138 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
5.1 Company overview
The cardio healthcare company is a healthcare provider that focuses on
providing specialized cardiovascular-related healthcare services in the US. The
company was founded in California and then expanded across the country. It
operates stand-alone clinics in several states, where each clinic occupies its own
building and provides preventive care and outpatient services. For surgery and
other inpatient services, the cardio healthcare company uses operating
environments in partner hospitals. The cardio healthcare company also
participates in research programs.
The cardio healthcare company maintains financial and confidential health
information about its customers (patients, research partners, and affiliated
hospitals). All records are kept in electronic form. One of the key applications is
Patient Web Portal, where, by using a personal portal page, patients can
access their personal health records, payment information, and so on. In
addition, email communication is available between patients and service
Because the cardio healthcare company works closely with a few pharmaceutical
companies on the latest drugs for heart disease, the exchange of confidential
research-related information is extensive. Research information is also kept in an
electronic form and shared over the network.
The cardio healthcare company has built a strong and long-term reputation and
financial stability over the past 15 years in the US. The company’s plan is to
expand its operations within the US and to open healthcare centers in
international markets.
The following section provides an overview of the information technology (IT)
infrastructure that supports this business.
5.1.1 Current IT infrastructure
The cardio healthcare company relies on two data centers: a primary site (in
Phoenix, AZ) and a
backup site (in Raleigh, NC). All production-related
operations are performed in the primary data center. In terms of production, the
backup data center is used for disaster recovery only.
Staying focused: The following sections describe company information that
is relevant to the security solutions of the Network, Server, and Endpoint
domain. It does not provide a complete description of the company nor
address all the necessary activities related to information security.
Chapter 5. Overview of scenario, requirements, and approach 139
The backup data center is also used for development and quality assurance (QA)
tests on the applications and the infrastructure. Most of the business applications
are web-based. All clinics are considered to have isolated internal networks that
communicate with the production servers at the primary site. The endpoint
systems in the intranet networks are primarily workstations running Microsoft
Windows. In addition, most of the clinic’s modern healthcare appliances (such as
electrocardiogram (ECG) and nuclear diagnostic imaging systems) are also
connected to its network and generate patient-related data, which is considered
part of a patient’s data record.
Figure 5-1 shows the geographical distribution of the provider.
Figure 5-1 Geographical distribution of the cardio healthcare company
The cardio healthcare company runs clinics in multiple US states. Each clinic
operates its own network, with multiple zones, and communicates with the
primary data center.
Primary data center
All customer-related information is stored on separate database entities that are
clustered to fulfill high availability (HA) requirements. Most business critical web
applications are deployed in a highly available configuration by using IBM
WebSphere® Application Server Network Deployment.
140 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
Web Security Servers (built on IBM Tivoli Access Manager technology) are in the
Internet demilitarized zone (DMZ) to manage access to the applications from the
Internet. The Web Security Servers help consolidate access management for the
external users who are accessing web applications. The Web Security Servers
perform centralized authentication and authorization before allowing access to
the web applications. Public web content is isolated on separate web servers and
is not protected with Secure Sockets Layer (SSL). All existing network
infrastructure components (such as firewalls, switches, and routers) are designed
and implemented in an HA (redundancy) configuration.
Application servers and database servers are in separate network zones and are
isolated from each other by using firewalls.
The IT standards of the cardio healthcare company require all servers to use a
UNIX or Linux technology-based operating system, with the following configuration:
򐂰 Application and database servers operate on IBM AIX®.
򐂰 Tivoli Access Manager Web Security Servers operate on Linux.
򐂰 The secure File Transfer Protocol (SFTP) server operates on Linux.
򐂰 Domain name servers (DNSs) and email servers operate on Linux.
򐂰 The server components deployed in the Management Zone operate on AIX.
Figure 5-2 shows several security components that are deployed in different
network zones, which are separated by firewalls.
Figure 5-2 Network zones in the current IT architecture of the cardio healthcare company

Get Network Intrusion Prevention Design Guide: Using IBM Security Network IPS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.