Extranet Infrastructure For Hospital Chains Information Technology Essay

Extranet Infrastructure For hospital Chains Information Technology Essay net incomeing and meshwork has revolutionized the sum of converse and has make this world a small family. Mevery businesses have developed on the basis of Internet and have attained huge succeeder by adopting to advanced technology in sensible manner. This assignment deals with profits infrastructure implementation in a chain of hospitals. This assignment is divided into unlike sections starting from implementation of type of web with OSI transmission control protocol/IP implementation at different beds of infrastructure. Then it too includes the type of ironwargon / softwargon indispensable for implementation and also the most important part i.e. implementation of security policy.1.0 Type of NetworkType of meshwork required to be chosen is a tedious task. Different types of network designs, are categorized based on their scope or scale. Network industry referes to each type of design as some kind o f area network. Choosing an area network requires in-depth requirement analysis and cost analysis. There are different types of network in stock(predicate) such aslocal area network Local Area NetworkMAN Metropolitan Area NetworkWAN Wide Area NetworkSAN Storage Area NetworkWLAN receiving set Local Area Network.CAN Campus Area NetworkPAN Personal Area NetworkDAN Desk Area NetworkThese all types of network are chosen in different types of situations. Conside large number the scenario of the chain of hospitals having 25 computers different types of options are availableIf the hospitals are situated in a city consequently MAN merchant ship be implemented that can be apply to associate different hospitals and LAN for confederation inside each hospital.If the hospitals are disperse in different cities or countries then WAN is required to connect two different hospitals and again LAN can be used for connection inside each hospital.SAN can be used to transfer large amounts of info between computer and storage elements.JustificationSince PAN and DAN are networks of neat distances, it is not used to implement in this kind of scenario. CAN spans all LANs and since this is a matter of only 25 computers it is not a wise last to implement CAN and neither cost effective. WLAN can be implemented but as communication become wireless there also comes into draw security concerns which becomes costly. Since the hospital deals with lot of patients and huge amounts of data it is necessary to implement SAN since it will make data transfer more secure and robust. regional anatomy for LAN connectionNow since the connection between hospitals is decided, next stagecoach of concern is the connection inside each hospital.The computers in a LAN can be affiliated in several paths. These different ways of connection is referred to as regional anatomy. There are several topologies such asBus sense experienceTreeRing networkSource (GeoSig, 2009)Each and e very(prenominal) reg ional anatomy has its own advantages and disadvantages. Sometimes there is also mixed topology called HYBRID topology that is used, which is the implementation of two or more topologies. Here in this scenario, the best configuration to use is mesh topology or besiege topology.JustificationMesh topology ensures robust and secure data communication since each all computers are attached by dedicated links. Also its secure since the message displace to the intended recipient only sees it. Hence mesh topology is ideal for secure and effective communication. The only disadvantage being amount of cabling causing an amplify in number of I/O ports.In secernate to be cost effective ring topology is also advisable. Since in case of ring topology there is point to point line configuration only and hence amount of cabling is reduced. Also it is very easy to reinstall and reconfigure. Fault closing off is also achieved because in a ring there is a show that is circulating every time. Hence i f a device does not receive signal for a certain amount of time it can issue an alarm which can alert the networker to the problem and location. The only disadvantage is that break in the ring such as a disabled station causes the entire network to become disable. Although this disadvantage can be overcome by using twofold ring or switch that is capable of closing this break.Other types of topologies are not taken into account for following reasonsIn case of bus topology the cable length is limited to few number of computers and also modification in number of computers, rupture isolation and reconfiguration is tedious task.In case of head teacher topology the failure of central hub caused the whole network to fail which is a very serious disadvantage.Tree topology is very much like the admirer topology. It has two types of hubs instead of one as in star. But failure of any one type of hub results in failure of that whole network.Therefore the recommended network type for implem entation is to adopt WAN or MAN for wider communication and LAN and Mesh/Ring topology for local communication.A basic LAN consists of the following components.Two or more computers.Network Interface card or LAN Card in each PC.Ethernet cable (Cat5, UTP/SPT) cable to connect the two computers.A hub, switch or router to route or direct the network traffic.Software for the communication/computer networking.The alternate technologies to Ethernet are Token Ring, which is used in the Ring Topologies networks. Token Ring is designed by the IBM and ATM. In ATM networking, devices are connected with each other over a very large distance (thus forms the WAN), and behaves like LANs.2.0 OSI and transmission control protocol/IP degree ImplementationOSI an abbreviation for Open System Interconnection model was developed by ISO for facilitating communication across all types of computer systems. The purpose of OSI model is to facilitate communication regardless of their underlying architecture i .e. without requirement of changing the logic of underlying hardware and bundle. It is built of seven layers as followsPhysical spirit level 1Data Link Layer 2Network Layer 3Transport Layer 4 academic session Layer 5Presentation Layer 6Application Layer 7TCP/IP is an abbreviation for Transmission retard Protocol/ Internetworking Protocol. The TCP/IP protocol suite was developed before the development of OSI model. Therefore the layers are not an exact match with the OSI model. The suite is made up of 5 layersPhysical Layer 1Data Link Layer 2Network Layer 3Transport Layer 4Application Layer 5OSI layer Recommended hardware and softwareHardwarePhysical LayerIt defines all the components such as electrical, mechanical and all types of hardware for sending and receiving data, all physical aspects.such as fibre optic cables (since SAN is used), cards etc. The bit stream is conveyed at electrical and mechanical level. The characteristics defined by the physical layer areVolt age levelsTiming of impulsesPhysical data ratesMax transmission distancePhysical connectors.The implementation of physical layer can be classified as either LAN or WAN specifications.Data Link LayerThe data link layer is trustworthy to define the format of the data and ensure its reliable transfer. It facilitates frame synchronization, protocol management, flow control and also handles all errors in physical layer. There are 2 sublayersMAC Media Access ControlLLC Logical Link ControlMAC is accountable for two devices to uniquely identify each other man LLC is responsible for managing communication over a single link of network.The hardware that operate at this layer are Hubs and Switches.Network LayerNetwork layer provides facility of switching, congestion control, routing and error handling. The protocol operating at this layer is called IP i.e. Internetworking Protocol and it defines the the way of determining route selection systematically. In order to facilitate thi, Routers operate at this layer that determines the way of forwarding packets.Transport LayerAt the transport layer data is segmented into packets for transferring across the network. The blend of this layer is to provide flow control, error chiping and recovery and multiplexing.This layer makes use of protocols such as TCP i.e Transport Control Protocol and UDP i.e. User Datagram Protocol.Session LayerSession layer is responsible for dealing with session and connectin co-ordination. Its function is to establish, manage and terminate communication session. The protocols functioning in this layer are contrasted Procedure Call (RPC), Zone Information Protocol (ZIP), Appletalk, Session Control Protocol (SCP).PresentationThis layer is responsible for coding and conversion of data from masking to network format. It makes sure that the data of application layer is readable by the application layer of other system. It contains software used for encryption of data and thereby providing compatibil ity between systems.Application LayerThis layer is completely responsible for the software applications. The main function is to identify the communication partners and determine the availability of resources and also synchronizing communication. It provides end user services such as e-mails, file transfer, virtual terminal entre and network management.The softwares required to be implemented is discussed by and by the TCP/IP network model. Some of the examples implemented in application layer are File Transfer Protocol(FTP), Telnet and Simple Mail Transfer Protocol (SMTP).TCP/IP Network ModelThe physical and data link layer performs similar to OSI model.Physical and Data linkIt defines all drivers and NIC (Network Interface Card)Network LayerIt handles basic communication and protocols operating at this layer are IP, ARP, IGMP and ICMP.Transport LayerHandles the flow of data and segments data into packets over network. TCP and UDP operate in this layer.Application LayerIt handle s data of end user applications. Frequently used TCP/IP applications includes Telnet, SMTP, SNMP, DNS, NTP, Traceroute, RIP and NFS.Recommended SoftwaresThe softwares required for communication over intranet areWindows 7 OSUnixWareRemote backcloth connnectionLan MessengerJustificationThe OS recommended is Windows 7 since it is the latest and fastest OS as compared to previous versions of Microsoft. Remote backdrop connection is required to be establised in order to connect the computer over LAN or WAN. UnixWare provides facility of data communication over WAN. It establishes point to point links thereby facilitating fast transfer. SAN network also requires fast and efficient data communication that also can be achieved by usage of this software. Lan Messenger or a system that is uniformly implemented on all computers should be purchased.3.0 IT PolicyMain purpose of the IT policy verbalize is to define a framework on how to protect the Hospitals computer systems, network and all data contained within, or aditible on or via these systems from all threats whether internal, external, reflect or accidental.It is the policy of institution is to ensure thatAll central computer systems and information contained within them will be protected against any unauthorised access or use.Information kept in these systems is managed securely, should comply withrelevant data protection laws in a professional and proper way.All members of the hospital are aware that it is the part of their duty to abide by this policy.All employees (computer users ) accept total responsibility adhering to and implementing this policy within their service areas.The integrity and confidentiality of all central computer systems accessible on or via these systems is the responsibility of Computing go.All regulatory and legislative requirements regarding computer security and information confidentiality and integrity will be met by Computing Services and the hospital regulatory bodies.All breac hes of security will be reported to and investigated by a nominated security coordinator usually within Computing Services and hospital regulatory bodies.The primary role of the Hospital function regarding medication and search is not hindered.2. Statement of Authority, Scope and ResponsibilitiesIn addition all users have a responsibility to report promptly (to Computing Services or Hospitals regulatory bodies) any incidents which may have a security significance to the Hospital.3. The Computing EnvironmentComputing Services(under the guidance of hospital regulatory bodies) plan, maintain and operate a range of central reckon servers, mettle network switches, edge network switches, ease systems, and the overall network infrastructure interconnecting these systems.The computing environment is defined as all central computing resources and network infrastructure managed and overseen by Computing Services and all computing devices that can physically connect, and have been authori sed to connect, to this environment. All are covered by this policy, including computing hardware and software, any Hospital related data residing on these machines or accessible from these machines within the campus network environment and any media such as CD-ROMs, DVD-ROMs and backup tapes that may at times be accessible..Computing Services also considers all temporary and permanent connections via the Hospital network, casual laptop docking points, the Wireless network, the Virtual Private Network and the RAS modem pools to be subject to the provisions of this policy.Computing resources not owned by the Hospital may be connected to the Hospitals network. However, all such resources must function in accordance with Hospitals regulations governing the use of computing resources.Computing Services reserves the right to monitor, log, collect and learn the content of all transmissions on networks maintained by both Computing Services and individual departments and organisations at a ny time deemed necessary for performance and fault diagnostic purposes. Any network monitoring will be performed in accordance with the Computer Systems Scanning and Monitoring Policy. It is the right of computing service to check or monitor any employees login without prior content.4. Physical SecurityComputing Services provides a secure machine room with protected power arrangements and mood controlled environment. Primarily for the provision of central computing and network facilities individual departments and, if appropriate, individuals are encouraged to make use of the facility for applicable teaching or research projects.Any computer equipment in general office environment should be within physically secure rooms outside of general office hours.Desktop machines in public areas should contain a device or mechanism for securing and protecting the main components and contents of the computer from theft.The above is in accordance with The Hospitals indemnity policy .5. Access t o SystemsComputer and network systems access is only via individual user accounts. Please refer to the user accounts policy for further details and account eligibility.5.1 EmailAccounts provide access to email facilities. Use of email is governed by Computing Services email policy.5.2 File StorageAll users have access to the centrally managed file storage. Use of the file storage is governed by Computing User file storage policy,It should be appreciated for most applications the security of files on the server is considered to be adequate. However files held on a Network File Server (NFS) should never be considered completely secure. For this reason Computing Services do not recommend that you hold sensitive information such as exam papers or results on the central server (or on any NFS file server for that matter).5.3 The WebAll users have the right to publish their own web pages under the appropriate subdomain of bath.ac.uk. Individual users will be responsible for content in thes e areas and the Hospital reserves the right to remove access to any worldly which it deems inappropriate, illegal or offensive. Users should not in any way use their personal web space for commercial purposes.Users shall not in any way use personal web space to publish material which deliberately undermines IT security at the Hospital or elsewhere. Users shall not publish any information regarding open accounts, passwords, PINs, illegally obtained software licenses, hacking tools, common security exploits or similar unless there are specific and legitimate reasons to do so. E.G in order to demonstrate a problem to enable a fix, or similar.5.4 Internet AccessThe campus network is connected to the Internet via SWERN and JANET. Computing Services operate and maintain a firewall with the aim of protecting the campus network and Computer systems from unauthorised or illegal access or attack from the external environment.5.5 Campus NetworkIndividuals must seek permission from local supp ort representatives before connecting any machine to the LAN. extra attention must be paid to the Host connection and IP Address Allocation policy before any connection is made. Computing Services may disconnect any unauthorised host from the network without warning if discovered.6. Remote Access to SystemsRemote access is defined as accessing systems from a physically separate network. This may includeConnections direct across the InternetVPN ConnectionsDirect dial connections to the RAS (Remote Access Service)Any user with a valid Hospital computer account may access systems as appropriate. Remote access is allowed via secure methods only. Remote connections to any campus IT services are subject to the same rules and regulations, policies and practices plainly as if they were physically on the campus.Computing Services shall provide the only VPN and dial-in service that can be used. All connections via these services will be logged. No other remote access service shall be instal led or set up, including single modems connected to servers or workstations. Any active dial-in services found to be in existence will be removed from the network.7. Data SecurityThe Hospital holds a variety of sensitive data including personal information closely students and staff. If you have been given access to this information, youare reminded of your responsibilities under data protection law.You should only take a copy of data outside the Universitys systems if absolutely necessary, and you should kick out all other options before doing so. This includes putting sensitive data onto laptops, memory sticks, cds/dvds orinto emails. If you do need totake data outside the University, this should only be with the authorisation of the Universitys data protection officer. As part of this you should perform a risk assessment on the implications of it falling into the wrong hands, and take appropriate stairs to mitigate against this. This will almost certainly include encrypting the information, and checking the data protection statements of any recipients of the data.There are a variety of methods of remote access to systems available (in particular using VPN and remote desktop or terminal services) whichallow you to work on data in-situ rather than taking it outside the University, and these should always be used in preference to taking data off-site.Computing Servicesoffers a variety ofinformation and support to help you keep data secure.Ifyou are uncertain about any aspect of data security, you must contact us for advice.8. Anti-Virus SecurityComputing Services will provide operator by which all users can download and install current versions of site-licensed virus protection software.Users must ensure that they are running with adequate and up-to-date anti-virus software at all times. If any user suspects viral infection on their machine, a complete virus scan should be performed. If Computing Services abide by a machine behaving abnormally due to a pos sible viral infection it will disconnected from the network until deemed safe. Reconnection will usually be after liaison with the