Paranoia is Good
Password file stealing
Old hat - BSD pwdb avoids it,
hides passwd encryption from /etc/passwd
(master.passwd & pwdb only readable by root)
Password guessing
hide user names (mail rewriting)
OpenBSD logs failed logins (by tty/pty)
Firewall & server machines are not desktops
very few services
Not X11
Buy switches, not hubs