on the Local Area Network (LAN). There are six switches in each department. For eliminating the unnecessary broadcast within a LAN domain, the Access Control List can be configured to minimize the unwanted broadcast from each network node. Access rights and permissions can also be configured for restricting the user at certain levels. 3.5.1 Access Control List (ACL) The ACL can be configured for restricting and allowing the access of any network resource to the specific user or group of users. Likewise, it provides “a mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted or denied access to the resource” (Access control list.2007). Suppose, in the current scenario, board room required access to all the network resources. In this case, the user available in the board room is permitted to access to all the resources of the network. The IP address of the system in the board room will have access to every host in every department. 3.5.2 Routing Information Protocol (RIP) As per network dictionary it is defined as “Routing Information Protocol (RIP) is a standard for exchange of routing information among gateways and hosts. This protocol is most useful as an “interior gateway protocol”. It is also knows as Interior Gateway Protocol (IGP). Frame Relay protocol is implemented for WAN networks associated with LAN internetworking. It functions on the physical and data link layer of the OSI model, to endow with robust and efficient mechanism for transmitting data. The transmission encompasses multiple routers and switches. Moreover, this protocol is identical to X.25 protocol that activates stations located at the end to share dynamically the network and bandwidth available. Two techniques are associated with Frame relay: As it is based on packet switching, the two techniques are Variable length Packet technique and statistical multiplexing. However, frame relay does not ensure data integrity and drop packets in network congestion issues. Besides, it is considered as a highly reliable data delivery protocol. Frame replay uses virtual circuits as a data communication channel. Virtual circuits are considered as a logical connection from source to destination. Moreover, these virtual circuits provide two-way communication channels between the uniquely identified terminal devices, identified by Data Link Connection Identifier (DLCI). Furthermore, these virtual circuits can be categorized as Permanent Virtual Circuits (PVCs) and Switched Virtual Circuits (SVCs) (Protocols Guide: Wide Area Network and WAN Protocols: Other WAN Protocols: Frame Relay: WAN Protocol for Internetworking. 2007). PVC’s are configured for a dedicated point-to-point connection and SVC’s are used for normal transmission. On the other hand, Frame Relay protocols have some disadvantages associated with PVCs. The pricing is not effective for PVCs as compared to other PVCs, or else a small amount of incentive will be achieved from changing PVCs to SVCs. Carriers and router vendors were not up to the pace to cope up with frame relay SVC’s, because other routing protocols offer steady and secure PVCs (Protocols Guide: Wide Area Network and WAN Protocols: Other WAN Protocols: Frame Relay: WAN Protocol for Internetworking. 2007). 3.5.3 OSPF (Open Shortest Path First) The Open Shortest Path First (OSPF) is associated with an interior gateway protocol. It is configured for routing among routers incorporated with a single Autonomous system (AS). Autonomous system is a single network or a group of networks, which operates on a sole supervision or administrative control. The Autonomous system may include group of all the computer networks that are owned by an organization or any universities and colleges. There is a possibility that 'Engima Media Resources' can own more than one autonomous system. The prime concept is to independently supervise each autonomous system by providing value to BGP. The autonomous system is also referred as 'A'. OSPF operates on the link – state technology that interconnects routers to share information related to each other. Moreover, each router on which OSPF is configured maintains the similar database reflecting the autonomous system’s topology. OSPF redirect packets by using the parameters such as destination IP address which is located at the packet header. OSPF also allows grouping for the sets of networks and the grouping of networks is called an area. However, the Autonomous system cannot identify the topology of this area, and is hidden. The hidden characteristics minimize routing traffic to a significant level. Moreover, only the topology identifies routing in that specific area resulting in minimizing issues due to faulty or dire routing on the 'Engima Media Resources' network. The OSPF version 2 is optimized only for IP v4 configurations. It supports CIDR and externally derived tagging for routing information. Moreover, it is secure, as it provides authentication and IP multicast. Other features, such as Variable Length Subnet masking (VLSM) are also supported. Furthermore, OSPF version 3 is optimized for IPv6. When comparing OSPF version 2 with version 3 following additions and modifications are highlighted: 1. The removal of addressing semantics is considered from OSPF data packets along with the basic LSAs. 2. The development of new LSAs is conducted to carry addresses and prefixes associated with IPv6. 3. Instead of a per IP subnet basis, OSPF functions on a peer link basis. 4. Generalization for the flooding scope of LSA's is considered. 5. Previously OSPF relies on IPv6 encapsulation security payload and authentication header. Authentication has now been removed from the OSPF protocol. 3.5.4 EIGRP (Enhanced interior gateway protocol) EIGRP is a Cisco proprietary protocol that operates via advance distant vector. This protocol executes ‘hello’ protocol in order to maintain relationships with the neighbor routers. Moreover, EIGRP transmits a complete routing table in the startup phase and whenever there is a modification in the routing table, it triggers partial updates on a multicast IP address i.e. 224.0.0.10. Furthermore, EIGRP is a classless protocol that supports authentication, robust communication, stores backups for best routes in order to use them in the future, and uses Diffusion Update Algorithm (DUAL) to compute routing updates. If the query packets fails to update the routers and no backup is maintained in the topology table, alternates routes are requested in order to establish a separate valid route in the routing table. EIGRP maintains an administrative distance for internal routes is 90 and for external routes 170. In addition, EIGRP has the capability to recognize internal and external routes along with impartial load balancing support. 3.6 Servers The network server can be a domain controller, firewall or Windows NT server. The requirement of the network server will emphasize on the requirements of the network. A large Network containing network nodes more than 50 may require a domain controller for the administration and configuration of user accounts and permissions. 3.7 IP Addressing Scheme IP version 4 scheme is best suited and cost effective for LAN implementation. The IP v6 required a high budget as the network devices supporting IP v6 are expensive, equipped with the latest technology as compared to the IP v4 Network devices. Suppose we have: Total Number of hosts = 62 IP Addresses range: 192.168.0.1 to 192.168.0.255 Total Usable IP addresses: 192.168.0.3 to 192.168.0.254 = 252 Gateway IP address: 192.168.0.1 Router IP Address: 192.168.0.2 VLAN can be implemented on “layer 3” switches to provide different IP addresses for each department. 3.7.1 Allocation of Network and Host 192.168.0.1 The blue digits represent the network part. The brown digits represent the Host part. 3.7.2 Splitting up of IP Address Class Range Network Address Host Address A 0-127 xxx xxx.xxx.xxx B 128-191 xxx.xxx xxx.xxx C 192-223 xxx.xxx.xxx xxx Figure 3.3 In Figure 3.3, the range is specifying the class of the P address. The network and host addresses are showing the available bytes for allocation. 3.8 Cabling For implementing this network, “CAT 5” cable is used. The length required for each switch depends on the distance and the location of the router. Wikipedia defines it as a “ Category 5 (CAT-5 or CAT5) is a type of network cabling that consists of four twisted pairs of copper wire terminated by RJ45 connectors. Cat-5 cabling supports frequencies up to 100 MHz and speeds up to 1000 Mbps. It can be used for ATM, token ring, Ethernet 1000Base-T, 100Base-T, and 10Base-T networking. Cat5 is one of ?ve grades of UTP cabling described in the EIA/TIA-586 standard” (Category 5 Cable. 2007). 3.9 Cost The cost is calculated separately for each department. The cost includes, network devices, Workstations and Operating system software. 3.10 Administration Department System specification and cost including Windows Vista Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstations 300 x 18 = 5400 Euros Network device Specification and cost Network switch 100 Euros Total cost of network 100 Euros Grand total cost 5500 Euros 3.11 Human resources System specification and cost including Windows Vista Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstations 300 x 9 = 2700 Euros Network device Specification and cost Network switch 1 x 100 = 100 Euros Total cost of network 100 Euros Grand total cost 2800 Euros 3.12 Accounting System specification and cost including Windows Vista Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstations 300 x 13 = 3900 Euros Network device Specification and cost Network switches 1 x 100 = 100 Euros Total cost of network 100 Euros Grand total cost 4000 Euros 3.13 Media Relations System specification and cost including Windows Vista Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstations 300 x 4 = 1,200 Euros Network device Specification and cost Network switches 1 x 100 = 100 Euros Total cost of network 100 Euros Grand total cost 1,300 Euros 3.14 MIS 1. System specification and cost including Windows Vista Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstations 300 x 6 = 1800 Euros Network device Specification and cost Network switches 1 x 100 = 100 Euros Total cost of network 100 Euros Grand total cost 1900 Euros Total Cost: 5500 + 2800 +4000 + 1300 + 1900 = 15,500 Euros Router cost: 2000 Euros Cable Cost approx. 2000 Meters = 500 +15,500 + 2000 Grand Total = 18,200 Euros. 4 Wide Area Network As per network dictionary, wide area network is defined as “a computer network covering multiple distance areas, which may spread across the entire world. WANs often connect multiple smaller networks, such as local area networks (LANs) or metro area networks (MANs)”.Hospital premises will be equipped with broadband access that will provide “a high data-transmission rate Internet connection. DSL, ADSL, Wireless WAN and cable modem, all popular consumer broadband technologies, are typically capable of transmitting 256 kilobits per second or more, starting at approximately four times the speed of a modem using a standard digital telephone line” which can also be called Digital Subscriber line. The DSL is implemented for catering the needs of the school network. A device used to connect to the telephony company for Internet access (DSL modem. 2010).There is no superior requirement for downloading data from the Internet. The student network runs on the local area network. DSL supports up to 3 Mb/sec downstream speeds in an asynchronous mode means only the downstream. The upstream speed is from 128Kbps to 768 Kbps. 4.1 RADIUS Server Benefits and Requirements As per network dictionary, “Remote Authentication Dial In User Service (RADIUS) is a protocol for carrying authentication, authorization and con?guration information between a Network Access Server which desires to authenticate its links and a shared Authentication Server. RADIUS uses UDP as the transport protocol. RADIUS also carries accounting information between a Network Access Server and a shared Accounting Server”. Likewise, RADIUS is a security protocol and a “de facto standard protocol for authentication servers” (Remote Authentication Dial In User Service Security. 2007) that is based on a client/ server architecture and RADIUS server stores security information. Likewise, the clients establish connectivity with the RADIUS server for authentication. By acquiring the RADIUS server, Jan and Kim will have the following advantages: Data related to security will be distributed on the network and may include several devices that may interact with the security data. The RADIUS server will cater all the security data within the network and stores it on one location or workstation or on a storage device. In this way, risks and vulnerabilities associated with the security data will be mitigated. Moreover, the host that will store the security data will be considered as the RADIUS server (Overview, n.d). Moreover, RADIUS is a flexible protocol that can be tailored according to organizational requirements. Addon advantage is that RADIUS can also be integrated with Microsoft operating system environment, as they support RADIUS functionality (Overview, n.d). Furthermore, information related to security is stored on text files at a centrally located that are the RADIUS server. If there is a requirement of adding new users, network administrators will only update the text file for updating new user information to the database. As the RADIUS server supports event logging that provides a comprehensive audit trail that may support RADIUS accounting features. Moreover, log files can be analyzed for security aspects or can be utilized for billing purposes. Supported Platforms are (Overview, n.d): SunOS 4.1.4 Solaris 2.5 HP/UX 10.01 Linux 1.2.13 (ELF) AIX 3.2.5 SGI Irix 5.2 DEC Alpha OSF/1 3.0 BSD/OS 2.0 4.1.1 RADIUS Server Requirements By implementing RADIUS server in a domain environment, synchronization with the user account database is achievable. Moreover, RADIUS server also provides a centralized administration of network policies and connection logging for accounting. Furthermore, for achieving centralized authentication, authorization and accounting for several access servers, RADIUS server is recommended (,RADIUS server). 4.1.2 RADIUS Server Installation Procedure This section includes a step by step installation guide for installing a RADIUS server. However, in server 2008, RADIUS installation is performed by a network policy server. Figure 5.1.2.1 In fig. 5.1.2.1, ‘network policy and access services’ will be selected, as this will be the first step in defining server roles. N Figure 5.1.2.2 As shown in Fig. 5.1.2.2, click the ‘Next’ button and continue, Figure 5.1.2.3 In Fig. 5.1.2.3, The network administrator will select a role according to the services required. Figure 5.1.2.4 The next step will be to select and install the role service that will be used for network policy and access services, shown in Fig. 5.1.2.4 Figure 5.1.2.5 After installing the role service, a summary will be displayed including all the selected options and configurations. Click ‘Install’, as shown in Fig. 5.1.2.5 Figure 5.1.2.6 After installing role services, now there is a requirement of configuring the network policy server. It can be found in the administrative tools, as shown in Fig. 5.1.2.6 Figure 5.1.2.7 In fig. 5.1.2.7, the network administrator will select the configuration scenario for setting up RADIUS server. There are total three scenarios available i.e. network access protection, RADIUS server for wired connections and RADIUS server for VPN and Dial-up connections. Figure 5.1.2.8 After selecting the configuration scenario, the network administrator will assign IP addresses, friendly name and shared secret, as shown in Fig. 5.1.2.8 Figure 5.1.2.9 The last option will be to specify the user groups that are already created in a domain environment. The network administrator will only add those user groups who need RAS security. 4.2 DNS Server Primary reason for maintain a private DNS server ensures security, reliability, robustness and consistency. In order to provide security, clinical staff residing in both sites will access the DNS server via 128 bit encryption with SSL connections. Moreover, security controls must be up to date on the servers, for instance, security patches. DNS servers also provide error checking so that websites can be resolved without disruption. Moreover, network administrators can manage many Internet domains and sub domains. As the proposed network is connected to an Internet gateway, DNS server is required to resolve IP addresses into host names. Likewise, a DNS server is also required for identifying network nodes. For instance, if any user wants to share a file, DNS will resolve the IP address of that computer to a specific computer name that is easy to understand. Moreover, the DNS server will also maintain host names and IP addresses and all the computers available on the network. If we move one step further, step by step process for a typical DNS process consists of a file that is transmitted to a specific location i.e. on the Internet or computer within the network, the request will initially reach to the DNS server for translating hostname to IP addresses. After retrieving the required IP address, connectivity will be established for transferring the file. A DNS server is recommended because it will provide security, reliability and fast access to web requests. 5 Proposed Network Model 5.1 Site 1 Local Area Network Figure 2.1 5.2 Site 1 & Site 2 VPN Point to Point Connectivity Figure 2.2 Fig 1.1 demonstrates a proposed local area network of a hospital, as workstations are connected to a fast Ethernet switch. Ports of the switch will depend on the number of users. However, the number of hosts will specify the number of ports required for each department. Likewise, switches are connected with a CAT 5 cable capable of transferring data in Gigabits / Sec. Figure 2.2 demonstrates servers, security appliances, network components, and site to site VPN connectivity along with configuration of features in both routers i.e. Site 1 router and Site 2 router.MD5 hashing, Point to Point tunneling protocol, Virtual Private Network and CHAP configuration will be implemented on the router located at Site 1. If any user wants to establish a WAN connection between these two sites, there is a requirement of a VPN dialer and user credentials for logging into the VPN of the hospital. Moreover, for granting or denying Internet access within the entire network, Microsoft Internet Security and Acceleration server will administer Internet access management. Likewise, a network administrator can bind an IP addressed by the system or the MAC address to enforce compliance with policy violation issues. Moreover, a comprehensive security features are embedded within the network. MD5, PPP, CHAP, ACL and a domain environment is proposed to monitor, evaluate and maintain network services and applications. 6 Network Security Security incident handling is the continuous process which prevail the activities before, during and after a security incident occurs. Security incident handling commence with the arrangement and preparation for the resources, and developing appropriate measures to be pursued, such as the escalation and security incident response processes. Organizations must develop a security policy for handling incidents. The security policy exhibit management commitment for supporting information security. When a security incident is perceived, security incident response is prepared by the responsible teams following the predefined measures and actions to be performed. The team represents the behavior or actions carried out to deal with the security incident and to reinstate the system to normal operation. Precise incident response teams are usually created to perform the tasks of creating security incident retort. When the incident is handled, actions will be taken to follow up and evaluate the incident. This action is performed for strengthening security protection to prevent recurrence. The revision of planning and preparation task is completed and revised accordingly to make sure that there are ample information security resources. They include manpower, equipment, technical expertise and properly defined procedures to deal with potential incidents. 6.1 IMPORTANCE OF SECURITY Organization must develop a security incident handling plan. The plan is vital for the effective operations of the computer environment. Organizations need to ensure for the required resources are available for handling the incidents occur. All parties must know regarding their responsibilities and have a clear understanding related to the task they will perform if any incident issue occurs. They must follow a pre-defined procedure. The teams should perform actively for handling the security incident for recovering the issue in minimum downtime. The response activities should be coordinate with each other with clear understandings. Reduce the probable impact of the incident in terms of information breach and system interruption etc. The experience of how the incident has been solved and what expertise was utilized needs to be shared between each member of the incident response team. The prevention of further attacks and damages Tacking the legal issues 6.2 Key Elements to be protected Computing equipment having external connection, e.g. Internet Databases having critical financial data and information Mission critical systems Other systems having a highly adverse impact if a security incident takes place. An incident management team is required for managing network incidents via a proper plan. Incident response teams consist of groups of professional responsible for eliminating information security incidents when they take place (Anon.2007b). The group of people consists of customer support specialists, system administrators, information security managers, Information security officers, and chief information officers. 7 DNS 7.1 Important Components of DNS A typical DNS server requires configuration of critical components in order to work correctly. One of these components is the Resource Records (RRs), as these records are configured to handle several tasks including the translation of URL’s in to IP addresses, identification of host and host names i.e. the web server on which the website is hosted and processes associated with mail exchange functions. 7.2 Size and Function of Domain Name System DNS logical architecture resembles a tree structure that works from top to bottom along with branches that are called leaves i.e. every single branch represents a leave. Likewise, the main branch also called as node from where the tree originates extends from top to bottom represents the root. Nodes can be represented as .org, .com, .ws etc. identifies label of the website. If the length of the website is long there will are more branches and nodes associated with it. Likewise, while considering a URL from a DNS structure representing tree, labels are selected from the direction i.e. from left to the right. In the current information age, many DNS servers are in operation in the UK that are controlled and managed by many companies that are located throughout the world. However, only technical issues are handled by these organizations. Moreover, if any technical modifications and configurations are required in the DNS server for example, changes in the operational procedures required for minimizing security threats, these organizations are accountable for these changes and not the governmental and legislative bodies. 7.3 Effect of UK Legislation on DNS Operations and Limitations As mentioned before, DNS servers are operating throughout the world for connecting computer networks, data and information exchange, there is less likelihood that these DNS servers requires shutdown or blocked by the effected country officials. However, in some cases, for countering a global threat, changes or temporary blocking may be required to restrict certain websites in effected regions, for instance in UK, for a limited time period. 7.4 Prime Limitation of DNS Operations Purpose of the DNS was to balance the load between numbers of servers. Nevertheless, the framework via which the load is divided between numbers of servers does not provide assurance for accurate load balancing. Consequently, the prime limitation of DNS is the inadequate load balancing between the servers. 8 Wireless Networks 8.1 Radio Frequency Solution The radio frequency solution is quite achievable in the current scenario. As the hospital remote offices require wireless connectivity ‘access points’ are of major concern. ‘Access points’ are the deployed to connect devices equipped with wireless technology. ‘Access points’ transmits and receive radio signals adjacent to a network hub over a limited distance. However, distance varies from different model types and the technology adopted. An IEEE 802.11n wireless network standard is recommended for connecting all the city government offices. 802.11n supports transmission speeds up to 150 Mbps and beyond. 802.11n works on 2.4 GHz and 5 GHz frequency bands. Cisco is recommended for the Wi-Fi solution. Three major devices that are associated for implementing the wireless fidelity solution are: Cisco 4400 wireless LAN controller Cisco Aironet 1500 Series Access points Cisco 3300 Series Mobility Services Engine Aironet 1500 access points are mounted on the most adjacent spot of the other access point on the buildings or roofs. The hardware cost is around 2000 $ for deploying 4 access points. However, there is no limitation of creating a line of sight as shown in Fig 1.1. 8.2 Radio Frequency Network Design 9 Conclusion and Recommendations For establishing a network from the scratch, we have designed a proposed network of a hospital connecting to other sites via VPN. Likewise, for implementing a VPN, point to point connectivity is established, as shown in the proposed network diagram. Moreover, for securing and monitoring the network, Microsoft Active Directory, RADIUS, Domain environment, CHAP, MD5 and ACL is implemented. Furthermore, for providing Internet connectivity, Microsoft ISA server is deployed for managing Internet and file sharing access throughout the network. In addition, hardware specifications of all the workstations are demonstrated in the tables. Recommendations for deploying a site to site connectivity provides adequate security, no bandwidth sharing, dedicated leased line and Quality of Service (QoS). 10 References Access control list. (2007). Network Dictionary, , 17-17. Broadband Internet Access. ( 2007). Network Dictionary, , 76-76. Category 5 Cable. (2007). Network Dictionary, , 88-88. DSL modem. 2010. Computer Desktop Encyclopedia, , pp. 1. Remote Authentication Dial In User Service Security. (2007). Network Dictionary, , 409-409. Wide Area Network. 2007. Network Dictionary, , pp. 525-525. Read More