Every player has an identity with which they can join servers. Normally such an identity would be some sort of login information like a forum login or an ID like you would get on steam. IW4x is not able to use such a way of authentication since it is completely decentralized. Instead, the client generates a random, unique identity for each player if they don’t have one yet.
Whenever a player gets banned, their identity gets added to a server-side blacklist which prevents them from joining with that identity again. In order to circumvent such a ban, a player can then create a new identity.
This is where the security level comes in: It determines the level of complexity an identity has to fulfill before it can be seen as an identity that is allowed to join the server. This implies that the client has to do a certain amount of work. The higher the complexity, the more work a client will statistically have to do.
Of course, a client is still able to pregenerate identities to prepare for instant ban evasion. This is where the server admin can reconfigure the security level on their server to a higher value, which automatically invalidates all identities below that level, requiring all clients trying to join to recalculate a valid identity token.
The security level is set to 23 by default, which in average leads to a waiting time of about 30 seconds for the identity token to be calculated.
Go to: Server