By Lorne Lavine, DMD
The use of technology, and particularly computers, in the dental practice has grown dramatically over the past 10 years. A survey was issued in March 2001 by the editorial and research departments of a major dental publication to a random sampling of 3,000 U.S. general practitioners. In that survey, 94 percent said they have computers in their offices and 29 percent indicated they have computers in the operatories.
There are many reasons why practitioners are now using computers in the office. Practice-management software, use and management of intraoral and digital cameras, digital radiography, and Internet use have all been driving forces in the explosion of technology available to dentists.
While the move toward paperless offices is progressing, many dentists are now discovering that their computer data is far and away their most important asset. Unfortunately, few realize just how sensitive their data is to both attack and loss of information. The purpose of this article is to examine the different methods dentists should adopt to protect their data and to ensure the smooth operation of their dental practices.
Online all the time
There is little doubt that Microsoft has won the battle for operating system supremacy on the desktop. While Windows has many excellent features, it has a very poor track record when it comes to security. As any owner of Windows XP knows, there are almost weekly updates that are released, with the primary function being to patch new holes that have been discovered. Many of these problems are due to the weaknesses in Internet Explorer, Microsoft's web browser.
For many years, dial-up connections were the only method of connecting to the Internet. Internet Service Providers were given a block of IP (Internet Protocol) addresses that were doled out on a random basis to subscribers as they logged on. This meant that every time someone logged on, he or she was given a different address that lasted only as long as the computer was online, making it difficult for hackers to track an individual system. That all changed with the advent of broadband connections. Many cable and DSL subscribers are given a static, non-changing IP address, making them far more vulnerable to attacks. Leaving a computer with a static IP address online without proper security is analogous to leaving your car in the driveway with the keys in the ignition; it's basically an invitation to hackers to enter your system.
Fortunately, there are many methods to keep intruders out. One of the best techniques is to use a firewall. As you begin to study computer and network security, you will encounter many new terms — encryption, port, Trojan, and more. "Firewall" will be a term that will appear often. A firewall is basically the first line of defense for your network. The basic purpose of a firewall is to keep uninvited guests from getting into your network. A firewall can be a hardware device or a software application and generally is placed at the point where the network connects to the Internet where it acts as the gatekeeper for all incoming and outgoing traffic.
A firewall allows you to establish certain rules to determine what traffic should be allowed in or out of your private network. Depending on the type of firewall implemented, you could restrict access to only certain addresses or domain names, or you can block certain types of traffic by blocking the ports they use. There are basically four mechanisms used by firewalls to restrict traffic. One device or application may use more than one of these in conjunction with each other to provide more in-depth protection. The four mechanisms are packet filtering, circuit-level gateway, proxy server, and application gateway. Each of these mechanisms has its drawbacks as well as its advantages. The application gateway is considered to be a more advanced and secure firewall mechanism than the other three, but it uses more resources (memory and processor power) and can be slower. Packet filtering is generally faster and easier to implement, but is susceptible to attack from users faking their source IP address (IP spoofing) to trick your firewall into thinking that the traffic should be allowed through. For most dental offices, packet filtering is the preferred method.
Many small-office DSL or cable routers come with built-in firewall capabilities. Generally, these tend to be simple packet filters. You can block all incoming connections on all ports if you are not acting as a server for anything. If you want to publish a web page from your computer, you would need to allow incoming traffic on Port 80 to get to your computer. If you want to be able to download files from your computer from outside using FTP, you would need to allow incoming connections on Port 21. A basic rule of security is to start with the most restrictive and only open holes where it seems necessary. Most of the routers made by Linksys and D-Link include firewalls.
In addition to the hardware firewall built into routers, there are also software applications called personal firewalls that you can run on your computer. These personal firewall applications monitor all incoming and outgoing communications on your computer as well as what services are trying to interact with what other services. The most popular software firewalls include Zone Alarm Pro and Black Ice Defender.
Malicious intent
In our modern society, there are unfortunately people who find it enjoyable to cause as much damage as they can to others' computer systems, and they often achieve this goal by writing software codes that can cause irreparable damage. Often referred to as malware, these programs include viruses, worms, and Trojans. Malware can cause loss of productivity, corruption of files, network slowdown or Denial of Service, e-mail delays and loss, and exposure of your sensitive files online. Furthermore, inadvertently passing these viruses on to other users can be humiliating and most users are never aware that they have even done this. To lower the risk of contracting a virus, worm or Trojan, users should follow these steps:
- Purchase a leading anti-virus software package, one that will scan incoming mail messages and files automatically. Two of the better-known virus scanners are Norton Anti-Virus and McAfee Virus Scan. You should update anti-virus software definitions weekly, if not more often (ideally, the anti-virus software should update the virus definitions automatically). Updates are available at the vendor's Web site and are very simple to perform. Use the anti-virus software to run full disk scans (i.e., scan the entire computer) monthly, if not more often. Full disk scans should also be scheduled to run automatically. Scan all floppies, CDs, or other external media that have been used on external systems or that you receive from others (including friends and family).
- Learn how to identify virus hoaxes from real threats. Overreaction to hoaxes can cause unnecessary panic and overload network bandwidth. To determine whether or not a virus warning is legitimate, visit one of the following sites: F-Secure, McAfee's Virus Information Library, Trend, or Vmyths.
E-mail is an especially vulnerable medium to transmitting viruses. As anyone with an inbox knows, unsolicited e-mails can take up a lot of space and time to separate the important e-mails from the junk. Furthermore, most e-mail is not encrypted and you must assume that messages you send are available to be intercepted by third parties along the way. There are certain steps you can follow to take better control over your e-mail.
Do not open attachments unless absolutely necessary, especially if they are sent by someone unknown to you. Specifically, do not open .exe, .bat, .vbs, and .scr type attachments ever, since they are commonly-used media for virus file infections. Consider installing updated packages or the Microsoft Office 2000 E-mail Security Update to block such attachments. Users of Outlook XP already have the e-mail system setup to automatically prevent these types of file attachments from being read. If you must open an attachment, always scan attachments manually with anti-virus software before opening them, if they must be opened.
If you are using Outlook or Outlook Express e-mail software, configure e-mail messages as "Restricted Zone" (go to Tools/Options/Security, then choose Zone in the window below.) If possible, set your e-mail client to send messages in plain text (for Outlook go to Tools/Options/Mail Format, and then choose Plain Text from the windows below). HTML mail is a potential risk and allows for snooping and malicious code infection.
I should point out that many dental offices use Web-based e-mail services under the mistaken impression that these are more secure and will allow the "regular" e-mail inbox to remain easier to manage. Web-based e-mail services, such as Yahoo! and Hotmail, present additional risks to users. These risks may include increased spam, privacy violations, and unauthorized information disclosure. Further, in the dental office, they may lead to the loss of productivity due to having personal e-mail readily available to all staff members. Finally, because they present a more open forum of e-mail exchange, they add to the risk of virus or malware infiltration. To lower these risks, do not use Web-based e-mail systems for the communication of any sensitive information. However dull it might be, you should review the licensing agreement with the service before you click "I Agree." Some free e-mail services actually own the content of your messages sent through their Web service. Follow the same attachment policy as with company and personal e-mails.
There are new vulnerabilities and flaws discovered everyday that could allow a hacker to break into your computer, take control of it for use in a denial-of-service attack, or steal or destroy your data. Keeping your software patched and running updated antivirus software are very important pieces of the puzzle, and having a firewall block incoming connections in the first place is definitely a wise idea as well. No one security solution will solve everything. The more lines of defense you have in place, the harder it is for hackers to get in and the safer you will be.
Dr. Lorne Lavine has practiced periodontics and implant dentistry since 1992. He has written for numerous publications, including Dental Equipment and Materials and Dental Economics. He lectures nationally on technology in the dental practice. He is president of Dental Technology Consultants, which provides full-service consulting and integration to dentists who are upgrading their practice-management systems. He can be reached at (866) 204-3398, by e-mail at [email protected], or through his Web site at www.dtc4u.com.
