Remote Accessibility Revisited


I believe “ Remote—But Connected ” ( JofA , Mar.02, page 63) contained a number of inaccuracies, which I would like to address:

The article said firewall installation is an easy do-it-yourself project (page 65). While some installations are relatively straightforward, a professional should be consulted when you have valuable, sensitive information—such as client data—to protect. Knowing how to construct the proper rule base, configure network address translation, harden the underlying operating system and test the firewall’s effectiveness requires an experienced security engineer.

The article also said that setting up a virtual private network (VPN) is quite simple. This would be true if you were a certified network engineer, understood network address translation, routing, IP and were conversant in that vendor’s software and hardware. Having the telephone number of the telco’s senior technical support engineer would also help.

The definition of IPSec was incorrect. IPSec stands for Internet Protocol Security, not Internet Protocol Secure. See for some definitions and Internet-Drafts on IPSec and working with VPNs.

A number of the comments about Microsoft terminal server were also incorrect.

Citrix MetaFrame is a feature-rich application that provides many additional benefits to a terminal server installation. However, there are many circumstances where a simple terminal server installation is the perfect solution.

A Citrix implementation will always cost more than just a Microsoft terminal server implementation. Citrix is installed on top of Windows 2000 Server, which includes terminal server. In order to run terminal server, Microsoft requires each computer connecting to the terminal server to have a Microsoft 2000 Server Client Access License (CAL) and one of the following licenses: Windows 2000 Professional, Windows XP Professional or a Microsoft terminal server CAL. When implementing a Citrix MetaFrame solution, the MetaFrame server and client access licenses are an additional cost to the Microsoft licensing.

Citrix MetaFrame does not provide any additional level of security over terminal services. Citrix does not even make this claim.

Having implemented numerous Microsoft terminal server, Citrix WinFrame and Citrix MetaFrame solutions, my experience is that Citrix MetaFrame is not necessarily faster than Microsoft terminal services. The relative speed and performance of each product depend on the applications and solutions implemented as well as available bandwidth.

Michael F. Crowe, CPA

Author’s reply: The observations made in the letter are valid but seem dependent on a framework using much more complex products than we recommend for organizations of less than 200 users.

The way a firm chooses to spend technology dollars can make a big difference in ease of use, ongoing cost and performance. We prefer simple, reliable, fast solutions that require minimal expertise to install and maintain, and our recommendations on the use of appliance firewalls, VPN technology and Citrix Metaframe still stand.

In the computer world, three-letter acronyms (TLA) often have multiple meanings, and it is common for one TLA to have several definitions. Either one for IPSec conveys the key idea of transferring information across the Internet in a secure or encrypted fashion.

Randolph P. Johnston, MCS
Hutchinson, Kansas


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.