Information Technology Issues



Fig. 1
Internet data packet, showing the “data payload,” along with source and destination IP addresses and ports



Routing of data on the Internet depends on a system of Internet Protocol (IP) addresses. Each device has a unique IP address that specifies the location of the device on the network, much like a street address identifies the location of a building. Each device also has another unique identifier, the Media Access Control (MAC) address, which is assigned by the manufacturer. When a device joins the network, a Dynamic Host Control Protocol (DHCP) server automatically keeps track of its MAC address and assigns an appropriate IP address. IP addresses are used to route data from source to destination; the path taken is governed by a set of rules implemented by routers throughout the Internet. IP addresses are 32-bit numbers, allowing for over 4 billion unique addresses. To make them more easy for humans to read and to manipulate, they are traditionally divided into four 8-bit “octets,” each separated by a “.” and expressed as a decimal number from 0 to 255. For example, the address of the computer on which this text is being written is 68.173.40.88. The currently dominant IPv4 address system will be replaced by the IPv6 system, which supports 2128, or approximately 3.4 × 1038, addresses. Notation is in the form of eight sets of four hexadecimal numbers, i.e., 2604:2000:e1a3:8400:918b:7be6:471e:e791. Formalized in 1998 to address the anticipated exhaustion of IPv4 addresses, IPv6 adoption was initially slow, but is now accelerating [2].

The Domain Name System (DNS) provides a mechanism for substituting machine-friendly, but human-unfriendly, IP number with convenient easily remembered names or Uniform Resource Locators (URLs). When a user specifies a URL, a DNS server automatically looks up the URL and returns the corresponding IP number.

A subnet is a local division of the Internet, roughly analogous to a street on a map. Commonly, the subnet is specified by the highest order 3 octets (68.173.40 in the above example). In this case, there would be a maximum of 256 addresses on the “subnet” 68.173.40.x (where x is an integer from 0 to 255), perhaps corresponding to the devices on a floor or portion of a building. A special device, a switch or router, provides a gateway between the subnet and the rest of the world; all packets not destined for devices on the subnet travel out through the gateway. On a Windows® computer, the command IPCONFIG returns various settings, including its IP address and the IP address of its gateway (Fig. 2).

A328697_1_En_38_Fig2_HTML.gif


Fig. 2
To run IPCONFIG from a Windows 7 machine, press the Windows button (1), enter “cmd” (2), and type “iconfig” in the terminal window, as shown in (3)

The IPCONFIG command can be useful for debugging problems with network connectivity. If IPCONFIG returns an unexpected IP address for a cEEG acquisition or review system, it may indicate that the device is plugged into a wall jack intended for a different application. For example, some hospitals reserve specific wall jacks, on dedicated subnets, for specific functions, e.g. for radiology systems. Under some circumstances, the IP address assigned to a particular machine may change when the machine is disconnected for a period of time and then reconnected, even to the same wall jack; the change, however, will normally affect only the rightmost octet; the subnet will usually remain unchanged. Also, IP addresses of 0.0.0.0 and 169.254.x.x are invalid and usually indicate that, for some reason, the machine was unable to obtain a proper IP address.

On Windows 7® systems, the network icon, appearing toward the lower right-hand corner of the screen, indicates the status of the network connection (Fig. 3). A red X indicates that the physical connection has failed. A common cause for the red X (other than forgetting to plug in the network cable) is loss of stiffness of the RJ-45 network connector’s plastic tab (Fig. 4). Repeated plugging and unplugging of the RJ-45 jack will cause this tab, which holds the plug securely in the wall jack, to weaken. Users of portable cEEG equipment should be encouraged to routinely examine the condition of the RJ-45 plug and to replace the cable when the tab seems soft. Wiggling or taping a defective connector to “make it work” is a bad practice and is asking for trouble. If the network cable is connected but there is another network-related problem, a yellow triangle with an exclamation point superimposed is seen. Causes include problems with DHCP IP address renewal and buggy network interface driver firmware.

A328697_1_En_38_Fig3_HTML.gif


Fig. 3
The network icon (arrow), located in the system tray at the lower right-hand corner of the screen in Window 7, displays the status of the network connection. Panel (a) shows normal status. The red “X” in Panel (b) indicates loss of physical connection. The “!” in the yellow triangle in Panel (c) indicates another problem with network connectivity, possibly involving the host or gateway IP address, DHCP renewal, or network interface driver software


A328697_1_En_38_Fig4_HTML.jpg


Fig. 4
Ethernet plug. With repeated plugging and unplugging, the plastic tab (arrow) tends to lose its resilience, causing an unreliable electrical connection to the wall outlet. When this happens, the cable should be replaced

The PING command (Fig. 5) is a great tool for verifying that a system is connected to the network and that the network is working. PING sends a test message to another device and displays the time it takes for the test message to be received; PING will fail if the reply is not received. In Fig. 5a, the command PING 68.173.40.1 successfully tests the connection between my computer (68.173.40.88) and its default gateway (68.173.40.1). In Fig. 5b, the same test fails (“request timed out”).

A328697_1_En_38_Fig5_HTML.jpg


Fig. 5
To ping another device from a Windows 7 machine, press the Windows button and enter “cmd” (see Fig. 1). In the terminal window, type “ping” followed by the address of the device that you wish to ping. (a) illustrates a successful ping of gateway 68.173.40.1; in (b), the same ping fails



Restricting Access


In the early days of the Internet, information was generally permitted to flow freely between all connected devices. Over time, as information security becomes an important concern, institutions implemented special systems to safeguard internal communication while permitting necessary external communication. Typically, data are permitted to flow freely between devices on local networks, but at points where the local network joins a larger network or the public Internet, routers and firewalls control the flow of traffic.

Firewalls may restrict communication based on IP addresses, permitting information traffic between specific IP addresses or subnets and blocking others. Firewalls may also control communication by passing only certain types of data and blocking others. In addition to specifying source and destination IP addresses, data packets are also labeled with source and destination “ports,” indicating the sending and intended receiving applications (Fig. 1). Institutional firewalls often impose a default “deny all” policy on inbound traffic, making exceptions only for specific data types and destinations. Figure 6 illustrates a firewall configured to allow inbound traffic only to a web server and a mail server; note that the cEEG machine, the review station,, and the file server are all inaccessible to the Internet.

A328697_1_En_38_Fig6_HTML.jpg


Fig. 6
Firewall blocking all inbound traffic except messages destined for the web server and the mail server. In addition to restricting traffic to those specific hosts, the firewall would typically be configured to permit only specific types of messages by restricting ports, i.e., port 80 for the web server and port 993 for the mail server. In a typical configuration, inbound web traffic might also be permitted to reach the workstations on the network, but only if it was in response to returning in response to messages sent by those stations. In this manner, a workstation could browse the web, but it could not be a web server

In addition to institutional firewalls protecting entire networks, modern operating systems have “personal firewalls” that function in a similar manner to protect individual computers. By default, commonly used ports are enabled. On occasion, it is necessary to “open” one or more additional ports in order for a particular application or function (e.g. remote access) to work. Rather than simply turning the personal firewall off (a very bad idea), both Windows (press the Windows button, click Control Panel, click System and Security, click Allow Program Through Firewall, click Change Settings, click Allow Another Program, and select the program from the list) and OSX make it easy to specify the programs for which need access.

Only gold members can continue reading. Log In or Register to continue

Related posts:

Default ThumbnailCriteria for Continuous EEG Monitoring Default ThumbnailStaffing Considerations for ICU EEG Monitoring Therapeutic Hypothermia in Children Prognostication in Adults Electrographic Seizures in Pediatrics: Recognition and Examples Quantitative EEG Analysis: Basics

Stay updated, free articles. Join our Telegram channel
Tags:
Jul 12, 2017 | Posted by in NEUROLOGY | Comments Off on Information Technology Issues

Full access? Get Clinical Tree
Get Clinical Tree app for offline access