Past-ForwardBy Joshua Weinberger | Posted 2012-05-03 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Protected to the max, Beth Israel's network still came tumbling down.
A few years ago, Boston's Beth Israel Deaconess Medical Center helped establish a groundbreaking data network that met the strict requirements of the Health Insurance Portability and Accountability Act of 1996. ("The Napkin Network," Case 009, January/February 2002.)
Beth Israel, a member of CareGroup, one of New England's largest health-care organizations, had used firewalls and private fiber to protect its network from interlopers' eyes. It backed up not just its data, but its power sources. Yet it wasn't adequately prepared in mid-November when a single oversized packet of data led to a system implosion.
The systems were eventually restored, but the question remains: Can your system ever be 100% safe?
John Halamka, VP/CIO of CareGroup, thinks you can get pretty close. The medical center's flaw, he says, lay in the degree of sophistication by which it transferred data, a method known as Layer 2 switching. This approach ignores the content of network traffic and simply forwards it to its intended destination untouched. That makes the transfer fast, but leaves the network prone to errors.
"When you use a lot of Layer 2 switching you end up with the Blanche DuBois effect: you have to rely on the kindness of strangers," Halamka says, referring to the Streetcar Named Desire character who championed benign intervention. Even a single unintentional overload can affect other users, through local loops in the network.
Halamka says the answer "is to have Layer 2 switching in the access layer"where data is transferred between devices on the edge, but not middle, of a network"and to use Layer 3 routing in the distribution and core so you guarantee quality of service."
The next step up from Layer 2 switching, Layer 3 routing checks address information provided by the Transmission Control Protocol/ Internet Protocol (TCP/IP) to direct traffic. This slows down the delivery of data, but provides greater reliability.
By next month, Halamka says, that's precisely how Beth Israel's systems will be configured.