This is the second in a series of four articles on remote computing.

Anytime a computer is connected to the Internet, the risk of attack exists. According to the Computer Emergency Response Team (CERT), there were more than 21,000 incidents in 2000. This represents more than a 100% increase over the number of incidents reported in 1999 and an over 600% increase over the number of incidents reported in 1998. Note that the CERT Coordination Center (www.cert.org), located at Software Engineering Institute operated by Carnegie Mellon University, is the leading worldwide source of Internet security information.

As the CERT numbers show, Internet security is a growing concern. Both business networks and individuals are at risk. Even on dial-up links, precaution should be exercised. Three security options will be discussed in this article: firewalls, encryption, and virtual private networks.

Firewalls

Firewalls are designed to protect computers from security breaches. A firewall can protect a single computer, or it can be configured to protect all the computers on a network. Firewalls can be hardware based or software based. A hardware-based firewall is a separate device between the computer and the Internet connection. A software-based firewall is software loaded on the computer that is connected to the Internet.

For most business applications, including those for telecommuters, hardware-based firewalls are the best solutions. Hardware-based firewalls generally provide a higher level of protection than software solutions. Another advantage is that they do not draw down the resources of the user's computer. Many of these products are so simple to install and use that a computer-literate user can install the device in less than 30 minutes. However, under a few conditions, most notably with DSL (Digital Subscriber Line), outsourced technical help may be required.

We recommend products from such vendors as Sonic Wall, LinkSys, 3Com, Intel, and others that have appliance firewalls in their product mix. An example product for a home user might be a Sonic Wall SOHO 10. These products typically cost $200 to $700, but very sophisticated versions might cost $2,000 to $9,000. The firewalls used in a main office should be faster and more capable. An example of this type of firewall today would be the Sonic Wall Pro. This product can support up to 1,000 users and offers other features, such as content filtering, virus scanning, and the ability to implement a Virtual Private Network (VPN).

On the home or mobile user side of this formula, there are several small units available that are about the size of a VHS videocassette. SonicWall has a Telecommuter, SOHO 10, and SOHO 50 version of their firewall. The Telecommuter or SOHO 10 units are quite affordable for a single home user or a small, remote office LAN (local area network). Occasionally we recommend that mobile workers carry this type of product if they frequently have access to high speed Internet, and want to protect their system with their own firewall.

Firewalls can also be implemented in software with three popular choices: Norton Internet Security Suite, Blacklce Defender, and ZoneAlarm. These software products protect an individual machine but can cause some operational difficulty for the end user. Further, because the attack is stopped at the machine level, the attacker already has reached the machine at the hardware, operating system, or application software level. These products provide a safe enough barrier but must be monitored for upgrades or changes because new hacker tools can put these software products at risk. Appliance firewalls also need their software upgraded routinely to close newly found vulnerabilities. You should choose either a hardware- or software-based solution to protect your internal and external resources.

Encryption

In addition to protecting the office network and the remote user's computer from network attacks, remote users need to be concerned about the security of information transmitted over the Internet. Failing to use some type of encryption technology when transmitting information over the Internet results in an unacceptable level of risk that potentially compromises the confidentiality of client information.

E-mail communications that are not encrypted are particularly easy for numerous other individuals to read. The risk is so great that it is simply not appropriate to send confidential client information using unencrypted e-mail. Fortunately, an inexpensive, easy-to-implement solution exists. In conjunction with digital IDs that cost only about $15 per user per year, e-mail can easily be protected. The catch is that both parties must obtain and implement digital IDs. For more information on obtaining and implementing secure encrypted e-mail, visit the VeriSign products and services page at www.verisign.com/products/classl/index.html. VeriSign is a leading source for class 1 digital IDs.

Virtual private network

For communications other than e-mail between remote users and the office network, a VPN is often a good solution. VPNs allow remote users to use the Internet in a secure, encrypted fashion to connect the office network to workers outside the office. This outside connection could be another network or an individual on the road. VPNs are faster when implemented in hardware, such as a firewall or router. VPNs can also be implemented in software on individual computers.

When a VPN is implemented, your remote worker or remote office can use the network in the main office transparently; that is, as if they are all on the same network. The VPN extends the reach of your LAN securely. With client-server applications, this technology is very effective. A caveat, however, is that with traditional PC applications it is slower than we prefer.

A good approach to implementing a VPN is to have a major firewall in the main office location with VPN software installed, and to have smaller appliance firewalls in remote locations and home offices. If mobile workers are willing to carry some support hardware, appliance firewalls can also be used on the road. However, most users don't want the extra bulk, and it is all right to allow this style of user to implement a VPN in software. A key technology to watch for is IPSec. This technology began to stabilize a few years ago and is quite good, quick, and secure. You should make sure that you implement IPSec V6.

Conclusion

Failing to take adequate measures to protect against network attacks and to protect the confidentiality of data transferred over the Internet represents an unacceptable level of risk. The confidentiality of client information and the reputation of the firm are at stake. Internet crime is real and is growing at an alarming rate. Those who fail to adopt adequate control procedures are likely to regret their negligence.

By Randolph P. Johnston, executive vice president, and William C. Fleenor, CPA, chief financial officer, K2 Enterprises, Hammond, Louisiana. K2 Enterprises provides technology CPE for CPAs.