Paranoia is Good

    Password file stealing

        Old hat - BSD pwdb avoids it,

        hides passwd encryption from /etc/passwd

        (master.passwd & pwdb only readable by root)

    Password guessing

        hide user names (mail rewriting)

        OpenBSD logs failed logins (by tty/pty)

    Firewall & server machines are not desktops

        very few services

        Not X11

    Buy switches, not hubs