Winter 2003/2004 Volume 11
BUSINESS TECHNOLOGY
QUARTERLY
Brought to you by The Technology Group, LLC (860) 524-4400 www.technologygroupllc.com
Just for Health Care
Outlook). There are several
products on the market such as Providers
MailFrontiers Anti-Spam Gate-
way and NetIQ’s Mail Marshal Standard Health Identi-
SMTP 5.5 to name a few. We
have personally had good luck fier Adopted
US Department of Health and Human
with Mail Marshal.
SPAM! Let’s kill it! Services (HHS)
By Richard Pusey (Continued on Page 3) On January 23, 2004, HHS pub-
lished the Final Rule that adopts
What is Spam? Spam is unsolic- the National Provider Identifier
ited commercial email (UCE). —NEWS BRIEFS — (the NPI) as the standard unique
Any commercial mailing that health identifier for health care
you did not ask for is spam. With MyDoom Virus—Fastest Spread- providers. This rule becomes e f-
the ever increasing number of ing Worm Yet! See page 5 for fective 16 months after its publi-
spammers, spam filtering soft- more… cation date (May 23, 2005).
ware is fast becoming a must-
have for businesses and individu- Microsoft offers reward for virus (Continued on Page 2)
als alike. Spam filters block perpetrators. See page 5 for
spam based on the sender and/ more...
or message content.
Just for NonProfits
Two spam filters for home and
There are two places one can try business. See page 5 for more...
to block spam with a filter. One Microsoft software,
is at the server and the other is DVD burners offer an affordable Cisco hardware for
at the pc itself. backup solution that beats a ZIP
drive. See page 5 for more...
pennies on the dollar
A server-based approach is just for having a 501(c)3!
good if you have an on-site net- Have an issue or technology By Mark R. Torello
work administrator (with time on concern that you would like to
his hands) and have Microsoft see an article on? Let us know Struggling with Windows 98 on
Outlook on the desktop pcs by faxing back the enclosed fax- old pcs? Do you think that up-
(Many spam filters are designed back form. We would greatly grading 10 pcs will cost thou-
to work with appreciate it! sands? Guess again! A new op-
erating system such as Windows
XP Professional upgrade that
INSIDE costs $450, can be obtained for
$8 if you're a nonprofit. What’s
HIPAA Compliance Deadlines pg. 2 the catch you ask? There is
Help for Critical Staff Absences pg. 3
none! Red tape? Just a little…..
Choosing a Firewall pg. 4
MIP Tricks & Tips / New Fundraising Solutions pg. 5
MyDoom Virus / News Briefs Continued pg. 5 (Continued on Page 3)
In House News pg. 6
2 BUSINESS TECHNOLOGY QUARTERLY
HIPAA compliance
The NPI is all numeric. It is 10
positions in length (9 plus a deadlines to re-
check-digit in the last position). member:
It is easily accommodated in all
standard transactions. It
contains no embedded informa-
tion about the provider that it
HIPAA standards for
Standard health identifies. At the current rate of
the security of electronic health
provider growth, NPIs will be
identifier adopted available for 200 years.
information: April 21, 2005. You
should be scheduling a security
review early in 2004.
(Continued from Page 1) Providers will be assigned NPIs
upon successful completion of
National Provider Identifier (NPI):
Providers need not take any ac- an application form. The form
Application deadline: May 23,
tion to apply for NPIs until that can be submitted on paper or
2007
date. over the Internet. Once a
provider has been assigned an
This rule is available at: NPI, the provider must furnish
http://a257.g.akamaitech. updates to its data within 30 Health care practices
net/7/257/2422/14mar20010800/ days of any changes.
edocket.access.gpo.gov/2004/
need to schedule their
pdf/04-1149.pdf The National Provider System, IT security review early
being built under a Centers for
The CMS web site at http://cms. Medicare & Medicaid Services
in 2004
hhs.gov/hipaa/hipaa2 will also (CMS) contract, will process the
By Mark R. Torello
provide a link to this rule. applications and updates,
ensure the uniqueness of the
Many health care practices will
The compliance date for all cov- provider, and generate the NPIs.
wait until the compliance dead-
ered entities except small health It will also produce reports and
line of the Security Rule (April 21,
plans is May 23, 2007; the information based on requests
2005) to review and button up
compliance date for small from the health care industry
their IT security for compliance
health plans is May 23, 2008. and others.
with the rule. By then, these
When the NPI is implemented,
same practices will find it difficult
covered entities will use only the A single entity, known as the
to find available, qualified
NPI to identify providers in all enumerator, and performing
security consultants to provide
standard transactions. Legacy under a CMS contract, will
the compliance review and
numbers (e.g. UPIN, Blue Cross operate the NPS. The enumera-
remediation. Don’t let your
and Blue Shield Numbers, tor will receive applications and
practice get into this situation.
CHAMPUS Number, Medicaid updates from providers. The
There’s still plenty of time. The
Number, etc.) will not be permit- enumerator will assist providers in
rule and criteria are finalized so
ted. Providers will no longer completing applications, in
compliance can be achieved
have to keep track of multiple furnishing updates, and will be
now. Plus, there are other, even
numbers to identify themselves in responsible for resolving
more compelling reasons to but-
standard transactions with one probl e m s and answering
ton up your security…...such as
or more health plans. (The Ta x- questions. The enumerator will
thwarting off malicious spam,
payer Identifying Number may notify the providers of their NPIs.
viruses, and hackers that can
need to be reported for tax The enumerator will also process
lead to practice disruption,
purposes as required by the requests for, and disseminate
downtime, lost medi-
implementation specifications.) information containing, provid-
cal data, unnecessary
An NPI is expected to last indefi- ers' NPIs.
expense, and more.
nitely; it will not change over
time.
BUSINESS TECHNOLOGY QUARTERLY 3
Microsoft software, Have Critical Staff SPAM! Let’s kill it!
Cisco hardware for on Vacation? We
pennies on the dol- Can Help!
lar just for having a By Jerry Pangakis
501(c)3! If those “bumps” in the regular
operation of your business are (Continued from Page 1)
(Continued from Page 1) causing you grief, we have a so-
lution! If you do not have an on-site ad-
You must fax in a copy of your ministrator with the time to
501(c)3. Some sources only let Our sister company, Charter spend with a server based a p-
you purchase once per year so Oak Resources, LLC is a special- proach, a PC based solution,
planning is important. ized staffing company that con- such as Norton’s AntiSpam 2004,
centrates primarily on temporary InBoxer, or MailWasher, will be
Since we specialize in nonprofits, and permanent placement of right for you.
we look out for their pocket- accounting, financial and book-
books and make it our business keeping personnel. The big drawback to any of
to know all the sources for these solutions is the false posi-
nonprofit discount programs. Over the past two years, we tive (the filter thinks a good
We have helped many of our have recommended Charter email is spam). This requires a
clients save thousands. Honest. Oak to several of our clients who human to sift through the entire
Give us a call and let us help needed help to iron out those list of filtered email to see if any
you plan to save thousands too! “bumps” in the road. Account- legitimate messages were
ants for small manufacturers and blocked. With a server based
bookkeepers and financial ex- approach, the network adminis-
ecutives for nonprofits are re- trator must do this. With the PC
cent examples where clients got based solutions, each PC user
the help they needed for as must do it themselves.
long as they needed it.
To prevent your mail server from
Charter Oak Resources employs sending spam to others, you
experienced individuals who should have “mail relaying”
have serviced hundreds of cli- turned off. All mail servers should
ents in the Central Connecticut
DELL Authorized area for over 15 years. They
have it turned off unless needed.
However, the spammers have
Reseller have provided accountants,
controllers, CFO’s, bookkeepers,
found a way around this al-
ready. Some high end firewalls
payrol l specialists, billers and such as the Mail Guard in the
Call The Technology Group, LLC other specialized staff to a wide
for lower than web site prices on Cisco PIX firewall can thwart
variety of industries and busi- most savvy spammers.
DELL computers for your busi- nesses.
ness. Call for a quote at 860-
524-4400. One thing is for sure: spammers
This professional resource, an- will continue their fun regardless
other Whittlesey & Hadley affili- of regulations or laws and will
Ask why the Optiplex line from ate, stands ready to help your
Dell is a better choice than the continue to flood the world with
company when staffing prob- spam. Now we must add the
Dimension line. Confused lems arise.
about which laptop is right for task of filtering and deleting,
you? Ask about the difference hoping we don’t delete that
Call Mark Torello at 860-524- email we actually needed!
between Inspiron and Latitude 4433. You’ll be glad you did!
laptops. We can help! Call
Mark at 860-524-4433.
4 BUSINESS TECHNOLOGY QUARTERLY
For the technologically here’s how to select one: Let the
experts do the testing for you.
thirsty There is an organization called
the International Computer Se-
Choosing a firewall for curity Association (ICSA Labs),
which is a division of the TruSe-
your organization How does my firewall know what
cure Corporation. One of the
to let through?
(Firewalls 101) functions of ICSA is to test fire-
A firewall uses a technique walls and make sure they meet
By Jeff Gerace a minimum of security require-
called “packet filtering”. During
this process, the firewall inspects ments. ICSA certification is glob-
In today’s Internet ready busi- ally recognized and accepted.
ness world, addressing Internet packets to make sure that the
packets coming into your net- Make sure the firewall product
security should be of utmost im- you are considering is ICSA Cer-
portance in your business plan. work were requested. A firewall
can easily determine whether tified.
Many businesses do not under-
stand the danger of the Internet an arriving packet is initiating a
new connection or continuing Some other factors to include
until they have paid the price, when choosing are;
either with damage or loss due an existing conversation. Pack-
to malicious activity. The best ets arriving as part of an estab-
lished connection would be a l- · Ease of use
way to secure your network is to · Ability of the firewall to de-
make sure you have a multi- lowed to pass through the fire-
wall, but packets representing tect common attacks
tiered security plan, starting with · Management and logging
a firewall. new connection attempts (i.e. a
hacker from the outside) would options
be discarded. Thus, a firewall · Intrusion detection ability
First let’s understand a little bit · VPN (virtual private net-
more about the function and can permit the establishment of
outbound connections while work) ability
operation of a firewall, then · Expandability
we’ll talk about how to choose blocking any un-requested con-
nection attempts from the out- · Cost
one.
side. One of the biggest misconcep-
All Internet communication is tions about a firewall is that it’s
accomplished by the ex- Many higher end firewalls per- better if it costs more. This is not
change of packets of data. A form a higher level of inspection always the case. Though most
packet contains information called “stateful” packet inspec- firewalls provide more features
you create on the computer tion. Instead of simply examining as the cost increases, many of
and send across the Internet. A the header information of the these features may not be
firewall isolates your computer first packet (IP address, destina- needed. The best course of ac-
from the Internet by inspecting tion port, source port, etc.) and tion is to sit down with your net-
each packet as it arrives at e i- allowing all subsequent packets work security consultant and dis-
ther side of the firewall, then de- in the session to pass, each cuss your concerns and options.
termines whether it should be packet is examined thoroughly, There is no single best solution
allowed to pass or be blocked. including its payload (the data because the solution must be
Essentially, two machines content of the packet). A tailored to the specific needs of
"agree" that they are con- “stateful” firewall can help pre- the organization.
nected and the receiving m a- vent situations where packet
chine sends back headers are altered by a mali- That said, here are some of the
"acknowledgement packets" to cious source to masquerade as leading firewall brands on the
let the sending machine know legitimate traffic, when in fact market today: Cisco, Check-
that the data was received. they often carry worms, viruses, point, Sonicwall, Watchguard,
Network engineers will create or Trojan horses. Yikes! Netgear, and Linksys. Microsoft
rules (for allowed traffic) based has a built in ICSA certified fire-
on the type of traffic that needs Now that you understand a little wall called ISA Server which
to get through the firewall. bit about how a firewall works, comes with Small Business Server
Premium Edition.
5 BUSINESS TECHNOLOGY QUARTERLY
"The message contains Unicode
For our nonprofit MIP worth a look. Below is a list of
characters and has been sent as a
the basics:
users binary attachment." The attached
files may include:
Paradigm:
Starts at $2,900. Very user document.zip, document.pif, doc.
friendly and easy to learn with-
MIP Tricks & Tips out formal training
scr,message.pif, readme.exe, file.
zip, message.zip, oia.zip, text.zip
By Deborah Swanson GT Pro: Both versions of MyDoom are known
Starts at $9,000. Modular system to open Windows Notepad and dis-
? Use the Report Binder feature to with SQL database option play garbage text; in addition, they
group reports and print them to- may open ports 3127 through 3198
gether. Ideal for running monthly to listen for commands from a re-
Millennium:
report sets for Board and Man- mote attacker.
Starts at $29,000. For the most
agement.
sophisticated fundraising needs On February 1, MyDoom.a success-
? Review the effects of unposted fully launched a denial-of-service
documents. The Normal Trial Bal- attack on sco.com, shutting down
ance and Expanded General MyDoom Virus: The the Linux vendor’s Web site. On Feb-
Ledger reports both have the op- Fastest Spreading ruary 3, MyDoom.b will attempt to
tion to include unposted transac- shut down Microsoft.com.
tions in the report. Just check the Worm Yet!
box on the Options Tab of the re- Prevention & Removal
port. You can also filter for spe- By Mark R. Torello If you receive MyDoom, do not
cific unposted Session IDs on the open the attached file. Delete the
Filter Tab. The report title will in- MyDoom.a, a mass-mailing worm, e-mail message. The major antivirus
clude the words “Unposted trans- masquerades as a test message. companies have updated their soft-
actions included in report”. There is now a second version, My- ware to help protect and remove
Doom.b. Both take advantage of these worms.
? Speed up monthly budget entry. the ZIP file format's ability to pass
through e-mail filters. They also use
Use the Memorize Document fea-
the program Kazaa to spread. —NEWS BRIEFS —
ture to memorize a budget entry
for one month. Then recall the Within the first few hours, MyDoom.a
memorized document each spread quickly around the world; in Microsoft offers reward
month to create the budget for contrast, MyDoom.b is not spread- Microsoft will pay a $250,000 re-
the entire year. ing as quickly. MyDoom.a contains ward for information resulting in
a payload that launches a denial- the arrest and conviction of
? Do you have questions about of-service (DoS) attack on the Web those responsible for unleashing
MIP? Call Deborah Swanson at site www.sco.com, and MyDoom.b the MyDoom.b worm.
860-524-4465 for answers! launches a DoS attack on the Web
site www.microsoft.com. MyDoom.
a and MyDoom.b will self-terminate Two spam filters we recom-
Best Software Now Has on February 12, 2004 and March 1, mend for home and business:
3 Great Fundraising So- 2004 respectively. Because these
viruses spread via e-mail and could InBoxer—For workstation level filter-
lutions severely slow or shut down e -mail ing. www.inboxer.com
By Deborah Swanson servers with excess traffic, they can
be extremely damaging. Mail Marshal—For server level filter-
Nonprofit organizations looking ing. www.mailmarshalsoftware.com
for fundraising and donor track- This virus triggered the first alert from
ing software have three good the newly formed Department of DVD burners offer an afford-
reasons to look to Best Software. Homeland Security’s cyber alert sys-
tem.
able backup solution
Paradigm, GT Pro and Millen-
nium are Best’s entry level, mid
How it works DVD’s can hold 4.7 gb of data
level and high level fundraising
Both versions arrive primarily as e- compared to only 250 mb on a
systems. All interface with MIP
mail. The subject line reads "Mail De- Zip disk. The drives cost between
Fund Accounting. But even if
livery System," "Test," or "Mail Trans- $106 and $650 with DVD’s cost-
your organization uses another
action Failed." The body text reads: ing about $3.
accounting product, these are
6 BUSINESS TECHNOLOGY QUARTERLY
In House News: The Technology Group, LLC The Technology Group, LLC
is proud to be partners
Gregory Rothauser has Satisfying clients is not just our
joined the firm as a Network goal… It’s our purpose.
Systems Technician.
860-524-4400
The Technology Group is
proud to have recently be- Current security alerts and
come the outsourced IT de- past newsletters available on
partment for Jensen’s Inc., our website:
developers and managers of
high quality residential com- www.technologygroupllc.com
munities.
BUSINESS TECHNOLOGY QUARTERLY
WINTER 2003/2004 EDITION OF
06106-5100
Hartford, Connecticut
147 Charter Oak Avenue
at Whittlesey & Hadley, P.C.
Permit #2639
Hartford, CT
PAID
U.S. POSTAGE
PR SRT STD