Telecommute Safely

TECHNOLOGY WORKSHOP

Telecommute Safely

Use Internet technology to keep cost down.

by James P. Davis

Key to Instructions

To help readers follow the instructions in this article, we used two different typefaces:

Boldface type is used to identify the names of icons, agendas and URLs.

Sans serif type shows the names of files and the names of commands and instructions that users should type into the computer.

echnology is shortening the daily office commute and providing a secure and economical link to clients, customers and satellite offices. With just a few keystrokes from a remote location with Internet access, users can link to an office network so that, for all intents and purposes, they’re virtually working in that office. Not only is such a link relatively inexpensive, it provides enhanced communications security.

Does such a link require the installation of a hot, new, expensive technology that requires intensive training of the organization’s staff and information technology experts? Not at all, thanks to virtual private network (VPN), a technology that actually has been around since the mid-1990s but failed to gain popularity because the accounting profession has been slow to adjust to both advanced technology and, oddly enough, to modern management styles. In those “old” days, VPN was still considered high-tech, thus keeping technophobic managers at bay. Also, many older-generation managers distrusted telecommuting, believing that those working out of the office would be laggards and beyond their control. Many of today’s managers now recognize both the efficiencies and economies of telecommuting.

PRIVATE AND PUBLIC LINKS
A VPN is essentially a software or hardware bridge for connecting a remote user to a company’s local area network (LAN), which is a private network, via the Internet, which is a public network. And it does this without compromising privacy. VPN applies protocols for encapsulating and encrypting data flowing between a LAN and a remote computer. The result: It’s as secure as the LAN itself.

A VPN also is far less expensive to set up and operate than its alternative—leased data lines, which would cost, depending on the distance and transmission speed, from a couple of hundred dollars a month to a couple of thousand.

COST AND COMPLEXITY
The cost of a VPN setup depends on how much special hardware is needed and the type of VPN connection desired. Most offices with networks already own most of the necessary components, which include a server (the computer that manages network resources), a router or switch (to distribute files within the network) and a firewall (software or hardware to prevent unauthorized access into or from the network). Most VPN implementations use software set up within the firewall. Also required is an Internet connection. A broadband connection, such as a digital subscriber line (DSL) (from an Internet Service Provider (ISP)) or cable (from a television cable company), is sufficient. A dial-up account is too slow to be usable unless you are deploying special linking software such as Citrix or Microsoft Terminal Server. However, those remote-access solutions are more expensive to implement and maintain. The ISP also must provide a static Internet Protocol (IP) address—a permanent Internet address.

A VPN can be configured for three types of connections:

Remote access. This links a remote user to an organization’s network via its server or desktop PCs and provides full network access from any place with an Internet connection. The user could, among other things, create documents or update an appointment calendar—in short, accomplish any on-site computer-related task. This is the simplest type of VPN to set up.

Intranet connection. This links two or more offices while providing each with access to the organization’s network. Such a connection allows data to be stored and shared from a single access point (the main office) as opposed to maintaining separate and often duplicate information on every satellite office server. A retailer, for example, could maintain a single database of inventory accessible by all remote locations. This arrangement is more complicated and usually requires a consultant to do the setup.

Extranet. Such a link provides secure access directly to another LAN. An accountant could make adjustments to a client’s books instead of relying on the client to post them. This setup also is complex and may require a consultant.

SO WHAT’S THE PRICE TAG?
Assuming a small organization (up to 10 users) has the basic hardware (a LAN, a router and a firewall) and would rather engage a consultant to set it up, the cost can range between $30 and $50 per user. A midsize organization (11–50 users) that wants to connect two remote offices would have to spend between $800 and $1,200. Large operations would pay $2,000 and up. Pricing for installation of these services can vary depending on your location. It doesn’t take extraordinary technical skill to set up a basic VPN configuration as you’ll see in “Setup Time,” at right; however, it is strongly recommended that any remote-access installation be set up by an experienced consultant to make sure all security aspects are given consideration.

Once your VPN is set up, not only will staff members be able to telecommute, but any data stored on the network will be immediately available to all the remote users and any data the remote users produce will be immediately available on the network. That alone will generate huge savings in effort and time, and you’ll wonder why you waited so long.

Setup Time
How to Set Up a Basic VPN Link
Begin by clicking on Start, All Programs, Accessories, Communications, New Connection Wizard.

Then click on Next and select Set up an advanced connection. Click on Next and select Accept incoming connections. Click on Next. Do not select any Connection devices.

Click on Next and select Allow virtual private connection. Click on Next and select the user accounts you want to allow access to your PC. Click on Next and highlight the Internet Protocol. Click on Properties and make sure there is a check next to Allow callers to access my local area network.

Now you must select how remote computers will get IP addresses. Generally, selecting the first option—assigning the addresses via DHCP (Dynamic Host Configuration Protocol)—is sufficient. DHCP is a communications protocol found on most networks; it allows network administrators to manage and automate the assignment of IP addresses in an organization’s network. DHCP allows devices to connect to a network and be automatically assigned an IP address. If you are currently on a network, this service is probably already running. However, if you click on Specify TCP/IP, make sure the range you select follows the same IP scheme as your server. To check the IP scheme for your computer, see the steps found under “How to Check Your IP Address Configuration” at the end of these instructions. When done, click on OK, Next and then on Finish.

The VPN server is now ready for access. Before going online, however, make sure the computer designated as the VPN server has a static IP address and test its security level. Such testing can be done for free through ShieldsUp, a security testing service located on Gibson Research Corp.’s Web site (http://grc.com/default.htm).

Step by Step
Here are the steps to create a VPN connection on your office network or a client/customer’s network.

Begin by clicking on Start, All Programs, Accessories, Communications. Select New Connection Wizard, click on Next, and select Connect to the network at my workplace. Click on Next and select Virtual Private Network connection.

Click on Next and type in a name for the connection (for example, Office).

Click on Next and select Do not dial the initial connection. Click on Next and type in the IP address of the VPN server you wish to connect to (this should be the external IP address of the computer or firewall assigned by your ISP).

Click on Next, and if prompted, choose either Create this connection for anyone or My use. Click on Next and place a check at Add a shortcut to this connection on my desktop and click on Finished.

Click on Start, highlight Connect to and then select Show all connections.

Under Virtual Private Network find your VPN connection (Office or the name you provided). Highlight the connection, right-click on it and select Properties.

Click on the Networking Tab and double-click on the Internet Protocol (TCP/IP).

Caveat: While a VPN provides an inherently secure connection to your office network, failure to maintain security safeguards could expose your network to hackers. However, proven security measures are available to make your system safe. Such measures include the use of strong passwords.

The setups discussed in this article use the TCP/IP protocol, the same protocol used on the Internet. For additional security, protocols such as IPX/SPX or NetBuei can be used.

Click on Advanced and uncheck Use default gateway on remote computer to prevent Internet access issues while using the connection.Click on OK and close all the open windows to return to the desktop.

Double-click on the shortcut and enter the User name and Password (from the list of users you allowed access to during the VPN server setup). Then click on Connect.

During the setup, make sure you use the VPN server or firewall’s external IP address as assigned by your ISP. If the selected computers are behind a firewall, make sure you enable IP Protocol 47 (GRE) and TCP port 1723 in the firewall configuration. Finally, if the computers are behind a firewall/router, you may have to enable port mapping to the VPN server’s IP address. You’ll need to consult your equipment documentation because the instructions will vary depending on the equipment. Once again, be sure to test the installation for security.

How to Check Your IP Address Configuration

Click on Start, Run and type CMD or command at the prompt.

Press Enter and a command window will open. Type ipconfig and press Enter. A list of items will be displayed similar to the following:

Note that the IP address scheme on your network may vary from the above example. The range generally will be the first three sets of numbers and the last set will be between 0 and 255. For this example, the IP address range is from 192.168.1.0 to 192.168.1.255.

James P. Davis, CPA/CITP, is a senior accountant of Colby & Co., PLC, a public accounting and consulting firm in Chesapeake, Va. His e-mail address is jdavis@colbycpa.com.