Extranet Infrastructure For Hospital Chains Information Technology Essay
Networking and Internet has revolutionized the means of communication and has made this world a small family. Many businesses have developed on the basis of Internet and have attained huge success by adopting to advanced technology in sensible manner. This assignment deals with network infrastructure implementation in a chain of hospitals. This assignment is divided into different sections starting from implementation of type of network with OSI TCP/IP implementation at different layers of infrastructure. Then it also includes the type of hardware / software required for implementation and also the most important part i.e. implementation of security policy.
1.0 Type of Network
Type of network required to be chosen is a tedious task. Different types of network designs, are categorized based on their scope or scale. Network industry referes to each type of design as some kind of area network. Choosing an area network requires in-depth requirement analysis and cost analysis. There are different types of network available such as:
LAN : Local Area Network
MAN: Metropolitan Area Network
WAN: Wide Area Network
SAN: Storage Area Network
WLAN: Wireless Local Area Network.
CAN: Campus Area Network
PAN: Personal Area Network
DAN: Desk Area Network
These all types of network are chosen in different types of situations. Considering the scenario of the chain of hospitals having 25 computers different types of options are available:
If the hospitals are situated in a city then MAN can be implemented that can be used to connect different hospitals and LAN for connection inside each hospital.
If the hospitals are dispersed in different cities or countries then WAN is required to connect two different hospitals and again LAN can be used for connection inside each hospital.
SAN can be used to transfer large amounts of data between computer and storage elements.
Since PAN and DAN are networks of short distances, it is not used to implement in this kind of scenario. CAN spans all LAN’s and since this is a matter of only 25 computers it is not a wise decision to implement CAN and neither cost effective. WLAN can be implemented but as communication become wireless there also comes into account security concerns which becomes costly. Since the hospital deals with lot of patients and huge amounts of data it is necessary to implement SAN since it will make data transfer more secure and robust.
Topology for LAN connection:
Now since the connection between hospitals is decided, next point of concern is the connection inside each hospital.
The computers in a LAN can be connected in several ways. These different ways of connection is referred to as topology. There are several topologies such as:
Source: (GeoSig, 2009)
Each and every topology has its own advantages and disadvantages. Sometimes there is also mixed topology called HYBRID topology that is used, which is the implementation of two or more topologies. Here in this scenario, the best configuration to use is mesh topology or ring topology.
Mesh topology ensures robust and secure data communication since each all computers are attached by dedicated links. Also its secure since the message sent to the intended recipient only sees it. Hence mesh topology is ideal for secure and effective communication. The only disadvantage being amount of cabling causing an increase in number of I/O ports.
In order to be cost effective ring topology is also advisable. Since in case of ring topology there is point to point line configuration only and hence amount of cabling is reduced. Also it is very easy to reinstall and reconfigure. Fault isolation is also achieved because in a ring there is a signal that is circulating every time. Hence if a device does not receive signal for a certain amount of time it can issue an alarm which can alert the networker to the problem and location. The only disadvantage is that break in the ring such as a disabled station causes the entire network to become disable. Although this disadvantage can be overcome by using dual ring or switch that is capable of closing this break.
Other types of topologies are not taken into account for following reasons:
In case of bus topology the cable length is limited to few number of computers and also modification in number of computers, fault isolation and reconfiguration is tedious task.
In case of Star topology the failure of central hub caused the whole network to fail which is a very serious disadvantage.
Tree topology is very much like the Star topology. It has two types of hubs instead of one as in star. But failure of any one type of hub results in failure of that whole network.
Therefore the recommended network type for implementation is to adopt WAN or MAN for wider communication and LAN and Mesh/Ring topology for local communication.
A basic LAN consists of the following components.
Two or more computers.
Network Interface card or LAN Card in each PC.
Ethernet cable (Cat5, UTP/SPT) cable to connect the two computers.
A hub, switch or router to route or direct the network traffic.
Software for the communication/computer networking.
The alternate technologies to Ethernet are “Token Ring”, which is used in the Ring Topologies networks. Token Ring is designed by the IBM and ATM. In ATM networking, devices are connected with each other over a very large distance (thus forms the WAN), and behaves like LANs.
2.0 OSI and TCP/IP Layer Implementation
OSI an abbreviation for Open System Interconnection model was developed by ISO for facilitating communication across all types of computer systems. The purpose of OSI model is to facilitate communication regardless of their underlying architecture i.e. without requirement of changing the logic of underlying hardware and software. It is built of seven layers as follows:
Physical : Layer 1
Data Link : Layer 2
Network : Layer 3
Transport : Layer 4
Session : Layer 5
Presentation : Layer 6
Application : Layer 7
TCP/IP is an abbreviation for Transmission Control Protocol/ Internetworking Protocol. The TCP/IP protocol suite was developed before the development of OSI model. Therefore the layers are not an exact match with the OSI model. The suite is made up of 5 layers:
Physical : Layer 1
Data Link : Layer 2
Network : Layer 3
Transport : Layer 4
Application : Layer 5
OSI layer: Recommended hardware and software
It defines all the components such as electrical, mechanical and all types of hardware for sending and receiving data, all physical aspects.such as fibre optic cables (since SAN is used), cards etc. The bit stream is conveyed at electrical and mechanical level. The characteristics defined by the physical layer are:
Timing of impulses
Physical data rates
Max transmission distance
The implementation of physical layer can be classified as either LAN or WAN specifications.
Data Link Layer
The data link layer is responsible to define the format of the data and ensure its reliable transfer. It facilitates frame synchronization, protocol management, flow control and also handles all errors in physical layer. There are 2 sublayers:
MAC: Media Access Control
LLC: Logical Link Control
MAC is responsible for two devices to uniquely identify each other while LLC is responsible for managing communication over a single link of network.
The hardware that operate at this layer are Hubs and Switches.
Network layer provides facility of switching, congestion control, routing and error handling. The protocol operating at this layer is called IP i.e. Internetworking Protocol and it defines the the way of determining route selection systematically. In order to facilitate thi, Routers operate at this layer that determines the way of forwarding packets.
At the transport layer data is segmented into packets for transferring across the network. The function of this layer is to provide flow control, error checking and recovery and multiplexing.This layer makes use of protocols such as TCP i.e Transport Control Protocol and UDP i.e. User Datagram Protocol.
Session layer is responsible for dealing with session and connectin co-ordination. Its function is to establish, manage and terminate communication session. The protocols functioning in this layer are Remote Procedure Call (RPC), Zone Information Protocol (ZIP), Appletalk, Session Control Protocol (SCP).
This layer is responsible for coding and conversion of data from application to network format. It makes sure that the data of application layer is readable by the application layer of other system. It contains software used for encryption of data and thereby providing compatibility between systems.
This layer is completely responsible for the software applications. The main function is to identify the communication partners and determine the availability of resources and also synchronizing communication. It provides end user services such as e-mails, file transfer, virtual terminal access and network management.The softwares required to be implemented is discussed after the TCP/IP network model. Some of the examples implemented in application layer are File Transfer Protocol(FTP), Telnet and Simple Mail Transfer Protocol (SMTP).
TCP/IP Network Model
The physical and data link layer performs similar to OSI model.
Physical and Data link
It defines all drivers and NIC (Network Interface Card)
It handles basic communication and protocols operating at this layer are IP, ARP, IGMP and ICMP.
Handles the flow of data and segments data into packets over network. TCP and UDP operate in this layer.
It handles data of end user applications. Frequently used TCP/IP applications includes Telnet, SMTP, SNMP, DNS, NTP, Traceroute, RIP and NFS.
The softwares required for communication over intranet are:
Windows 7 OS
Remote Desktop connnection
The OS recommended is Windows 7 since it is the latest and fastest OS as compared to previous versions of Microsoft. Remote Desktop connection is required to be establised in order to connect the computer over LAN or WAN. UnixWare provides facility of data communication over WAN. It establishes point to point links thereby facilitating fast transfer. SAN network also requires fast and efficient data communication that also can be achieved by usage of this software. Lan Messenger or a system that is uniformly implemented on all computers should be purchased.
3.0 IT Policy
Main purpose of the IT policy stated is to define a framework on how to protect the Hospital’s computer systems, network and all data contained within, or accessible on or via these systems from all threats whether internal, external, deliberate or accidental.
It is the policy of institution is to ensure that:
All central computer systems and information contained within them will be protected against any unauthorised access or use.
Information kept in these systems is managed securely, should comply with relevant data protection laws in a professional and proper way.
All members of the hospital are aware that it is the part of their duty to abide by this policy.
All employees (computer users ) accept total responsibility adhering to and implementing this policy within their service areas.
The integrity and confidentiality of all central computer systems; accessible on or via these systems is the responsibility of Computing Services.
All regulatory and legislative requirements regarding computer security and information confidentiality and integrity will be met by Computing Services and the hospital regulatory bodies.
All breaches of security will be reported to and investigated by a nominated security coordinator usually within Computing Services and hospital regulatory bodies.
The primary role of the Hospital function regarding medication and research is not hindered.
2. Statement of Authority, Scope and Responsibilities
In addition all users have a responsibility to report promptly (to Computing Services or Hospitals regulatory bodies) any incidents which may have a security significance to the Hospital.
3. The Computing Environment
Computing Services(under the guidance of hospital regulatory bodies) plan, maintain and operate a range of central computing servers, core network switches, edge network switches, backup systems, and the overall network infrastructure interconnecting these systems.
The computing environment is defined as all central computing resources and network infrastructure managed and overseen by Computing Services and all computing devices that can physically connect, and have been authorised to connect, to this environment. All are covered by this policy, including computing hardware and software, any Hospital related data residing on these machines or accessible from these machines within the campus network environment and any media such as CD-ROMs, DVD-ROMs and backup tapes that may at times be accessible..
Computing Services also considers all temporary and permanent connections via the Hospital network, casual laptop docking points, the Wireless network, the Virtual Private Network and the RAS modem pools to be subject to the provisions of this policy.
Computing resources not owned by the Hospital may be connected to the Hospital’s network. However, all such resources must function in accordance with Hospital’s regulations governing the use of computing resources.
Computing Services reserves the right to monitor, log, collect and analyze the content of all transmissions on networks maintained by both Computing Services and individual departments and organisations at any time deemed necessary for performance and fault diagnostic purposes. Any network monitoring will be performed in accordance with the Computer Systems Scanning and Monitoring Policy. It is the right of computing service to check or monitor any employees login without prior content.
4. Physical Security
Computing Services provides a secure machine room with protected power arrangements and climate controlled environment. Primarily for the provision of central computing and network facilities individual departments and, if appropriate, individuals are encouraged to make use of the facility for applicable teaching or research projects.
Any computer equipment in general office environment should be within physically secure rooms outside of general office hours.
Desktop machines in public areas should contain a device or mechanism for securing and protecting the main components and contents of the computer from theft.
The above is in accordance with The Hospital’s insurance policy .
5. Access to Systems
Computer and network systems access is only via individual user accounts. Please refer to the user accounts policy for further details and account eligibility.
Accounts provide access to email facilities. Use of email is governed by Computing Services email policy.
5.2 File Storage
All users have access to the centrally managed file storage. Use of the file storage is governed by Computing User file storage policy,
It should be appreciated for most applications the security of files on the server is considered to be adequate. However files held on a Network File Server (NFS) should never be considered completely secure. For this reason Computing Services do not recommend that you hold sensitive information such as exam papers or results on the central server (or on any NFS file server for that matter).
5.3 The Web
All users have the right to publish their own web pages under the appropriate subdomain of bath.ac.uk. Individual users will be responsible for content in these areas and the Hospital reserves the right to remove access to any material which it deems inappropriate, illegal or offensive. Users should not in any way use their personal web space for commercial purposes.
Users shall not in any way use personal web space to publish material which deliberately undermines IT security at the Hospital or elsewhere. Users shall not publish any information regarding open accounts, passwords, PINs, illegally obtained software licenses, hacking tools, common security exploits or similar unless there are specific and legitimate reasons to do so. E.G – in order to demonstrate a problem to enable a fix, or similar.
5.4 Internet Access
The campus network is connected to the Internet via SWERN and JANET. Computing Services operate and maintain a firewall with the aim of protecting the campus network and Computer systems from unauthorised or illegal access or attack from the external environment.
5.5 Campus Network
Individuals must seek permission from local support representatives before connecting any machine to the LAN. Particular attention must be paid to the Host connection and IP Address Allocation policy before any connection is made. Computing Services may disconnect any unauthorised host from the network without warning if discovered.
6. Remote Access to Systems
Remote access is defined as accessing systems from a physically separate network. This may include:
Connections direct across the Internet
Direct dial connections to the RAS (Remote Access Service)
Any user with a valid Hospital computer account may access systems as appropriate. Remote access is allowed via secure methods only. Remote connections to any campus IT services are subject to the same rules and regulations, policies and practices just as if they were physically on the campus.
Computing Services shall provide the only VPN and dial-in service that can be used. All connections via these services will be logged. No other remote access service shall be installed or set up, including single modems connected to servers or workstations. Any active dial-in services found to be in existence will be removed from the network.
7. Data Security
The Hospital holds a variety of sensitive data including personal information about students and staff. If you have been given access to this information, you are reminded of your responsibilities under data protection law.
You should only take a copy of data outside the University’s systems if absolutely necessary, and you should exhaust all other options before doing so. This includes putting sensitive data onto laptops, memory sticks, cds/dvds or into emails. If you do need to take data outside the University, this should only be with the authorisation of the University’s data protection officer. As part of this you should perform a risk assessment on the implications of it falling into the wrong hands, and take appropriate steps to mitigate against this. This will almost certainly include encrypting the information, and checking the data protection statements of any recipients of the data.
There are a variety of methods of remote access to systems available (in particular using VPN and remote desktop or terminal services) which allow you to work on data in-situ rather than taking it outside the University, and these should always be used in preference to taking data off-site.
Computing Services offers a variety of information and support to help you keep data secure. If you are uncertain about any aspect of data security, you must contact us for advice.
8. Anti-Virus Security
Computing Services will provide means by which all users can download and install current versions of site-licensed virus protection software.
Users must ensure that they are running with adequate and up-to-date anti-virus software at all times. If any user suspects viral infection on their machine, a complete virus scan should be performed. If Computing Services detect a machine behaving abnormally due to a possible viral infection it will disconnected from the network until deemed safe. Reconnection will usually be after liaison with theOrder Now