Setting up a BBS. Security questions
05 August 2003, 03:53 PM
#2
Scooby Regular
Join Date: Jun 2003
Location: use the Marauder's Map to find out.
Posts: 2,041
Likes: 0
Received 0 Likes
on
0 Posts
I think I have worked out the answer to this myself, but I'd like to run the situation past people with more knowledge of the subject than I have to see if my thinking is correct or if I have missed anything obvious.
The company I work for has a lot of people such as sales, service and support who tend to be on the road a lot and not in an office very much. Inevitably, they will come across situations where someone else will aready have hit the same problem and will have an answer. The problem is knowing who it will be that has the answer. Rather than phoning around until they find the right person, the solution would seem to be a BBS where questions can be asked. A FAQ section and a "useful downloads" area would also be useful.
I have the option of setting this up as part of the corporate Intranet or renting some Web space and putting it on the Internet.
Pro the Intranet option is that it will be behind the company firewall. Access is then only allowed to legitimate users as authentication will already have taken place before users reach the BBS. Against this is the fact that access when out of an office will only be dial-up. If someone needs to download a 2MB file and only has a 30K line a lot of waiting is involved.
The Internet option allows easier and faster access so that someone needing to check a FAQ or download a file when on a customer site can get access from any PC. Against this is security. I've had a look at phpBB and DiscusWare software which will allow usernames and passwords for access before being able to view anything, however if a casual surfer who hasn't logged on uses Search and gets lucky they will be able to view any messages with the search term in it.
While most of the topics will be fairly boring to any non employee, it could be possible to find company confidential information. (For example, if a competitor knew that there was a BBS they could try addresses like ABCforum.co.uk until they found it. If we were both pitching for business at XYZ plc, they could search for XYZ and might find out information about pre-sales problems we were encountering).
Is there a way to make an Internet BBS secure or is the Intranet option the only answer? Anything I've missed? Any other ideas?
Doug
The company I work for has a lot of people such as sales, service and support who tend to be on the road a lot and not in an office very much. Inevitably, they will come across situations where someone else will aready have hit the same problem and will have an answer. The problem is knowing who it will be that has the answer. Rather than phoning around until they find the right person, the solution would seem to be a BBS where questions can be asked. A FAQ section and a "useful downloads" area would also be useful.
I have the option of setting this up as part of the corporate Intranet or renting some Web space and putting it on the Internet.
Pro the Intranet option is that it will be behind the company firewall. Access is then only allowed to legitimate users as authentication will already have taken place before users reach the BBS. Against this is the fact that access when out of an office will only be dial-up. If someone needs to download a 2MB file and only has a 30K line a lot of waiting is involved.
The Internet option allows easier and faster access so that someone needing to check a FAQ or download a file when on a customer site can get access from any PC. Against this is security. I've had a look at phpBB and DiscusWare software which will allow usernames and passwords for access before being able to view anything, however if a casual surfer who hasn't logged on uses Search and gets lucky they will be able to view any messages with the search term in it.
While most of the topics will be fairly boring to any non employee, it could be possible to find company confidential information. (For example, if a competitor knew that there was a BBS they could try addresses like ABCforum.co.uk until they found it. If we were both pitching for business at XYZ plc, they could search for XYZ and might find out information about pre-sales problems we were encountering).
Is there a way to make an Internet BBS secure or is the Intranet option the only answer? Anything I've missed? Any other ideas?
Doug
05 August 2003, 03:58 PM
#3
Scooby Regular
Thread Starter
There is a 3rd option which is too use a SSL VPN product which will allow you to have all the security of a IPSec VPN client but without the VPN client software. This allows you to access your corporate network from any device with a browser and Internet access. Solutions are available from
Aventail
Netilla which is the one we sell
as well Whale Communications....
Definatly the way forward for remote access solutions.
Jeff
Aventail
Netilla which is the one we sell
as well Whale Communications....
Definatly the way forward for remote access solutions.
Jeff
05 August 2003, 05:27 PM
#6
Scooby Regular
I'd probably use something like Bugzilla instead of a BBS, might be more suited to the task?
You could also just use basic HTTP auth over SSL/TLS and sign your own certificates, since you'll have control over the clients you can include a client cert too, it doesn't matter if there is no CA if its only your employees that'll be using it.
Total cost: £0, but YMMV!
You could also just use basic HTTP auth over SSL/TLS and sign your own certificates, since you'll have control over the clients you can include a client cert too, it doesn't matter if there is no CA if its only your employees that'll be using it.
Total cost: £0, but YMMV!
06 August 2003, 07:06 PM
#7
Scooby Regular
Join Date: Jun 2003
Location: use the Marauder's Map to find out.
Posts: 2,041
Likes: 0
Received 0 Likes
on
0 Posts
Thanks for the replies. As the whole thing is at the "prove it works and we might spend some money" stage, £0 looks better than £6K 
I'll investigate further. Thanks for pointers in the right direction.
Doug
I'll investigate further. Thanks for pointers in the right direction.
Doug
Trending Topics
06 August 2003, 07:17 PM
#8
Scooby Regular
Join Date: Feb 2003
Posts: 1,285
Likes: 0
Received 0 Likes
on
0 Posts
phpNuke
www.whosbest.net has a link somewhere at the bottom of the page and I believe there is a way make a password access area.
www.whosbest.net has a link somewhere at the bottom of the page and I believe there is a way make a password access area.
07 August 2003, 10:54 AM
#9
Scooby Regular
Join Date: Mar 2000
Posts: 2,462
Likes: 0
Received 0 Likes
on
0 Posts
i am sure if you can password protect a directory where the bbs will be on, that should be enuf? for example you could password protect the directory www.yourcompany.co.uk/internal/bbs and put the bbs stuff there. just dont put a link on the main website so your user will have to type in the URL manually or put it in their favourites.
07 August 2003, 11:56 AM
#10
Scooby Regular
Join Date: Jul 2001
Location: deep inside your imagination
Posts: 24,057
Likes: 0
Received 0 Likes
on
0 Posts
you could use vBulletin, which allows you to specify access/viewing/posting rights on a per forum, per usergroup and per user level, so you could set it to only allow access to registered users, thereby shutting out casual surfers who happen across the site. By setting metatags correctly, you should also be able to prevent spiders crawling through the BBS, so topics would not be available on search engines.
You could even make it so your clients have read-only access to pertinent forums if this could prove beneficial to your service.
You could even make it so your clients have read-only access to pertinent forums if this could prove beneficial to your service.
Thread
Thread Starter
Forum
Replies
Last Post
johnnybon
Wheels And Tyres For Sale
7
25 September 2015 07:49 AM
ossett2k2
Engine Management and ECU Remapping
15
23 September 2015 09:11 AM