Security Operations - GE HEALTHCARE CARESCAPE Monitor B650 Technical Manual

Hide thumbs Also See for CARESCAPE Monitor B650:

Technical manual (240 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

Table of Contents

Malicious software protection

Vigilant defense on many levels is required to keep systems free from compromise by

malicious software. Effective protection requires cooperation and partnership between GE and

our customers.

Based on the Linux Operating System, the patient monitor has a built-in firewall to allow

external communication to occur on a limited number of ports on the IX Network.

The following product features contribute to defense against malicious software:

•

System integrity checking

The patient monitor performs integrity checking on the root file system to detect any

changes to the file system contents. Any modification to the root file system contents will

generate an error to the patient monitoring software application. The patient monitoring

software will then display a technical alarm to the user.

•

Device design and configuration (hardening)

The patient monitor has been hardened through the restriction and removal of user

access to core operating system functionality. In addition, unneeded functionality has

been removed or restricted.

•

Antivirus software

To provide seamless real-time patient monitoring, the patient monitor does not have

antivirus software.

•

Security updates and patching processes

Security updates and patches cannot be applied to the CARESCAPE product without

going through GE's vigorous software verification and validation process. Any software

update needs will be communicated by GE.

3.5.2 Security operations

Network security

GE requires that the MC port of the patient monitor be connected to a physically or virtually

dedicated CARESCAPE Network MC or S/5 Network, isolated from all other networks.

GE requires that the IX port of the patient monitor be connected to a physically or virtually

dedicated CARESCAPE Network IX with controlled connection to the organization's general

purpose computing network. Traffic between the organization's network and IX port of the

patient monitor must be limited to the following packet flows listed below.

Inbound

Source device Destination device

Any

Customer

defined

Customer

defined

DHCP server

Packets that are part of the communication initiated by authorized devices in the

organization's network are allowed to go out of the IX Network (reflexive).

Patient monitor

Protocol

Destination port Use

icmp

N/A

tcp

10000

tcp

10001

tcp

67, 68

System overview

ping

Webmin

Software

transfer

DHCP

2081903-001

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Security Operations - GE HEALTHCARE CARESCAPE Monitor B650 Technical Manual

3.5.2 Security operations

Hide quick links:

Related Manuals for GE HEALTHCARE CARESCAPE Monitor B650

Related Content for GE HEALTHCARE CARESCAPE Monitor B650

Table of Contents