Network diagram help :(

[revlmp2]

Would be very grateful for you're time looking at this.

Background
You are asked to study a small private microbiology laboratory that is located in Bedford and collaborates with 2 big hospitals. The examinations performed are ordered either by a registered GP (in which case the patient needs to have a referral for the tests to be paid), or privately (in which case the patient pays himself, in cash).
The laboratory consists of 8 employees: • 2 secretaries, that are responsible for answering phones, making appointments for blood tests and taking payment information from the patients. They are also responsible for posting the results (either using Royal Mail or a courier service). • 2 GPs, that are responsible for checking the blood test results and making recommendations. • 4 microbiologists that are responsible for processing the blood samples to get the results. • Lately, the laboratory’s reputation has spread, and it receives a lot of private patients that wish to have checkups. This has resulted in a great increase in telephone calls, asking to book appointments or get information of alternative methods of paying (for now only cash is accepted).
The laboratory’s computer network consists of 10 PCs on a simple Wi-Fi network: • Computers 1 and 2 - used by the secretaries to book appointments and hold transaction details. • Computers 3 and 4 - used by the GPs to access patients’ files, update them adding medication prescriptions and recommendations. • Computers 5 to 8 - used by the microbiologists to access patients’ files and add the blood test results. • Computers 9 and 10 - used as a backup solution, to store all patients’ files and transactions, for extra security. These PCs are also connected to the hospital’s network, to exchange patient information.
For security, the company uses AVG free and the default Windows 7 firewall on all machines.

Network diagram:

https://tinypic.com/r/k2nvwz/9

Just need some help to see whether I'm on the right track or not. I have to present this very soon so really don't want to look stupid, its only suppose to be simple but secured.

 

[kanewolf]

What benefit do you believe the two firewalls provide?

What is the "server" at the top supposed to represent in the textual description?

We won't DO your homework, but we may ask you questions to help you figure it out ...

 

[revlmp2]

What benefit do you believe the two firewalls provide?

What is the "server" at the top supposed to represent in the textual description?

We won't DO your homework, but we may ask you questions to help you figure it out ...

Thank you so much for you're response,

Hi I only added the second firewall in today wasn't sure whether too add it or not. Shall I get rid of it and just keep one?
I have used one server I meant this to be the database server is this correct?

Also I don't expect you to do my homework at all I just want it to be right.

thanks again

 

[kanewolf]

The description says the PCs are wirelssly connected. Did you switch them to wired for security?

A firewall can have several ports, the WIFI could connected to the firewall on the internet side of the router. It would depend on what duties you are allocating to the firewall. Is it the DHCP server, for example? Or is the "server" a Windows domain server and that handles the DHCP?

VOIP phones are a BIG task. It is DEFINITELY not as simple as just connecting them. There is specific infrastructure required for VOIP phones.

 

[revlmp2]

The description says the PCs are wirelssly connected. Did you switch them to wired for security?

A firewall can have several ports, the WIFI could connected to the firewall on the internet side of the router. It would depend on what duties you are allocating to the firewall. Is it the DHCP server, for example? Or is the "server" a Windows domain server and that handles the DHCP?

VOIP phones are a BIG task. It is DEFINITELY not as simple as just connecting them. There is specific infrastructure required for VOIP phones.

I got rid of the firewall and Wi-Fi router. Does this mean that all computers are individually connected by a wire through ethernet to the switch. Also would you say that it is correct interms of being in a simple secured manner? If not could you suggest anything on how I can make this a little more secure. I was thinking of adding a ids but not sure where it will go and if it's right to add one.

Again thank you very much.

 

[kanewolf]

The router would generally go directly to the "core" switch. Now all external connectivity (if desired) has to go THROUGH the server. That is not good. The core switch should be the connectivity point for all local resources.