* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Essential Elements of Medical Networks
Multiprotocol Label Switching wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Point-to-Point Protocol over Ethernet wikipedia , lookup
Parallel port wikipedia , lookup
Wireless security wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Distributed firewall wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Airborne Networking wikipedia , lookup
Deep packet inspection wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Computer network wikipedia , lookup
Network tap wikipedia , lookup
Internet protocol suite wikipedia , lookup
Wake-on-LAN wikipedia , lookup
UniPro protocol stack wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Essential Elements of Medical Networks © D. J. McMahon 141004 rev cewood 2017-03-07 Key Points Medical Networks: quick conversion of bits to decimal numbers: 210 = 1024 » 1000 = 103 OSI Networking Layers You Need to Know: • Application layer - generally includes everything layer 5-7 • TCP or UDP & port (layer 4) • IP address (layer 3): 32 bits IPv4 is out of addresses What do we do? DHCP NAT • MAC address (layer 2 or hardware address) 48 bits • Physical Layer (layer 1): Ethernet (802.3) wireless (802.11) Know how switching (Layer 2) works Know how routing (Layer 3) works Understand IP address, subnet mask, Router (or ‘gateway’) address Know what values get programmed into a firewall Ideal characteristics of a hospital network: - Flexible: adaptable to the current needs, and to future changes - Modifiable on-line - Scalable to changes in the equipment - Compatible with industry standards - Secure Network Basics; Layers You Need to Know Application layer - generally includes stuff from layer 5-7 TCP or UDP & port (layer 4) - a connection protocol and ‘sub-address’ allowing targeted IP ‘conversations’ between nodes. 216 ports available; SSL also lives here IP address (layer 3) IPv4 is 232 bits (4.3 billion addresses) IPv6 is 2128 bits (‘enough’ addresses) but not common yet. IPv4 has run out of addresses. What do we do? MAC address (‘layer 2’ or ‘burned-in address’ or ‘hardware address’) every networked device has a unique MAC address 248 bits, expressed as hex e.g. 00-22-5F-D2-09-2C Physical Layer 1 Some variety of Ethernet (802.3) or wireless (802.11) Physical Layer 1 > Ethernet (802.3) The primary cabling and data delivery technology used in local area networks (LANs). - Ethernet transmits data at up to ten million bits per second (10 Mbps) - Fast Ethernet supports up to 100 Mbps, Gigabit Ethernet (‘Gig E’) supports up to 1000 Mbps, 10 Gig Ethernet supports speeds up to 10 gigabits per second. - supports networks of twisted-pair and fiber-optic cabling. (coax is obsolete) - data is transmitted over the network in discrete packets (frames) which are between 64 and 1518 bytes in length - each device on an Ethernet network operates independently and equally, precluding the need for a central controlling device. - supports a wide array of protocols, the most common being TCP/IP. Physical Layer 1 > Wireless (802.11) Increasingly common data delivery technology used in local area networks (LANs). - 802.11a 54 Mbps 5 GHz band (ISM) - 802.11b 11 Mbps 2.4 GHz band (ISM) - 802.11g 54 Mbps 2.4 GHz band (ISM) - 802.11n 54-600 Mbps 2.4 & 5 GHz bands (ISM) - can function in peer-to-peer ‘ad-hoc’ networks; more commonly the nodes communicate with a Wireless Access Device. - Security is a greater concern than with wired networks, demanding ever-stronger encryption & user validation. At this time, WPA2 is considered secure, provided a strong passphrase is used MAC address, Layer 2 48 bits ( ‘burned-in address’ or hardware address”) - Every networked device has a universally unique MAC address. - Addresses are 248 bits, expressed as hex - first 24 bits are assigned to a manufacturer, last 24 bits are assigned by the manufacturer. - Sniffer software typically replaces the mfg. segment with the mfg. name. - These addresses may be spoofed, but this is unusual (and pointless). - These unique addresses let devices communicate on a LAN segment or a switch (or hub) domain with no configuration. - Beyond the local segment, the original MAC addresses do not appear in data packets. e.g. 00-22-5F-D2-09-2C or 00.22.5F.D2.09.2C IP address, Layer 3 32 bits - IP address v4 is 232 bits (4.3 billion addresses) e.g. 192.168.0.1 - You must have a globally unique ‘public IP’ address to communicate with the internet. IPv4 has run out of addresses. What do we do? 1) DHCP: (Dynamic Host Configuration Protocol) assigns a public address from a ‘pool’ temporarily, while you are connected to the internet. When you disconnect (or time out), this address is returned to the pool for reassignment. This allows an organization to share a limited range of public addresses. 2) NAT: (Network Address Translation) assigns an address from a special ‘private address’ range (like 10.xx.xx.xx or 192.168.xx.xx) which the router translates to its own (public) address when communicating with the internet. This allows an entire network to share a single public address or a small public address range (if the router is powerful enough). - IPv6 is 2128 bits (‘enough’ addresses) but not common yet. TCP or UDP & port, Layer 4 - These are a connection protocol and a ‘sub-address’ (port) - They allow targeted IP ‘conversations’ between IP nodes - 216 ports are available (for TCP) and 216 ports are available (for UDP) - TCP & UDP ports are different from each other. To specify a port, you need the protocol and the port number. - The first 210 are ‘well-known’ and many have been assigned to specific processes. HTTP port 80; FTP ports 20 & 21; DNS port 53. - This is sometimes the realm of ‘security by obscurity’, with programmers hoping to safely use a previously-unused port. Not safe enough! - This is definitely the realm of firewalls. Combinations of specific IP addresses (source & destination) and protocols and port numbers are enabled. Everything else is blocked by the firewall. Routing note: each router shown has two ports; each port is on a different IP network configuration for PC1: configuration for PC2: IP address: 192.168.1.10 subnet mask: 255.255.255.0 router address: 192.168.1.1 IP address: 192.168.4.10 subnet mask: 255.255.255.0 router address: 192.168.4.1 TCP/UDP IP address MAC address physical IP network: 192.168.1.xx 192.168.3.xx 192.168.2.xx 192.168.4.xx The Layer 3 packet IP IP ... followed by the packet from layer 4 (layer 4) (layer 3) (layer 2) The Layer 2 frame ‘data’ field is the entire Layer 3 packet Dest & Source are 48-bit MAC addresses Network Addressing: Every node attached to an IP network must be addressed. This addressing can be automated with DHCP, but it will always include: - IP address - of this specific port 192.168.1.10 - subnet mask - telling how many bits are the network number and how many are the node number 255.255.255.0 means the first 24 bits of the address are the network number - the address of the router (or ‘gateway’); how to get beyond this LAN segment e.g. 192.168.1.1 If a packet is addressed to a local node (same subnet), the packet is sent directly to that MAC address. If it is headed beyond the local subnet, it is sent to the MAC address of the router, which will deal with it. Network Models: > Client-Server – most commonly used how it’s wired how it acts Network Operating System Providers: & many others… Interconnection Devices: > Network Interface Card (NIC) – layer 1 - connects a computer to the external network - typically has an edge connector to connect to one of the PC expansion slots and an RJ-45 connector to connect to the Ethernet. Can also connect via USB. Interconnection Devices: > Hub – layer 1 - connects all the nodes of a network using Twisted Pair cables - the hub repeats the signal to all ports, but does not look into the packet - signals received on one port are transmitted to all other ports - all work stations connected to the hub ‘listen’ to one another - these older devices often require attention (and manual setting) for speed (10 or 100 mbps) and half or full duplex - can be useful for troubleshooting with a network sniffer Interconnection Devices: > Repeater – layer 1 - regenerates incoming signals in order to compensate for timing errors and signal loss due to long wire distances - preserves signal integrity and extends the signal travel distance - does not look into the packet - can connect a twisted pair segment with a fiberoptic segment - often called an “active hub” - no longer used Interconnection Devices: > Switch – layer 2 - distributes signals only to a specific port or ports, based on MAC addresses which it learns by looking inside the packet. - decides where to send each packet based on its internal configuration settings ( a switch is “.. a hub with intelligence”) - can establish multiple conversations simultaneously Interconnection Devices: > Bridge – layer 2 - functions similar to a Switch. - segments the network according to settings - keeps unintended traffic from entering different segments of a network. - filters traffic based on the destination MAC address. - no longer used Interconnection Devices: > Router – layer 3 - connects multiple IP networks, using routing to forward the packets - each port is configured for a specific network - can include local and wide-area (telco & carrier) networks - forwards packets based on the IP addresses of the source and the destination (not the same as a Switch, which works on the physical address (MAC address) of a host or a node) Network Sizes: LAN - Local Area Network • Connects a home, office building, hospital, etc. VLAN - Virtual Local Area Network • A group of devices that communicate as if they were attached to the same system, regardless of their physical location. • Acts like a LAN, but it allows for diverse stations to be grouped together even if they are not located on the same switch. • Very popular in health care settings. WAN - Wide Area Network • • • Usually involves a telco or carrier utility. Covers a broad geographical area with multiple systems. May link across a city, regional, or national boundaries. PACS Integration Example of the Radiology Computing Environment Overview of Hospital Information Services Network Certifications: Basic certification: Network+ from CompTIA Microsoft Certified Professional (MCP) Cisco Certified Network Associate (CCNA) Cisco Certified Design Associate (CCDA) Intermediate certification: Security+ from CompTIA Server+ from CompTIA Microsoft Certified Systems Administrator (MCSA) Microsoft Certified Systems Engineer (MCSE) Cisco Certified Network Professional (CCNP) Certified Information Systems Security Professionals (CISSP) Advanced certification: Security Expertise in Management (CISSP-ISSMP) Certified Information Security Manager (CISM) Cisco Certified Internetwork Engineer (CCIE) Cisco Certified Security Professional(CCSP)