Essential Elements of Medical Networks D. J. McMahon 141004 rev cewood 2018-02-18
Key Points Medical Networks: quick conversion of bits to decimal numbers: 2 10 = 1024 1000 = 10 3 OSI Networking Layers You Need to Know: Application layer - generally includes everything layer 5-7 TCP or UDP & port (layer 4) IP address (layer 3): 32 bits IPv4 is out of addresses What do we do? DHCP NAT MAC address (layer 2 or hardware address) 48 bits Physical Layer (layer 1): Ethernet (802.3) wireless (802.11) Know how switching (Layer 2) works Know how routing (Layer 3) works Understand IP address, subnet mask, Router (or gateway ) address Know what values get programmed into a firewall
- Flexible: adaptable to the current needs, and to future changes - Modifiable on-line - Scalable to changes in the equipment - Compatible with industry standards - Secure Ideal characteristics of a hospital network:
Network Basics; Layers You Need to Know Application layer - generally includes stuff from layer 5-7 TCP or UDP & port (layer 4) - a connection protocol and sub-address allowing targeted IP conversations between nodes. 2 16 ports available; SSL also lives here IP address (layer 3) IPv4 is 2 32 bits (4.3 billion addresses) IPv6 is 2 128 bits ( enough addresses) but not common yet. IPv4 has run out of addresses. What do we do? MAC address ( layer 2 or burned-in address or hardware address ) every networked device has a unique MAC address 2 48 bits, expressed as hex e.g. 00-22-5F-D2-09-2C Physical Layer 1 Some variety of Ethernet (802.3) or wireless (802.11)
Physical Layer 1 > Ethernet (802.3) The primary cabling and data delivery technology used in local area networks (LANs). - Ethernet transmits data at up to ten million bits per second (10 Mbps) - Fast Ethernet supports up to 100 Mbps, Gigabit Ethernet ( Gig E ) supports up to 1000 Mbps, 10 Gig Ethernet supports speeds up to 10 gigabits per second. - supports networks of twisted-pair and fiber-optic cabling. (coax is obsolete) - data is transmitted over the network in discrete packets (frames) which are between 64 and 1518 bytes in length - each device on an Ethernet network operates independently and equally, precluding the need for a central controlling device. - supports a wide array of protocols, the most common being TCP/IP.
> Wireless (802.11) Physical Layer 1 Increasingly common data delivery technology used in local area networks (LANs). - 802.11a 54 Mbps 5 GHz band (ISM) - 802.11b 11 Mbps 2.4 GHz band (ISM) - 802.11g 54 Mbps 2.4 GHz band (ISM) - 802.11n 54-600 Mbps 2.4 & 5 GHz bands (ISM) - can function in peer-to-peer ad-hoc networks; more commonly the nodes communicate with a Wireless Access Device. - Security is a greater concern than with wired networks, demanding ever-stronger encryption & user validation. At this time, WPA2 is considered secure, provided a strong passphrase is used.
MAC address, Layer 2 ( burned-in address or hardware address ) 48 bits - Every networked device has a universally unique MAC address. - Addresses are 2 48 bits, expressed as hex e.g. 00-22-5F-D2-09-2C or 00.22.5F.D2.09.2C - first 24 bits are assigned to a manufacturer, last 24 bits are assigned by the manufacturer. - Sniffer software typically replaces the mfg. segment with the mfg. name. - These addresses may be spoofed, but this is unusual (and pointless). - These unique addresses let devices communicate on a LAN segment or a switch (or hub) domain with no configuration. - Beyond the local segment, the original MAC addresses do not appear in data packets.
IP address, Layer 3 32 bits - IP address v4 is 2 32 bits (4.3 billion addresses) e.g. 192.168.0.1 - You must have a globally unique public IP address to communicate with the internet. IPv4 has run out of addresses. What do we do? 1) DHCP: (Dynamic Host Configuration Protocol) assigns a public address from a pool temporarily, while you are connected to the internet. When you disconnect (or you lease times out), this address is returned to the pool for reassignment. This allows an organization to share a limited range of public addresses. 2) NAT: (Network Address Translation) assigns an address from a special private address range (like 10.xx.xx.xx or 192.168.xx.xx) which the router translates to its own (public) address when communicating with the internet. This allows an entire network to share a single public address or a small public address range (if the router is powerful enough). - IPv6 is 2 128 bits ( enough addresses) but not common yet.
TCP or UDP & port, Layer 4 - Layer 4 is a connection protocol and a sub-address (port) - They allow targeted IP conversations between IP nodes - 2 16 ports are available (for TCP) and 2 16 ports are available (for UDP) - TCP & UDP (connection protocol) ports are different from each other. To specify a port, you need the protocol and the port number. - The first 2 10 ports are well-known and many have been assigned to specific processes. HTTP port 80; FTP ports 20 & 21; DNS port 53. - This is sometimes the realm of security by obscurity, with programmers hoping to safely use a previously-unused port. Not safe enough! - This is definitely the realm of firewalls: Combinations of specific IP addresses (source & destination) and protocols and port numbers are enabled. Everything else is blocked by the firewall.
Routing note: each router shown has two ports; each port is on a different IP network configuration for PC1: IP address: 192.168.1.10 subnet mask: 255.255.255.0 router address: 192.168.1.1 configuration for PC2: IP address: 192.168.4.10 subnet mask: 255.255.255.0 router address: 192.168.4.1 TCP/UDP IP address MAC address physical IP network: 192.168.1.xx 192.168.2.xx 192.168.3.xx 192.168.4.xx
The Layer 3 packet IP IP... followed by the packet from layer 4 (layer 4) (layer 3) (layer 2)
The Layer 2 frame Data field is the entire Layer 3 packet Dest & Source are 48-bit MAC addresses
Network Addressing: Every node attached to an IP network must be addressed. This addressing can be automated with DHCP, but it will always include: - IP address - of this specific device e.g. 192.168.1.10 - subnet mask - telling how many bits are the network number and how many are the node number 255.255.255.0 means the first 24 bits of the address are the network number - the address of the router (or gateway ); how to get beyond this LAN segment e.g. 192.168.1.1 If a packet is addressed to a local node (same subnet), the packet is sent directly to that MAC address. If it is headed beyond the local subnet, the packet is sent to the MAC address of the router, which will deal with it.
Network Models: > Client-Server most commonly used how it s wired how it acts
Network Operating System Providers: & many others
Interconnection Devices: > Network Interface Card (NIC) layer 1 - connects a computer to the external network - typically has an edge connector to connect to one of the PC expansion slots and an RJ-45 connector to connect to the Ethernet. Can also connect via USB.
> Hub layer 1 Interconnection Devices: - connects all the nodes of a network using Twisted Pair cables - the hub repeats the signal to all ports, but does not look into the packet - signals received on one port are transmitted to all other ports - all work stations connected to the hub listen to one another - these older devices often require attention (and manual setting) for speed (10 or 100 mbps) and half or full duplex - can be useful for troubleshooting with a network sniffer
Interconnection Devices: > Repeater layer 1 - regenerates incoming signals in order to compensate for timing errors and signal loss due to long wire distances - preserves signal integrity and extends the signal travel distance - does not look into the packet - can connect a twisted pair segment with a fiberoptic segment - often called an active hub - no longer used
Interconnection Devices: > Switch layer 2 - distributes signals only to a specific port or ports, based on MAC addresses which it learns by looking inside packets. - decides where to send each packet based on its internal configuration settings ( a switch is.. a hub with intelligence ) - can establish multiple conversations simultaneously
Interconnection Devices: > Bridge layer 2 - functions similar to a Switch. - segments the network according to settings - keeps unintended traffic from entering different segments of a network. - filters traffic based on the destination MAC address. - no longer used
Interconnection Devices: > Router layer 3 - connects multiple IP networks, using routing to forward the packets - each port is configured for a specific network - can include local and wide-area (telco & carrier) networks - forwards packets based on the IP addresses of the source and the destination (not the same as a Switch, which works on the physical address (MAC address) of a host or a node)
Devices & Protocols at Each Layer ABOVE: cookies LAYER 4: LAYER 2: port MAC address TCP/UDP 48-bit address firewall (hardware) switch (hardware) LAYER 3: LAYER 1: IP address ethernet v4 or v6 Gig E (gigabit ethernet) 32-bit address wireless (Wi-Fi) DHCP 802.11b NAT hub (hardware) gateway (hardware) NIC (hardware) router (hardware)
Network Sizes: LAN - Local Area Network Connects a home, office building, hospital, etc. VLAN - Virtual Local Area Network A group of devices that communicate as if they were attached to the same system, regardless of their physical location. Acts like a LAN, but it allows for diverse stations to be grouped together even if they are not located on the same switch. Very popular in health care settings. WAN - Wide Area Network Usually involves a telco or carrier utility. Covers a broad geographical area with multiple systems. May link across a city, regional, or national boundaries.
PACS Integration Example of the Radiology Computing Environment
Overview of Hospital Information Services
Network Certifications: Basic certification: Network+ from CompTIA Microsoft Certified Professional (MCP) Cisco Certified Network Associate (CCNA) Cisco Certified Design Associate (CCDA) Intermediate certification: Security+ from CompTIA Server+ from CompTIA Microsoft Certified Systems Administrator (MCSA) Microsoft Certified Systems Engineer (MCSE) Cisco Certified Network Professional (CCNP) Certified Information Systems Security Professionals (CISSP) Advanced certification: Security Expertise in Management (CISSP-ISSMP) Certified Information Security Manager (CISM) Cisco Certified Internetwork Engineer (CCIE) Cisco Certified Security Professional(CCSP)