Tuesday, April 2, 2019
Extranet Infrastructure For Hospital Chains Information Technology Essay
Extranet Infrastructure For infirmary Chains In setion enginee rabble science Essay electronic ne bothrking and net profit has revolutionized the means of discourse and has do this world a small family. M some(prenominal) businesses have developed on the basis of Internet and have attained huge success by adopting to advanced engineering in sensible manner. This assignment deals with communicate radix executing in a chain of hospitals. This assignment is divided into divergent sections starting from instruction execution of character of internet with OSI TCP/IP carrying into action at antithetic works of infrastructure. Then it in like manner includes the type of hardw ar / softw atomic consequence 18 required for implementation and besides the most important part i.e. implementation of security policy.1.0 casing of meshing regional anatomyType of interlock required to be chosen is a wordy task. Different types of network objects, be categorized based on th eir scope or scale. meshwork industry referes to each type of design as some kind of argona network. Choosing an area network requires in-depth emergency analysis and cost analysis. in that location are different types of network well-disposed such asLAN Local commonwealth Network homophile Metropolitan Area NetworkWAN Wide Area NetworkSAN Storage Area Networkwireless local area network Wireless Local Area Network. thr star Campus Area NetworkPAN Personal Area NetworkDAN Desk Area NetworkThese all types of network are chosen in different types of situations. Considering the scenario of the chain of hospitals having 25 estimators different types of options are availableIf the hospitals are situated in a city then MAN stoogeful be use that tail be used to impute different hospitals and LAN for conjunction interior each hospital.If the hospitals are dispersed in different cities or countries then WAN is required to connect two different hospitals and again LAN can be use d for club inside each hospital.SAN can be used to transfer larger amounts of info between computer and storage elements. confessionSince PAN and DAN are networks of short holds, it is not used to implement in this kind of scenario. CAN spans all LANs and since this is a matter of only 25 computers it is not a wise decision to implement CAN and neither cost effective. WLAN can be implemented but as communication grow wireless on that point also comes into account security concerns which becomes costly. Since the hospital deals with jackpot of patients and huge amounts of info it is necessary to implement SAN since it ordain make selective information transfer more bear and robust.Topology for LAN connective immediately since the connection between hospitals is decided, next gratuity of concern is the connection inside each hospital.The computers in a LAN can be connected in several courses. These different ways of connection is referred to as topology. There are se veral topologies such asBusStar manoeuvreRing webSource (GeoSig, 2009)Each and each topology has its take advantages and disadvantages. Sometimes there is also mixed topology called HYBRID topology that is used, which is the implementation of two or more topologies. Here in this scenario, the trump out configuration to use is mesh topology or ring topology.JustificationMesh topology ensures robust and secure info communication since each all computers are attached by dedicated strikings. in addition its secure since the message sent to the intended recipient only sees it. Hence mesh topology is ideal for secure and effective communication. The only disadvantage creation amount of cabling ca utilise an increase in number of I/O ports.In order to be cost effective ring topology is also advisable. Since in pillowcase of ring topology there is point to point line configuration only and hence amount of cabling is reduced. Also it is very easy to reinstall and reconfigure. Fault i solation is also achieved because in a ring there is a signal that is circulating every time. Hence if a tress does not receive signal for a certain amount of time it can issue an alarm which can alert the networker to the problem and location. The only disadvantage is that break in the ring such as a disabled station causes the entire network to become disable. Although this disadvantage can be everywherecome by utilise dual ring or switch that is capable of closing this break. early(a) types of topologies are not taken into account for pastime reasonsIn case of bus topology the cable length is limited to few number of computers and also modification in number of computers, fault isolation and reconfiguration is tedious task.In case of Star topology the failure of rudimentary hub caused the self-coloured network to fail which is a very serious disadvantage.Tree topology is very much like the Star topology. It has two types of hubs instead of one as in star. But failure of any one type of hub results in failure of that whole network.Therefore the recommended network type for implementation is to adopt WAN or MAN for wider communication and LAN and Mesh/Ring topology for local communication.A basic LAN consists of the following components.Two or more computers.Network Interface card or LAN Card in each PC.Ethernet cable (Cat5, UTP/SPT) cable to connect the two computers.A hub, switch or router to route or coordinate the network traffic.Software for the communication/computer networking.The alternate technologies to Ethernet are item Ring, which is used in the Ring Topologies networks. Token Ring is designed by the IBM and ATM. In ATM networking, devices are connected with each different all over a very large distance (thus forms the WAN), and behaves like LANs.2.0 OSI and TCP/IP storey ImplementationOSI an abbreviation for Open System Interconnection lay was developed by ISO for facilitating communication across all types of computer strategys. The adjudicate of OSI model is to facilitate communication regardless of their underlying architecture i.e. without indispensability of changing the logic of underlying hardware and packet. It is built of seven layers as followsPhysical point 1Data linkup layer 2Network Layer 3 extend Layer 4 seance Layer 5 showing Layer 6Application Layer 7TCP/IP is an abbreviation for Transmission Control communications protocol/ Internetworking Protocol. The TCP/IP protocol suite was developed before the knowl leap of OSI model. Therefore the layers are not an exact match with the OSI model. The suite is made up of 5 layersPhysical Layer 1Data get in touch Layer 2Network Layer 3Transport Layer 4Application Layer 5OSI layer Recommended hardware and software systemHardwarePhysical LayerIt defines all the components such as electrical, mechanically skillful and all types of hardware for sending and receiving info, all sensible aspects.such as lineament optic cables (since SAN i s used), cards etc. The bit stream is conveyed at electrical and mechanical level. The characteristics be by the physical layer are voltage levelsTiming of impulsesPhysical data ratesMax transmission distancePhysical connectors.The implementation of physical layer can be categorize as either LAN or WAN specifications.Data Link LayerThe data link layer is responsible to define the format of the data and ensure its reliable transfer. It facilitates frame synchronization, protocol management, flow control and also handles all illusions in physical layer. There are 2 sublayersmackintosh Media glide slope ControlLLC Logical Link ControlMAC is responsible for two devices to uniquely identify each other firearm LLC is responsible for managing communication over a private link of network.The hardware that lock at this layer are Hubs and Switches.Network LayerNetwork layer tenders facility of switching, congestion control, routing and error handling. The protocol operating(a) at this layer is called IP i.e. Internetworking Protocol and it defines the the way of determining route excerption systematically. In order to facilitate thi, Routers operate at this layer that determines the way of forwarding packets.Transport LayerAt the transport layer data is segmented into packets for transferring across the network. The race of this layer is to provide flow control, error checking and recovery and multiplexing.This layer makes use of protocols such as TCP i.e Transport Control Protocol and UDP i.e. User Datagram Protocol.Session LayerSession layer is responsible for dealing with session and connectin co-ordination. Its function is to establish, manage and terminate communication session. The protocols functioning in this layer are Remote Procedure speak (RPC), Zone tuition Protocol (ZIP), Appletalk, Session Control Protocol (SCP).PresentationThis layer is responsible for coding and conversion of data from practise to network format. It makes sure that the data of application layer is readable by the application layer of other system. It contains software used for encryption of data and thereby providing compatibility between systems.Application LayerThis layer is completely responsible for the software applications. The main function is to identify the communication partners and determine the availability of resources and also synchronizing communication. It provides end user services such as e-mails, stick transfer, virtual terminal main course and network management.The softwares required to be implemented is discussed after the TCP/IP network model. Some of the examples implemented in application layer are File Transfer Protocol(FTP), Telnet and Simple trip out Transfer Protocol (SMTP).TCP/IP Network ModelThe physical and data link layer performs similar to OSI model.Physical and Data linkIt defines all drivers and NIC (Network Interface Card)Network LayerIt handles basic communication and protocols operating at this layer are IP, A RP, IGMP and ICMP.Transport LayerHandles the flow of data and segments data into packets over network. TCP and UDP operate in this layer.Application LayerIt handles data of end user applications. Frequently used TCP/IP applications includes Telnet, SMTP, SNMP, DNS, NTP, Traceroute, RIP and NFS.Recommended SoftwaresThe softwares required for communication over intranet areWindows 7 OSUnixWareRemote desktop connnectionLan MessengerJustificationThe OS recommended is Windows 7 since it is the latest and fastest OS as compared to previous versions of Microsoft. Remote Desktop connection is required to be establised in order to connect the computer over LAN or WAN. UnixWare provides facility of data communication over WAN. It establishes point to point links thereby facilitating fast transfer. SAN network also requires fast and efficient data communication that also can be achieved by usage of this software. Lan Messenger or a system that is uniformly implemented on all computers should be purchased.3.0 IT Policy important purpose of the IT policy stated is to define a framework on how to protect the Hospitals computer systems, network and all data contained within, or accessible on or via these systems from all threats whether internal, external, deliberate or accidental.It is the policy of cornerstone is to ensure that every central computer systems and information contained within them forget be protected against any unauthorised access or use.Information kept in these systems is managed securely, should comply withrelevant data protection laws in a professional and proper way. alone members of the hospital are informed that it is the part of their duty to abide by this policy.All employees (computer users ) accept pith responsibility adhering to and implementing this policy within their service areas.The integrity and confidentiality of all central computer systems accessible on or via these systems is the responsibility of computation run.All regulative and legislative requirements regarding computer security and information confidentiality and integrity depart be met by Computing work and the hospital regulatory bodies.All breaches of security will be reported to and investigated by a put up security coordinator usually within Computing go and hospital regulatory bodies.The primary role of the Hospital function regarding medication and research is not hindered.2. Statement of Authority, Scope and ResponsibilitiesIn addition all users have a responsibility to report promptly (to Computing service or Hospitals regulatory bodies) any incidents which may have a security significance to the Hospital.3. The Computing EnvironmentComputing Services(under the guidance of hospital regulatory bodies) plan, respect and operate a range of central compute hordes, core network switches, edge network switches, backup systems, and the overall network infrastructure interconnecting these systems.The computing purlieu is defined as all cen tral computing resources and network infrastructure managed and overseen by Computing Services and all computing devices that can physically connect, and have been authorised to connect, to this environment. All are covered by this policy, including computing hardware and software, any Hospital related data residing on these mechanisms or accessible from these machines within the campus network environment and any media such as CD-ROMs, DVD-ROMs and backup tapes that may at times be accessible..Computing Services also considers all temporary and permanent connections via the Hospital network, casual laptop docking points, the Wireless network, the Virtual Private Network and the RAS modem pools to be subject to the provisions of this policy.Computing resources not owned by the Hospital may be connected to the Hospitals network. However, all such resources essential function in accordance with Hospitals regulations governing the use of computing resources.Computing Services reserve s the advanced to monitor, log, collect and analyze the content of all transmissions on networks maintained by both Computing Services and individual departments and organisations at any time deemed necessary for performance and fault diagnostic purposes. either network monitoring will be performed in accordance with the computing device Systems Scanning and Monitoring Policy. It is the the right way of computing service to check or monitor any employees login without prior content.4. Physical bailComputing Services provides a secure machine room with protected power arrangements and clime controlled environment. Primarily for the provision of central computing and network facilities individual departments and, if appropriate, individuals are encouraged to make use of the facility for applicable teaching or research projects. each computer equipment in widely distributed office environment should be within physically secure rooms exterior of general office hours.Desktop mach ines in public areas should contain a device or mechanism for securing and protecting the main components and contents of the computer from theft.The supra is in accordance with The Hospitals insurance policy .5. Access to SystemsComputer and network systems access is only via individual user accounts. Please refer to the user accounts policy for further details and account eligibility.5.1 EmailAccounts provide access to electronic mail facilities. Use of email is governed by Computing Services email policy.5.2 File StorageAll users have access to the centrally managed read storage. Use of the consign storage is governed by Computing User file storage policy,It should be appreciated for most applications the security of files on the server is considered to be up to(predicate). However files held on a Network File waiter (NFS) should never be considered completely secure. For this reason Computing Services do not recommend that you hold raw(a) information such as exam papers or results on the central server (or on any NFS file server for that matter).5.3 The WebAll users have the right to publish their own web pages under the appropriate subdomain of bath.ac.uk. Individual users will be responsible for content in these areas and the Hospital reserves the right to remove access to any material which it deems inappropriate, illegal or offensive. Users should not in any way use their personal web dummy for commercial purposes.Users shall not in any way use personal web space to publish material which deliberately undermines IT security at the Hospital or elsewhere. Users shall not publish any information regarding blossom forth accounts, passwords, PINs, illegally obtained software licenses, hacking tools, common security exploits or similar unless there are specific and legitimate reasons to do so. E.G in order to record a problem to enable a fix, or similar.5.4 Internet AccessThe campus network is connected to the Internet via SWERN and JANET. Computin g Services operate and maintain a firewall with the aim of protecting the campus network and Computer systems from unauthorised or illegal access or attack from the external environment.5.5 Campus NetworkIndividuals must(prenominal) seek permission from local support representatives before connecting any machine to the LAN. Particular attention must be paid to the Host connection and IP Address Allocation policy before any connection is made. Computing Services may disconnect any unauthorised armament from the network without warning if discovered.6. Remote Access to SystemsRemote access is defined as accessing systems from a physically separate network. This may includeConnections institutionalise across the InternetVPN ConnectionsDirect dial connections to the RAS (Remote Access Service)Any user with a valid Hospital computer account may access systems as appropriate. Remote access is allowed via secure methods only. Remote connections to any campus IT services are subject to t he same rules and regulations, policies and practices just as if they were physically on the campus.Computing Services shall provide the only VPN and dial-in service that can be used. All connections via these services will be logged. No other remote access service shall be installed or set up, including single modems connected to servers or workstations. Any active dial-in services found to be in existence will be removed from the network.7. Data SecurityThe Hospital holds a variety of sensitive data including personal informationabout students and staff. If you have been given access to this information, youare reminded of your responsibilities under data protection law.You should only take a copy of data outside the Universitys systems if absolutely necessary, and you should exhaust all other options before doing so. This includes putting sensitive data onto laptops, memory sticks, cds/dvds orinto emails. If you do need totake data outside the University, this should only be with the authorisation of the Universitys data protection officer. As part of this you should perform a risk assessment on the implications of it falling into the wrong hands, and take appropriate steps to mitigate against this. This will to the highest degree certainly include encrypting the information, and checking the data protection statements of any recipients of the data.There are a variety of methods of remote access to systems available (in particular using VPN and remote desktop or terminal services) whichallow you to work on data in-situ rather than taking it outside the University, and these should always be used in preference to taking data off-site.Computing Servicesoffers a variety ofinformation and support to help you keep data secure.Ifyou are uncertain about any aspect of data security, you must contact us for advice.8. Anti-Virus SecurityComputing Services will provide means by which all users can download and install latest versions of site-licensed virus protecti on software.Users must ensure that they are running with adequate and up-to-date anti-virus software at all times. If any user suspects viral infection on their machine, a complete virus scan should be performed. If Computing Services detect a machine behaving abnormally collect to a possible viral infection it will disconnected from the network until deemed safe. Reconnection will usually be after liaison with the
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment