wcSECURE BBS Security Hints & Tips! 

Tip #1:  Only use REAL NAMES for logging in.
         BBS's which allow alias names for logging in will have
         tremendous difficulty in keeping track of things.
         Additionally, many kiddie hackers refuse to use their
         real name on BBS's, and as such, won't call those BBS's
         which require them!

Tip #2:  Require REAL phone Numbers & other Caller Information.
         If you get to be a popular BBS, you'll want to be able
         to make sure your caller database is complete, not
         only for the liability concerns, but for security as
         well. 

Tip #3:  Verify your callers!
         How you verify your callers is your choice. Voice verification
         offers a high degree of security for your BBS. Voice 
         verification, plus a screening program, such as wcSECURE
         will give you the most secure environment.

         Part of the reason I created wcSECURE was out of my own
         personal need. I wanted something that would tell me if
         someone was duplicated on the system. There are some
         freeware programs which give you a printout of duplicated
         caller information, but I found these to be difficult
         to use at best. By checking for duplicated information
         from the callers very first call, I found this to be
         highly effective in screening callers. Many callers with
         multi-first names like Richard, were calling back a week or
         so later with RICH, RICK, etc. In the first week of
         beta testing, 2 callers using this approach were accurately
         identifed by wcSECURE. Continued use has shown that numerous
         callers are calling back with variations of their first
         names. Honest mistake or ????


Tip #4.  Have a consistant policy regarding people who try and
         cheat your BBS.
         By always handling the "less than honorable" callers the
         same way, you eliminate the "personal" attack that
         some callers may feel. If you set down the rules, and someone
         violates the rules, they should realize what will happen
         to them and not feel that they are being singled out for
         some reason.

Tip #5.  (WC 4.0x and newer) Place your disclaimer in your QUESNEW
         (New User Questionnaire) file.
         By displaying this file and the all important qualifying
         question "Do you agree to follow the rules" (or what ever
         is correct for your BBS) within the new caller questionnaire,
         you can politely "hang up" on the caller if they answer
         no. What makes this so great, is that the caller is never
         logged into the BBS, and you don't have to worry about them!
         (If you'd like more info on specifically how to do this,
          please feel to contact me!)

Tip #6.  Use Wildcats! Built in fake number screening. 
         When someone logs into your BBS using 111-111-1111 as their
         phone number, Wildcat! will send them a display file,
         then log them off. Wildcat! has this feature fairly well
         documented, however, if you'd like help in setting up the
         text file which contains the bogus phone numbers, just
         let me know.

Tip #7.  Use Wildcats! built in alias name filter.
         By requiring real names, you can effectively prevent
         callers using names like "master blaster" or "ghost rider"
         from calling your BBS. Wildcat! does an excellent job
         in this regard, and with a comprehensive filtering file,
         you'll deter most fake names from even logging in!


Tip #8.  Always use Wildcat! BBS software. It not only gives you
         and your callers the easiest BBS to use and operate, it
         also gives you the most secure BBS!


My goal with this hints file, and the program wcSECURE is to give
sysops an edge on the problem callers, that are out there, and that
will try all sorts of things to cheat YOUR BBS. I hope this 
information is helpful, and if you'd like additional help with
BBS security, feel free to contact me (the info is posted in the
SYSOP.DOC file).


Joe Goeller has been a Wildcat! Sysop for 4 years, and has been a
specialist in the area of digital security for nearly a decade.


(Wildcat! is a registered Trade Mark of Mustang Software, Inc)

