A few months ago, I accepted a position as Director of Infrastructure Technology at Lakeshore Bone and Joint Institute in Chesterton Indiana (LBJI). LBJI has been an established orthopedic practice in Northwest Indian for 50 years and is a leading provider of orthopedic services in the region. I was most excited about this position because not only would I be doing the technology work associated with keeping a 7 site business in constant contact, but also I would be administering their PACs (picture archiving communications system). The idea of administering a system designed to share x-rays was fascinating, who knew what technologies I would get to work with?

A few months have past and I’m getting settled in, it’s truly enjoyable work. The PACs system involves a lot of networking, some user interaction and then the new skills for a tech: Images are stored in a standard called DICOM (Digital imaging communications in medicine) and they communicate with the practice management software with a language called HL7 (health systems level 7). These combine to create a challenging environment for a tech and the position is relatively new in the medical industry, which means there are openings. Investigate PACs administration if you are a techie looking for open positions in this job market. There are also additional positions that open up to you once you look towards health care. So, if you are a techie looking for work, I hope that this helps you to consider a new potential of sources. If not, I hope that you will enjoy as I start to write about some of these challenges.

Until next time,

K-Tat

It doesn’t matter if you are in an entry level position or a position of corporate leadership, sometime on the job you are going to make a mistake. Depending on the skill level and trust you have built up that mistake may well have enormous ramifications for your company. How you handle the mistake can affect a great many things within your job. It can shape the way people in management see you and relate to you as well as whether or not they feel confident in trusting you. It can affect the operational status of your company at whatever level you are operating at. It can affect the way your coworkers view you in much the same way that it affects management. Similarly, if you are in management and are learning of a mistake from an underling this can be an opportunity to grow your team or simply a nail in your coffin of mediocrity.

The people we hire to work for us, by and large want us to succeed. More importantly, they want to feel a part of that success is directly attributable to them. Self gratification is an important part of the “compensation package”. When we (or they) screw up, it is not because they wanted to but rather a mistake or a misunderstanding of procedures, policies etc…. The environment should be such that a mistake can be freely communicated in a timely manner without the need for immediate retribution. If you send or receive an e-mail which says “I was migrating a server and in the middle of the move everything stopped” the response should not be “How can you let this happen?” rather, the first response should be “What backups do we have? Have you logged in and verified that the transfer really failed? Is the old system still in place?” or any number of other constructive things to check that the panicked mistake maker may have missed. Allow the team in place to function as a team to identify solutions to the problem. This type of action path will lead to people being more open about mistakes which allows you to more accurately judge skill levels, plan training and delegate responsibility without fear of the unknown.

Once the mistake is dealt with, an after action review may be warranted (depending on the scope and severity as well as the need to train on procedures). A good manager will focus on finding out why he/she didn’t prevent the employee from making the mistake. In the example above “Did you have a written plan? Was a fall back scenario in the plan?” … With the manager adding “I should have reviewed your plan with you and a couple of team mates to see if we could add anything to it collectively. Further, I should have reviewed it prior to your implementing it to take responsibility for it. The operational errors are yours to learn from and the lesson was expensive, we hope it will benefit you in your future performance with us. My errors in management are mine as well as yours to learn from.” These types of responses share the responsibility and make employees feel that they are a safe part of the team which will allow them (once they know the box well) to work outside the box and ultimately help them to become good leaders as  well.

A couple of weeks ago I began maintaining an internet directory (click here) for fun and profit, well the goal is profit but so far it has been mostly fun. I decided that once I got the thing running I would try to incorporate various social media community building tactics including those found in the book Trust Agents by Chris Brogan.  First however, I had to accomplish the technical hurdles of creating a web directory including those related to hosting, software installation etc… Once those were accomplished I needed to start some basic link building, which would have me doing link swaps with other directories. This I found to be the perfect opportunity to start looking for examples of what I like and what I don’t like.

Let me start by describing what I don’t like. I don’t like the tired old attitude of “I provide you a service so you need to give me money”. I dislike it even more when there are no options AND you have to give an e-mail address. “Pay me for having a system on auto-pilot AND give me your email address so that I can spam you”. There are so many of those, just search and it is likely the first directory you find will be like that. In addition to the small mindedness that this suggests in terms of customer relations it is also not optimal for maintaining a directory. Google uses links as votes and these no muss no fuss, just pay and go directories often look like abandoned towns on the internet, falling into horrible disrepair.

Now, I will tell you about a gem I found for link building (Active Search Results). Not that the links are that valuable or anything else, but in terms of how it is run. First, you have options on the plan to select. Additionally, you need to provide an e-mail address in case they need to tell you anything about your links… this is where it gets good. Active Search or ASR, has developed “an algorithm” for their search engine. Not the high tech PR algorithm used by Google, but definitely not the link and go of the shabby sites. They have a point system that assigns points to various activities (calculated weekly). They use their email list to keep you up to date on your performance (as well as any additional offers). The use of points brings out the competitiveness in people letting them see that they can get rewarded for activities that actually benefit the vendor. So that is the main point I wanted to illustrate, is just that you should think of novel ways to engage people in a continuos manner when you give them something so that you derive maximum benefit from your work and you do so by giving the customer maximum benefit.

That being said, my directory is not that complex yet at all so in recognition of that I have a coupon code (FLCOUD) that will allow you to get any level membership for free. This is good through March 22d (membership is only one time, so free memberships will not be billed later) after which the price applies for new memberships. So, head on over to Best of the Cloud Directory and get your free membership and leave some links for your sites.

Last week I wrote a post about building a data center that supports network security monitoring this week I am going to talk about using SNMP traps to leverage that design. SNMP traps are unsolicited messages from an SNMP (simple network management protocol) server to provide notification for an event. In last weeks post I mentioned having a labeling convention for switches and their ports which would correspond to the labeling of rooms and network jacks. Using SNMP traps, I am going to talk you through identifying the (physical) location of network traffic.

I am going to leave the configuration of the switches and software as either an exercise for the reader, or a topic for a later post (I haven’t decided and feedback would be appreciated). This post will deal with the concepts that need to be understood for this task and the tying together of the conceptual pieces.

The first concept will be SNMP. The Simple Network Management Protocol is a standardized protocol for managing devices on a network. There are three major components in an SNMP network:

• Managed devices
• Agent – software running on the managed devices
• Network Management System – software running on the manager

We will be talking about our Cisco switches as managed devices and the agent will be a component of the Cisco IOS on those devices. The network management system will be abstract and anonymous for now.

The next key concept is that of the MAC Address, the MAC Address is a layer two identifier that is hard coded into a physical device. The IP Address on the other hand is a layer three identifier. Ip addresses are resolved on remote networks to tell the internet how to get a message to the proper network, once at the proper network the IP Address is resolved to a MAC Address to determine specifically which device the message goes to. This location is accomplished by the switches remembering what port a message with that IP Address came in from in its CAM table.

Ideally we want to set up our switches to send SNMP traps for MAC Address events (a new MAC is added or deleted from the CAM table) to our network management server where we will log the event. The alert will show what switch the event came from as well as what port the address is on, this information can be databased for ease of use.

The source of traffic information to identify can be anything from a log entry to an anomalous bit of data in a netflow log. However we find that data it is going to be in IP address format, which will only help us if the information is current (or we have some historical logging). If the information is current (we are sure that no one has dropped the ip and allowed someone else to get it) and we are on a unix box, then we can ping or otherwise connect to the ip via the network. Once we have done that, our machine will have an ARP entry for that IP and we can issue the arp -a command to display our ARP tables. In the case of historical data, if the address is in the DHCP range we can look for that ip address being issued prior to the event in the DHCP logs. That will give us the MAC address of the machine and we can look in our SNMP database to determine what port (and thus what location) the device was plugged into.

Today, I wanted to discuss how to use netflow for increased network visibility. We have already looked at how to design a network that allows increased visibility, now we need to leverage those design strengths. Netflow is a protocol designed by Cisco to collect and store IP traffic information. The information is used by major ISPs to facilitate billing and QOS monitoring. Additionally, and more importantly to us, it can be used to search for traffic anomalies and to identify security incidents.

Netflow is available from a variety of layer 3 devices, but we are going to talk specifically about capturing netflow data from Cisco devices. First we need to set up the device to do a netflow export (here is a great post on ingress or egress netflow analysis) we are going to assume that we want both ingress and egress enabled.

Here are the commands to configure a Cisco router for both ingress and egress flows:

Router > enable
Router#: configure terminal
! send NetFlow off to the collector – Scrutinizer
Router(config)# ip flow-export destination 10.1.1.1
! lets send NetFlow off to a 2nd collector
Router(config)# ip flow-export destination 10.1.1.2
! You have to setup Flexible NetFlow to export to more than two destinations
! Lets export NetFlow v9 as NetFlow v5 doesn’t support egress NetFlows
Router(config)# ip flow-export version 9
! summarize and export long lived flows every minute
Router(config)# ip flow-cache timeout active 1
! export flows that are idle 15 seconds or more
Router(config)# ip flow-cache timeout inactive 15
! export the NetFlow data from the configured loopback interface.
Router(config)# ip flow-export source loopback 0
! lets go enable NetFlow on each interface we want NetFlow from
! lets configure the first interface
Router(config)# interface Ethernet 0/0
Router(config-if)# ip flow ingress
Router(config-if)# ip flow egress
Router(config-if)# exit
! change to a different interface
Router(config)# interface Ethernet 0/1
Router(config-if)# ip flow ingress
Router(config-if)# ip flow egress
Router(config-if)# exit
! commit the above to memory if you want to keep the configuration

The above assumes that you have enough knowledge of your Cisco device to determine things that need personalized (collector address, interfaces etc…). Now that we have the device exporting flow data, we will look at examples of analysis (we will address setting up a collector in the next post, this was just to give an idea of how to use netflow).
When you first get netflow up and running somewhere on your network, you should use whatever tool you decide to use for analysis to start building a profile of what is normal behavior on your network. I like open source tools so I prefer to use the OSU Flow Tools package for collection and analysis complemented by the Flow Extract package. To build a baseline of what your machines might do, build basic versions of workstations, webservers, database servers etc… build as much as you can and profile each one individually. Watch what happens to the flows as you do things like browse a web page, initiate a database connection from a webserver the more things you do and watch the more you will be able to spot anomalous traffic. These are just meant as things to think about, I will write up some posts documenting the installation of the collectors, storage and analysis systems using open source tools or you can jump ahead and do it yourself and start playing.

Over the course of the past year, I have been working as an IT director for an internet marketing company. This has allowed me to continue working technology but to see my tools through a new set of eyes, but it has not precluded me from seeing other peoples tool sets with an old set of eyes. I remember when I first learned that the bulk of compromises came from malware created by people searching for exploit kids and available loaders and packaging them up… these people were often referred to as “script kiddies”. One of the things that hit me while in my current job is that the exploit code could be found by simply searching Google for it and indeed many did just that.

Google Adwords is a text based ad platform which allows you to place your ads above and to the right of search results. Basically, if you want to insure that your link will be found on a search you bid on the keywords or phrase and then your ad will display for that (assuming your bid won). That turns a search query into a product and as such it must have a quantifiable value, for this we use the Keyword Tool. The Adwords Keyword Tool allows you to input a bunch of phrases and it tells you how many searches were run for those phrases in the last month. This allows you to generate a value for your search term.
The version of “threat model” which I like to use is from Richard Bejtlichs book The Tao of Network Security Monitoring (Amazon affiliate link). This model has us assigning a value in a numeric scale to: The threat, Vulnerability, and the Asset value and then multiplying them to determine a value for our risk. So using the Adwords Keyword Tool allows us to better quantify the “threat” posed by a vulnerability by obtaining data on how many people are searching for an exploit to our vulnerability (pair that with whether or not an exploit is known to exist).
To give an example I’ll use MS10-090 which is a “remote code execution” vulnerability in Internet Explorer. First, we’ll look at Microsofts page about MS10-090 which doesn’t yield much in the way of good material for a vulnerability search. So, the next stop is the CVE site for this vulnerability. Using that page we come up with this list of keywords:

• CVE-2010-3962
• EXPLOIT-DB:15418
• EXPLOIT-DB:15421

Which yield the following results:

Knowing that it was searched by CVE with the word exploit, tells us that it is interesting. Knowing that a variety of search terms probably also work tells us the number could be higher than the 210 that we see there. We can either assume a high value for the threat or research more search terms to get a better picture. Either way when we tell the CEO tomorrow that the risk level is “elevated” we can have an excellent piece of supporting documentation in our hands. What additional tools do you include in your threat modeling toolset?

Network security is an afterthought or an add on. How many times have you heard that? I’m going to frame this article (possibly series) for someone who is building a new data center. I won’t get into the physical security aspect of it, because that will differ from site to site but that doesn’t negate the importance of it. Most pieces of network architecture are very vulnerable to physical attacks so be sure to properly plan that based on your specific threat model.

The normal operation of a networked computer has specific behaviors which, over time we can learn to recognize. With proper planning, we can build our data center to facilitate the generation of and utilization of logs pertaining to the behavior of the machines, Using these logs and our own knowledge if proper patterns. An example of aberrant behavior that would have alerted us to an attack would be any one of a number of worms from the late 90s. These worms were hard coded to use specific DNS servers instead of using the compromised machines resolver and thus the native DNS server for the host network. This would cause anyone monitoring the network to notice sudden DNS calls to other DNS servers. To allow this behavior to be caught, two things would need to be present on our network. First, the network would need to have assigned values for necessary infrastructure such as DNS (we couldn’t identify anomalous traffic if we don’t define normal traffic). Second, the network traffic has to be capable of being logged or analyzed in real time.
There are a variety of ways for traffic to be logged or analyzed. One method is to configure a span port on your switch, which will mirror all of the traffic for the network within that switch. This mirrored traffic can either be sent to something which can record or summarize it, or it can be sent to some type of real time sensor. Summarized traffic from a switch or router is usually referred to as flow data. Net flows are a type of internal accounting that routers used to communicate between each other regarding traffic. A netflow would contain at a minimum: source ip, destination ip, timestamp source interface and destination interface as well source port and destination port. In addition to being created by a device external to the switch or router, Cisco layer 3 devices (including some 3xxx series switches) can send netflows over UDP to a collector. Having the device send flows is especially good if the collector is not in close proximity to the switch. Netflow auditing adds roughly 0.8% to the overall traffic on a network and is thus unlikely to cause any congestion issues.
Now we have a way of identifying anomalous traffic on the network, however we don’t have a way to tie any traffic to a machine on the network. This is yet another area where physical design of your network should have attention paid to it. Each physical jack in the areas that your data center serves should be clearly labelled with some type of code, that code should exist as a pair with the switch and port number that it is connected to. Using SNMP traps we can get the mac address of any machine that connects to the network as well as what switch/port number it is connected to. Using the network jack/switch-port key pairs we can then tell what mac address is on that port. We can use RARP to get a mac address from an ip address or better still if we control the DHCP server we can query the DHCP logs and find it (if it used DHCP).
That gives us two major design features to make our data center network security friendly, we should also design our network to mitigate threats where possible. A threat model has the following components: threat, vulnerability, asset value and risk. Risk is computed by assigning a numeric value to threat, vulnerability and asset value then multiplying the 3 numbers. Reducing any of those values will reduce the overall threat.
Creating VLANs (networks separated by a layer 3 gateway) for different asset types and their consumers will mitigate the amount of access an intruder would have if he were to gain access to the network. Additionally, Unix machines could be multi homed with one nic being on a public network and only critical applications are available on it and the other would be a management network and all management applications would use that network. Remember when planning out VLANs they must either all exist on a switch which can perform layer 3 tasks (routing) or you will need a router with an interface for each VLAN.
Using these principles is a good start to building a network which can be easily monitored and also has some security built into it. What other principles could be added to this?

When I think of counter terrorism or executive protection I think of “hard assets”, corporations spend money hand over foot to protect so called hard assets. They tend to place the utmost emphasis on protecting physical leadership, followed by a secondary emphasis on physical infrastructure (buildings and the like). While many people may read that and think “of course they do, they have an obligation to those people”, that is true. They are obligated to protect people who may fall into harms way due to their involvement with the corporation, but not necessarily for altruistic reasons. Corporations have a fiduciary responsibility to protect what they see as their most important assets, and that is a strong motivator in assigning protection dollars.

Often, the money spent on executive protection is spent on the services of a provider that specializes in that skillset. The thinking is that an airline or a telecom do not have the resources in house to develop and train operatives for this purpose. That thinking is very logical and well placed. Companies specializing in counter terrorism and executive protection put their operatives through very rigorous training so that they can say with confidence “we can protect your assets in a variety of high stress situations”. Indeed many of these companies put their operatives through driving courses, hand to hand courses, tactical courses involving teams and shootouts with good and bad guys on the range. Every scenario they can imagine is rehearsed and rehashed until the operative can stay several moves ahead of the situation mentally.
That’s great for hard targets, but in this day and age information is just as vital and important as hard infrastructure and even as important as human resources. Given that fact it is surprising to think that “data protection” is not seen in the same light as executive protection, instead data security is a secondary function now elevated by buzzwords to a primary position. Prior to 9/11 data security was assumed to be handled by a system administrator and was a very low priority. In the grand scheme of things, this would be akin to giving a loaded firearm to the office manager and telling him/her that “you are also in charge of security for the office”. After 9/11 stakeholders met with each other and determined what their most critical data points were and then a rush of vendors put out products to sell that would cover those. Additionally, there were many legislative standards that received more push initiatives like HIPAA and PCI gave management a box to check that they were secure. The additional attention caused companies to create “security administrator” positions and “Chief Security Officers” these positions were little more than previous IT positions in many of the cases, but due to “security” in the title they became a fast track to more senior positions including CIO/CTO.
I think the time has come to see more advertising for counter terrorism standards in the data protection realm. CT operatives fire thousands of shots, back track through every training failure etc… to provide themselves with the most superior background possible. I think we should have courses where the “electronic warfare operative” to be is given constant rigorous testing scenarios to develop the fast paced analytic skills necessary to properly secure the company’s electronic assets in an emergency situation.
Gone are the days that firewalls, SNORT sensors and ACLs can secure your network. We need to be anticipating threats, watching traffic for patterns etc… The reasons for this are many. First, the government should not have to provide all forms of infrastructure security. The private sector should be footing the bill for policing their networks. Second, if for example a telecom has an organized group communicating over their devices and they identify the suspicious behavior that frees the government to act on that info instead of using all their resources simply to detect it. Additionally, if that group does some untoward act against the company’s constituents that act will tarnish the brand at a minimum and at a maximum it may force liability on them. The corporate responsibility to the board should demand a new approach to information security or data protection.
What protective measures do you think work (or don’t) in post 9/11 society?

URL shorteners are ubiquitous in social media circles, without them over half of a single tweet could just be a link with little room for commentary. When we use these services, we are inadvertently wasting precious branding space for another brand. Additionally, we are surrendering a lot of analytic data to their companies without thought for what we might be losing. I’ve decided that I am going to start using my own URL shortener and find out how much additional data can be gained.

The concept of a URL shortener is very simple. You use a short domain name to start with (or a long one if you choose). A PHP program creates a random string to act as the URI. When the link hits the shortening service the URI is rewritten into the name of the location application plus the URI as an argument. The URI is used as a key to find the long URL in the database and the server issues a 301 or a 307 redirect to the original page.

This sequence of events allows us access to the complete headers, including IP address etc… We can also create multiple links so we can backtrack to the source and gauge success of various campaigns. If you are interested in trying this yourself, I am using Yourls for my shortening service. This is yet another great reason to host your blog and other activities on the cloud.

Managing an outreach program (such as Twitter) for your brand or company can be very rewarding. Maybe. Sometimes. Well, sort of. Mostly, that activity can be frustrating. What should you tweet about? Who should you tweet to?

These questions have a lot of speculative answers that enjoy varying degrees of success. The people who are good at it, often have a knack for it as well as some secrets. I have tried for a while to master their secrets and gain their “knack”. People like Nat Finn, Douglas Karr and Dave Woodson seem to just know the pulse of their communities. More importantly, they know how to build them. Recently however, I had an epiphany and that is that I am not them. That’s right, maybe in the process of shifting gears and doing something else I will become a kingly content creator, but at the moment I am not one and that is ok. They are not me either. In 2011 my goal is to use my technical skills to address the kind of things that people like them would like to see. I am going to create the kind of tools that help people like me do what those people do while at the same time amplifying what those people do to a whole new level.

So here goes, this is a technological strategy that is hatching in my head. I am going to build it myself and document it here so you all can benefit from it ( am stealing the idea of giving away awesomeness from Chris Brogan).

We are going to leave the speculative part of “whom to tweet to” as an exercise for the reader and we are going to assume that the reader is using some technologies that are already implemented (I will come back in later posts and get everyone to speed).

What We Know

We are using Google Analytics, we are also closely monitoring conversion rates. We probably even have a good e-mail campaign management platform that ties right into our CRM. We also are using Twitter as that is what this post is mostly going to cover. I am also going to assume that we are now hosting our own site – yep. Hosting your own site opens an analytic world hitherto unimagined to the untrained. Do it. To the cloud…. So we also have access logs, referring URLs etc…

What That Gives US

• Google Analytics can give us a ton of insights and they have an API. Explore it.
• E-Mail Campaign software allows us to store e-mail addresses and break them down into market segments. Hopefully the one we use is extensible, I recommend Interspire
• Using the CRM we can identify amount of products sold by geographical boundaries, sex and perhaps a few others
• The access logs can be run against a Geo-IP service to figure out regional conversion rates (you could also do this through Google Analytics)

Where We Can Go From Here

Rapleaf

Rapleaf is an online data aggregation site and can turn an e-mail address into varying degrees of data (based on whether or not you use it as a premium service). The data they provide can help you further break your e-mail list into functional segments and give you the twitter name associated with that address.

OpenX

Running our own ad server will allow us to put custom ads on our E-Mail list, okay fine we don’t need our own to do that, or do we? Serving the ads from our own server allows us to know exactly who clicks which ad and when. Additionally, we have total control of the ad pool. If you don’t want to put an ad on your newsletter you could just use a tracking pixel.

URL Shortener

You cold use a commercial shortener and for a fee, someone will share a fraction of the marketing insights that you give them for free. Nope, not in 2011. We will use our own (or maybe a community one). Using our own URL shortening platform allows us to go deep on the insights (and promote our brand). When we have an important tweet that is going out on a schedule we can create a different link for each successive send and then we would know which tweets people clicked on the most. We could gain insight as to how many times to send it before it becomes annoying and dead in the stream. Remember, every new piece of data that this technology gets us is being stored in the database and helps us to create new ways of segmenting our customers.

Twitter

Be following all of these people and databasing the tweets. We will try to find software to trend the segments or if necessary we will write some later. If we knew what was trending in each of our segments, that would be really good.

Using Our Newly Segmented Database

A simple first task would be to define a few segments and then count the numbers. The one with the most is your best performing segment and tells you WHO is most likely to buy your product. The one with the least needs the MOST work. So we want to develop an engagement strategy for each segment. We don’t want to just tweet whatever Twitter says is trending because that homogenizes the entire Twittersphere and we just finished undoing that. This is an ideal time to call any of the people mentioned in the beginning of this post.

If you are interested in how any of that works, please post a question in the comments. If there is interest I will continue on with how to implement some of this stuff.

I’m going to start this post with a bit of disclosure. After I got an S2H Replay, to try out for myself I decided that everyone should get these for all the kids they know and because of that, I decided to promote them as an affiliate. Now that I have that out of the way, let me tell you about this great company and this great product.

The Replay looks like a typical kids wrist watch, it is available in an assortment of sizes and colors. However, it is anything but typical. The watch has the ability to monitor activity – and this is where the magic starts. The screen has for progress bars, each representing fifteen minutes of time. As activity is detected, the progress bars fill up. I am certain that when I was a kid that mesmerizing little bit of magic would have been enough for me, but not todays kids. That’s right…. there’s more. When all four progress bars fill (one hour of activity) the face will display a 12 digit code. Here is where the modern child is caught. The code can be entered into the S2H website, where the child has a profile setup, and is worth 60 points. The maker has partnered with a variety of brands to offer gift cards and other amusements in exchange for points. Your child can earn up to $200 in gift cards a year with their Replay Watch!!

The profile they setup on the website is fairly harmless, they get a username and there is no chat function or anything like that. However, there is a “Leaderboard” like on Foursquare so the competitive nature in some of them can really be rewarded by shooting for top spots on that. Having watched my kids sit around and be “bored” I am excited and really hoping to see this make a difference. Additionally, I am hoping that the work they do to earn their Best Buy, Amazon or X-Box Live cards (and many more choices) will help give them an appreciation of the value that work places behind money.

I am telling you as an adult role model, I believe this is one of the best gifts we can give kids. I hope that S2H continues to develop similar products and that it inspires a genre of interactive/athletic toys.

In this economy, many people are finding themselves without health insurance. Even though the Federal Government is stating that we must all have insurance, the fact is many people are without. A new option for these people is coming on the radar. These people are forced to live in fear of getting sick, but now with telemedicine many illnesses can be handled for about the price of an average copay. These services create networks of Doctors who tie into a common infrastructure to offer basic services online or by phone. One such service is provided by a client of the company I work for and it is called myRealMD.

myRealMD offers options for single people and or families to receive quality non-emergency medical care. The service is capable of providing prescriptions (non-narcotic) to treat ailments that they are capable of diagnosing in their setting. Additionally, if you have medical questions which do not require being seen (for example I have symptoms X,Y and Z could I have this disease?) those can be sent via e-mail and answered by a physician, allowing you to determine from them what additional care you seek.

I have good health insurance, but I have still signed my family up for this service. When one of my kids is sick, I can initiate a consultation from my computer and carry on my evening at home until the doctor is available. When the virtual visit is over, the prescription is faxed to my local pharmacy. I just have to go in and pick it up (Fagens will even deliver it for a nominal charge).

I think that one of the best things I look forward to with telemedicine is that by redefining a doctors business model they are going to reintroduce competition to the field of medicine and we may look forward to a reemergence of a focus on quality health care. Additionally, the fact that this is so affordable I think will drive plans and charities to be organized around it. The future of medicine is wide open. How do you think this will affect the medical industry?