
                - SmartSec Copyright (C) 1993 by Peter Laur -
                    "Extended Security for PCBoard v15.0"

Ŀ
 WHATSNEW V2.00 


  1:    ID check every 50'th call. (configurable)

  2:    ID check when Security Violations exceed 10 in integers. (configurable)

  3:    ID check when Password Failures exceed 5 in integers. (configurable)

  4:    The above tests totaly independent of each other!

  5:    ID check when Connect Speed is not the normal one usually used.

  6:    Retry attempts to answer ID questions. (configurable)

  7:    New Security level wich the user should be "punished" to
        if not succesfull answering the ID (configurable)

  8:    If a user fails once in answering the ID check question, he is forced
        secretly to select a new password the next time he logs on your system.

  9:    Special SysOp security check if you call the system via modem at 
        every time. Bypassed if on locally.

 10:    20 Usernames to BYPASS the SmartSec. (configurable)

 11:    20 Usernames to FORCE into the SmartSec. (configurable)

 12:    Language specific prompts and menus. (configurable)

 13:    Message sent to SysOp incase of user fails. (configurable)

 14:    SmartSec's new data is stored presently in NOTES field line 5.

 15:    Can be installed in any path anywhere together with menus/prompts.

 16:    Makes a self-check to see if required (PSA) and config files are ok.

 17:    All files are opened in "Read-Only" + "Deny Write" mode for full
        network compability.

 18:    All the Beta testing / development is dune in our 11 node Lantastic
        LAN environment for as good results as possible :-)

Ŀ
 WHATSNEW V2.01 


  1:    If a Language specific prompt or menu is missing, the default being
        used is English.

Ŀ
 WHATSNEW V2.02 


  1:    Lantastic & Novell Broadcast messages of ID failures, Punished users
        and WhoCalled logons. (configurable)

  2:    Usernames in WHOCALL.USR to notify SysOp upon login. (configurable)

  3:    Time START & STOP limits for the Network Broadcasts. (configurable)
        (Please only use Military Time in 24hr format - no AM or PM support)

Ŀ
 WHATSNEW V2.03 


  1:    HighSec ID check every XX'th call. Used to rise the level of normal
        security checks made to a higher value - at nights or at any other
        time you might expect "suspicious" users logon. (configurable)

  2:    The HighSec START & STOP times of increased ID checks. (configurable)

  3:    ID check when Conference Violations exceeds 3 in int. (configurable)

  4:    ID check when Download Limits exceeds 10 in integers. (configurable)

  5:    ID check when Upload Verify Failed exceeds 2 in int. (configurable)

  6:    Increased data-fileds in Notes Line 5 to keep the variables. We will
        soon be using our own external indexed database for this information.

  7:    Cleaned up the Code a bit of unecessary spaces & comments. In the near
        future we will leave the PPLC and instead start using MSC 7.0 and the
        PCBoard Developers Kit + our external indexed database to make things
        faster & better. Next release will take a while until finished...

Ŀ
 WHATSNEW V2.04 


  1:    50 Users can now be in any of the BYPASS/FORCE/WHOCALL userfiles.

  2:    Some SysOp's didn't realize that the VERIFICATION field needed to be
        empty to get SmartSec into the newuser mode. This version writes over
        the previous (if any) info in this field with the new selected ID.

Ŀ
 WHATSNEW V2.05 


  1:    Bug-Fix of the routine to update the datafield. This version works
        as it should. If you use v2.03 or 2.04 - change to this one...

Ŀ
 WHATSNEW V2.06 


  1:    TimeLog to keep the Users last 19 times logged on stored in our time
        variables at Notes Line 5, to check if the behavior is changed or 
        within the normal values. No test is made of these new added fields
        until the 19'th and last variable is fully stored. Updated at every
        login to get the latest values to compare with. By using letters we
        have decresed the space needed and can store more logon times. SysOp
        (if local) is always bypassed the TimeLog test.

        Both Military or AM/PM time can be used at the PC. PCBoard converts it
        to HH:MM:SS wich we use. If any problem - please write a message to me
        at Salt Air or send a FidoNet Netmail / InterNet E-mail.

        For example: Starting with 00:00 - 00:59 = A, 01:00 - 01:59 = B, and
        so on... If using Military time, between 16:00 - 16:59 should be stored
        in Notes Line 5 as Q|. Or: 4 PM to 4.59 PM is also Q|.

Ŀ
 WHATSNEW V2.07 


  1:    Some PC's time variables behaved strange, so now SmartSec uses seconds
        after midnight to calculate the time needed for TimeLog. If you didn't
        get v2.06 to work, try this version. If all works OK, everytime you
        login the rightmost datafield in Notes Line 5, should always be updated
        with a letter corresponding to the time you're on.

  2:    In SMART.CFG at the fields for START/STOP of HighSec & the Broadcasts,
        if you cannot get it to work with the time specified as 00:00 - 01:00
        please try 00.00 - 01.00 or whatever your machine uses for time format.

Ŀ
 WHATSNEW V2.08 


  1:    Added 2 fields in the SMART.CFG file for LOWSEC & HIGHSEC to bypass
        SmartSec on certain Security Levels. Usually this is simple to do using
        Security Specific Menus, but some SysOp's who doesn't use this can now
        easily select wich levels to check or not. If a level is bypassed, you
        can force a User into SmartSec by putting he's name in the BYPASS.USR
        file even if he belongs to a LOWSEC & HIGHSEC exception.

        Note: You *must* add line 17 & 18 in SMART.CFG with either LOWSEC &
        HIGHSEC # or NONE as desired. Have a look in the supplied one...

  2:    LOWSEC & HIGSEC Users Datafield in Notes Line 5 are always updated in
        case you change your mind and want them verified bu SmartSec later on.

  3:    Bug-Fix wich could make the DataField displaying something like:
        0|0|0|0|0||||||||||||||||||||  If such a field is discovered, it's 
        fixed and updated correctly to the last entry.

Ŀ
 WHATSNEW V2.09 


  1:    Found out that if a user failed the stated nr of times to answer the
        required ID, and after answering wrong the last time, he could bypass
        the "punishment" down to the lower security level by hanging up
        quickly. Now the Carrier Detect is disabled in SmartSec for a few 
        seconds to make sure this "punishment" is dune correctly before 
        (if carrier lost) the reloading of PCBoard starts.

Ŀ
 WHATSNEW V2.10 


  1:    Added Line 19 in SMART.CFG for predefined # of NUMBERS, CHARACTERS or
        MIXED with minimum input lenght from the user. This means using default
        4 in this field, a user can enter any number between 4 and 25. As more
        combinations - as better. Maximum input lenght is 25.

  2:    Select the ID being a NUMBER, CHARACTER or MIXED with predefined
        minimum lenght. In case you change from the old "default" 4 numbers to
        say 6 characters, all users who doesn't have it must answer the newuser
        ID question again. Look at SMART.CFG Line 20. Note: Default is still
        4 NUMBERS as ID. Don't forget to rewrite menus & prompts if changing...

        Note: If you have used 4 numbers and changes to 6 mixed, this means
        all users NOT having these 6 mixed symbols of characters/numbers has 
        to answer a new ID string. This is working just fine... The problem 
        comes if you want to get back to 4 numbers again. Then you must
        manually clear all users ID field. So simply - if you wanna change,
        keep it this way :-)

  3:    Added Extended Ascii support via the SMART.CFG file line 21. Originaly
        we use English characters but a foreign language can here in this field
        state their local characters.

           Default NUMBERS:
           " -/0123456789"

           Default CHARACTERS:
           " -ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

           Default MIXED:
           " -/0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

           Line 21 Extended HighAscii Swedish:
           ""

        Note: This version of SmartSec is *NOT* CaseSensitive on input from the
        user. I personally think it's too much trouble with this so we convert
        everything to UpperCase when comparing the strings for safety.

   4:   When a user makes the input (NUMBERS, CHARACTERS or MIXED) SmartSec
        compares it with several userfields to assure he doesn't use he's name
        or any previous password or like that. We compare PWD, PWDHISTORY, ZIP,
        USERNAME, CITY, STATE, COUNTRY, HOME & DATA PHONE, STREET 1 & 2 among
        others. This way (hopefully) the user will be forced to select a good
        set of ID numbers or characters. :-)

   5:   TRASHCAN.ID file for non-accepted NUMBERS, CHARACTERS or MIXED as the
        input ID. Can hold 100 lines maximum with Non-Case Sensitive strings.

   6:   PCBoard not giving back memory from the PPE. At my system I have 141Kb
        RAM free when PCBoard is loaded. When SmartSec is runned, it decreses
        to 88Kb, and after exit back to PCBoard it's still 88Kb and *not* 141Kb
        as it should. I have asked David Terry about this but he couldn't find
        out what was wrong. So to "free" the "stolen" memory by SmartSec I've
        made a "dummy" program (half of SmartSec just being used) to be runned
        directly *after* the PPE like below:

        !C:\PCB\PPE\SMART\SMART.PPE
        !C:\PCB\PPE\SMART\FREEMEM.PPE

        This is for now the only solution at my system to free up the memory
        the way PCBoard should do it. Use FREEMEM if you need it... It gives
        back almost every kb of memory. At least better than nothing :-)

Ŀ
 WHATSNEW V2.11 


   1:   Bug-fix of Swap Failure Code: 3  This happends when I used a Shell
        when calling the Lantastic or Novell NET SEND command. Changed it
        back to as it was before. A little bit slower but no failure.
        Below is how it looks at my system:

        **************************************************************
        10-04-93 (12:00) (2) TED ZETTERGREN (14400E) (G) NYLAND
              Caller Number: 85 310
              Caller Security: 103
              Invalid ID number entered (446916)
              Swap Failure Code: 3
              Invalid ID number entered (446916)
              Invalid ID number entered (131144)
              Message Left: Main Menu # 4975
              Invalid ID number entered (691644)
              To many Invalid ID number attempts, Automatic Disconnect
              Minutes Used: 5
        10-04-93 (12:05) (2) TED ZETTERGREN Off Abnormally
        **************************************************************

Ŀ
 WHATSNEW V2.12 


   1:   Fixed so if a user simply presses <ENTER> when asked for ID, he will
        no longer be punished down to the lower SecLevel as before. Simply
        logged of... This goes if he *only* presses <ENTER> and nothing more.
        If he starts with a <ENTER> and continue with the wrong input, he
        will be punished down as earlier.


   2:   In earlier versions of SmartSec IF a user failed even only one time
        to answer the required ID, he was by the program the next day he
        logged on forced to change he's normal password. This is now changed
        so SmartSec now accepts 2 failed attempts before forcing the password
        change next time.


   3:   Cleaned up the code a bit and removed all "ID number" and replaced it
        with "ID strings" so you using CHARACTERS or MIXED have the proper
        thing displayed.

Ŀ
 WHATSNEW V2.13 


  1:  Added logging of the users selected ID string if failed.


  2:  Added logging of the users accepted ID string. Configurable in SMART.CFG
      Line 22 to YES/NO if you don't want it dispalyed.


  3:  Better logging of errors if SmartSec is not configured okay.

Ŀ
 WHATSNEW V2.14 


  1:  SmartSec now displays (UNREGISTERED) when not registered, but are not in
      any way crippled. In future versions when we convert more over to MSC7.0,
      we might make some features avalable only to our registered customers. If
      you want to register please have a look in the supplied file REGISTER.TXT

Ŀ
 WHATSNEW V2.15 


  1:  Failure from my side :-) The v2.14 was never updated (the PPE file), but
      still the old v2.13...  So here is v2.15 wich has some minor fixes + a
      new version of the smartreg.exe program.


  2:  Added logging of Newusers in SmartSec for the first time.

Ŀ
 WHATSNEW V2.16 


  1:  CLS on the screen after executing SMARTREG.EXE instead of SAVESCRN.


  2:  Added 1 extra field at Notes 5 to see if a user hangs-up when verifying.
      Before, if checked at the stated intervals, a user could simply press
      enter and continue to do so until SmartSec disconnected him. Then the
      next time (when it wasn't say the 50'th call - but 51'th) he could
      escape the verification. Now we use this extra field to set a "0" if
      all is okay, but "1" if the verification process has started. So IF
      he hangs up - the "1" is still there and the next time he logs on
      SmartSec forces him to verify again. This field is only cleared with
      a "0" if a verification is successful and finished nicely.

      This "work-around" has to be made because PCBoard & PPLC does not permit
      manipulation to change the u_logons() parameter, the same with the
      Statistic PSA or Password History. Hope PPLC in future versions permits
      the same options as when running PCBSM manually...

Ŀ



      Note: When updating - change also the FREEMEM.PPE to the new version
            and be sure the SMART.CFG file has the same number of lines as
            this one supplied.
