running DICOM queries across LAN - DICOM

This is a discussion on running DICOM queries across LAN - DICOM ; Hi all, This is a general question regarding DICOM Protocols coming from a newbie :-) My question is : Is it possible to run DICOM queries from a client machine which is outside the LAN network or DICOM servers? For ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: running DICOM queries across LAN

  1. running DICOM queries across LAN

    Hi all,

    This is a general question regarding DICOM Protocols coming from a newbie
    :-)

    My question is :

    Is it possible to run DICOM queries from a client machine which is outside
    the LAN network or DICOM servers? For e.g if have a set of DICOM servers set
    in my office and I want to run the DICOM query from my home machine which is
    not connected to the LAN though I know the external IP address of my Server
    machines. Are the DICOM protocols capable of this kind of action? I donnot
    want to connect to my office network using VPN.

    Thanks,
    Jyoti



  2. Re: running DICOM queries across LAN

    DICOM Q/R & Store will work across any network connection providing
    unimpeded TCP/IP connectivity between the two end points. This includes
    the ability to query and retrieve from your office servers to your home
    provided a) your server allows access to the you home machine/AE and
    b) the TCPIP connection is truly "unimpeded".

    In the day and age of hackers, script kiddies, network crawlers, &
    internet worms, office or home network connections which didn't
    restrict ( i.e. impede) access to outside connections wouldn't stay
    running (or wouldn't stay running securely) for very long.

    So the answer to your question is, nothing about DICOM stops you from
    doing what you're asking but you'd have to working at a pretty insecure
    office for it to work without having to do some fiddling with your
    network gateways, both at the office and at at home.

    A VPN is not technically neccessary but if you're dealing with
    identified patient images (as opposed to de-identified research images)
    you're taking a pretty big professional risk not to use a VPN.

    What you need to do is open holes in your firewalls, both incoming to
    your office and incoming to home (if you have one there) for the TCP on
    which your office DICOM is configured. The standard port for DICOM is
    104 but a lot of applications configure it on a different port. Opening
    the port to any IP address would be the same as not having a firewall
    at all. Your office firewall should have the port opened only for the
    IP address of your home machine. Your home network access
    point/firewall should have the port opened only for office machine.
    Your office dicom port may not be the same as your home dicom port.
    DHCP assigned addresss bring in complications that can be dealt with
    but I wont attempt to describe here.

    Firewalls can be spoofed with faked IP addresses, but it will keep out
    the casual port knocker applications - this is prudent but not secure.
    The dicom data will also flow over the network "in the open" subject to
    being easedropped. Using what I've described to transmit patient data
    will give your HIPAA compliance officer fits.

    Use a VPN.


  3. Re: running DICOM queries across LAN

    Thanks for your inputs....
    Jyoti

    wrote in message
    news:1106083821.591591.45490@f14g2000cwb.googlegro ups.com...
    > DICOM Q/R & Store will work across any network connection providing
    > unimpeded TCP/IP connectivity between the two end points. This includes
    > the ability to query and retrieve from your office servers to your home
    > provided a) your server allows access to the you home machine/AE and
    > b) the TCPIP connection is truly "unimpeded".
    >
    > In the day and age of hackers, script kiddies, network crawlers, &
    > internet worms, office or home network connections which didn't
    > restrict ( i.e. impede) access to outside connections wouldn't stay
    > running (or wouldn't stay running securely) for very long.
    >
    > So the answer to your question is, nothing about DICOM stops you from
    > doing what you're asking but you'd have to working at a pretty insecure
    > office for it to work without having to do some fiddling with your
    > network gateways, both at the office and at at home.
    >
    > A VPN is not technically neccessary but if you're dealing with
    > identified patient images (as opposed to de-identified research images)
    > you're taking a pretty big professional risk not to use a VPN.
    >
    > What you need to do is open holes in your firewalls, both incoming to
    > your office and incoming to home (if you have one there) for the TCP on
    > which your office DICOM is configured. The standard port for DICOM is
    > 104 but a lot of applications configure it on a different port. Opening
    > the port to any IP address would be the same as not having a firewall
    > at all. Your office firewall should have the port opened only for the
    > IP address of your home machine. Your home network access
    > point/firewall should have the port opened only for office machine.
    > Your office dicom port may not be the same as your home dicom port.
    > DHCP assigned addresss bring in complications that can be dealt with
    > but I wont attempt to describe here.
    >
    > Firewalls can be spoofed with faked IP addresses, but it will keep out
    > the casual port knocker applications - this is prudent but not secure.
    > The dicom data will also flow over the network "in the open" subject to
    > being easedropped. Using what I've described to transmit patient data
    > will give your HIPAA compliance officer fits.
    >
    > Use a VPN.
    >




  4. Re: running DICOM queries across LAN

    Hi eric,

    Could you tell me about the costs and issues involved in setting up a VPN?

    Thanks,
    Jyoti

    wrote in message
    news:1106083821.591591.45490@f14g2000cwb.googlegro ups.com...
    > DICOM Q/R & Store will work across any network connection providing
    > unimpeded TCP/IP connectivity between the two end points. This includes
    > the ability to query and retrieve from your office servers to your home
    > provided a) your server allows access to the you home machine/AE and
    > b) the TCPIP connection is truly "unimpeded".
    >
    > In the day and age of hackers, script kiddies, network crawlers, &
    > internet worms, office or home network connections which didn't
    > restrict ( i.e. impede) access to outside connections wouldn't stay
    > running (or wouldn't stay running securely) for very long.
    >
    > So the answer to your question is, nothing about DICOM stops you from
    > doing what you're asking but you'd have to working at a pretty insecure
    > office for it to work without having to do some fiddling with your
    > network gateways, both at the office and at at home.
    >
    > A VPN is not technically neccessary but if you're dealing with
    > identified patient images (as opposed to de-identified research images)
    > you're taking a pretty big professional risk not to use a VPN.
    >
    > What you need to do is open holes in your firewalls, both incoming to
    > your office and incoming to home (if you have one there) for the TCP on
    > which your office DICOM is configured. The standard port for DICOM is
    > 104 but a lot of applications configure it on a different port. Opening
    > the port to any IP address would be the same as not having a firewall
    > at all. Your office firewall should have the port opened only for the
    > IP address of your home machine. Your home network access
    > point/firewall should have the port opened only for office machine.
    > Your office dicom port may not be the same as your home dicom port.
    > DHCP assigned addresss bring in complications that can be dealt with
    > but I wont attempt to describe here.
    >
    > Firewalls can be spoofed with faked IP addresses, but it will keep out
    > the casual port knocker applications - this is prudent but not secure.
    > The dicom data will also flow over the network "in the open" subject to
    > being easedropped. Using what I've described to transmit patient data
    > will give your HIPAA compliance officer fits.
    >
    > Use a VPN.
    >




  5. Re: running DICOM queries across LAN

    Hello Jothi,

    I would also recommed the same as Mr Eric suggested, use VPN. It is
    highly secured and fast compared to internet. VPN service provider is
    local to the geographic location. If your are from India and you want
    to connect internally there are couple of players.

    1. Airtel (touchtel)
    2. VSNL/BSNL
    3. SIfy
    4. Primus

    The cost is based on the distance. If you want to connect with in a
    city it is close to 12k per year and intracity the it could range from
    One to four lakhs. The cost also is based on the speed. I am currently
    involved in setting up an teleradiology network locally. Please do mail
    me for more details. radyworks@gmail.com

    With regards
    Ravindran Padmanabhan
    Unologix


+ Reply to Thread