In addition to your BBS configuration, you should also secure the BBS software and data files at the operating system level. This is especially important because users will be connecting to your server directly; therefore it makes sense to ensure users cannot damage your computer by accessing resources outside of the BBS.
Windows 95, Windows 98 and Windows ME are not supported.
Windows XP Home Edition will run the BBS software but is not recommended due to its disabled security administration tools. If you run under Windows XP Home Edition, be especially diligent in running a firewall and monitoring your system for intrusion. Home Edition does not provide many tools for managing security.
All of the best practices for Windows Server 2003 also apply to Windows XP Professional Edition. However, you should disable simplified file sharing (at least temporarily). You need to set permissions at the file system level. You can always re-enable the simplified view after securing the BBS software.
You should install a firewall if you will be accepting Telnet connections from the Internet (actually, you should install a firewall no matter what). You will need to open Telnet port 23 (or the port you configure in the software) for incoming connections.
The BBS service should run under the Network User account. Do not run the service under an account with administrative permissions to your server. The Network User account has the ability to connect to the network (for accepting new users) but cannot otherwise access resources on your server without your explicit permission.
Ensure that only administrators can modify the contents of the Bin folder. The background service does not have a need to modify this folder; neither do you except when upgrading or installing new add-on modules. By making this folder read-only, you help stop a hacker from installing new executable files.