An integral part in operating a bulletin board system is the security of the system. You need to be able to control what actions or commands a user can execute based on their security level. In fact, you should use security levels to determine what a user can do while online.

If you allow unauthorized users to access SysOp related commands they could do a great deal of damage to your system. That is why it is so important that you properly protect these commands with a security enabling only authorized users access to the SysOp commands.

Some commands can be more dangerous than others if put in the wrong hands.
Therefore, PCBoard enables you to specify the security level required to execute each SysOp related function. A command like the 11 which displays information about the callers currently online would not be as dangerous as the 9 command which enables you to drop to DOS from remote. Careful planning of your SysOp security levels and making sure you trust the users whom you give access to is the best way to prevent unauthorized users from accessing sensitive commands.

There are two sections in PCBSetup that you will use to determine the security levels that protect SysOp commands and functions. These sections are found by selecting Security Levels from the Main Menu of PCBSetup. From there you can choose to define security levels for SysOp Functions or SysOp Commands

The user in record #1 of the USERS file is considered to be the Main SysOp.
This record has certain privileges that are not associated with any other record. For example, when you select Sysop - Busy or Sysop - Not Busy from the call-waiting screen the user in record #1 is logged into the system.

In addition, the user in record #1 is the only user that can join a conference even if they are not registered in the conference or do not have sufficient security to join the conference.

There are no back-doors which users can log into PCBoard and gain SysOp access. The only way a user may log in using a SysOp account is to know the name of the account to log in under and the password for that account.
Therefore, it is very important for you to change your password frequently to prevent an unauthorized user from hacking your account.

To prevent users from knowing the name of the user in record #1 of the USERS file, you can answer N to the User Real Name question in PCBSetup > Sysop Information. If you do this, you will simply be known as SYSOP on the BBS.
Any messages that you enter on the system will be from SYSOP and when a user displays who is online you will be listed as SYSOP.

You could then have a different name in record #1 of the USERS file which means that a user attempting to hack your account would need to know two items of information – your user name and your password. To prevent a breech in security, PCBoard will not allow a user to login with a user name of SYSOP.

PCBoard provides a method to protect any filename that is available for download by security level, password or both. This protection is done via the FSEC file which can be edited from PCBSetup > File Locations > Configuration Files. If you have sensitive files online, you should use the FSEC file to protect those files. As an example, if you want to protect the filename SENS0001.ARJ so only users with a security level greater than 100 and those that know the password can download it, make an entry like the following in your FSEC file:

        Drive \ Path              File Name    Sec     Password

——————————– ————– —– ————–

                                  SENS0001.ARJ   100   ENTER_THISPW

The FSEC file is discussed in more depth in the PCBSetup chapter of this manual.

PCBoard also provides a method to protect files from being uploaded to the system. Uploading files does not usually present a problem to system security however PCBoard still provides the capability. This protection is done via the UPSEC file which can be edited from PCBSetup > File Locations > Configuration Files.

A good example would be if you were just informed that a file called VIRALM33.LZH contained a virus and was being distributed around your area.
To protect this file from being uploaded, you could make the following entry in your UPSEC file:

        Drive \ Path              File Name    Sec     Password

——————————– ————– —– ————–

                                  VIRALM33.LZH   255

With this entry a user must have a security level of 255 or higher in order to upload the VIRALM33.LZH file to your system. Since it is quite likely that not many users have a security level of 255 on your system, it would be safe to assume that the file could not be uploaded to your system. The UPSEC file is discussed in greater detail in the PCBSetup chapter of this manual.