I believe “ Remote—But Connected ” ( JofA , Mar.02, page 63) contained a number of inaccuracies, which I would like to address:
The article said firewall installation is an easy do-it-yourself project (page 65). While some installations are relatively straightforward, a professional should be consulted when you have valuable, sensitive information—such as client data—to protect. Knowing how to construct the proper rule base, configure network address translation, harden the underlying operating system and test the firewall’s effectiveness requires an experienced security engineer.
The article also said that setting up a virtual private network (VPN) is quite simple. This would be true if you were a certified network engineer, understood network address translation, routing, IP and were conversant in that vendor’s software and hardware. Having the telephone number of the telco’s senior technical support engineer would also help.
The definition of IPSec was incorrect. IPSec stands for Internet Protocol Security, not Internet Protocol Secure. See www.ietf.org/html.charters/ipsec-charter.html for some definitions and Internet-Drafts on IPSec and working with VPNs.
A number of the comments about Microsoft terminal server were also incorrect.
Citrix MetaFrame is a feature-rich application that provides many additional benefits to a terminal server installation. However, there are many circumstances where a simple terminal server installation is the perfect solution.
A Citrix implementation will always cost more than just a Microsoft terminal server implementation. Citrix is installed on top of Windows 2000 Server, which includes terminal server. In order to run terminal server, Microsoft requires each computer connecting to the terminal server to have a Microsoft 2000 Server Client Access License (CAL) and one of the following licenses: Windows 2000 Professional, Windows XP Professional or a Microsoft terminal server CAL. When implementing a Citrix MetaFrame solution, the MetaFrame server and client access licenses are an additional cost to the Microsoft licensing.
Citrix MetaFrame does not provide any additional level of security over terminal services. Citrix does not even make this claim.
Having implemented numerous Microsoft terminal server, Citrix WinFrame and Citrix MetaFrame solutions, my experience is that Citrix MetaFrame is not necessarily faster than Microsoft terminal services. The relative speed and performance of each product depend on the applications and solutions implemented as well as available bandwidth.
Michael F. Crowe, CPA
Author’s reply: The observations made in the letter are valid but seem dependent on a framework using much more complex products than we recommend for organizations of less than 200 users.
The way a firm chooses to spend technology dollars can make a big difference in ease of use, ongoing cost and performance. We prefer simple, reliable, fast solutions that require minimal expertise to install and maintain, and our recommendations on the use of appliance firewalls, VPN technology and Citrix Metaframe still stand.
In the computer world, three-letter acronyms (TLA) often have multiple meanings, and it is common for one TLA to have several definitions. Either one for IPSec conveys the key idea of transferring information across the Internet in a secure or encrypted fashion.
Randolph P. Johnston, MCS