I wanted to devote a moment to the discussion of security measures/precautions.

I generally disagree with the concept of a secure machine. I personally believe
that for any coded computer program, there is always another coded program that
acts like a mathematical inverse (basically unravels the program). This is what
I call the worst case for hackers- that is, writing a utility that literally
tears a program in memory apart. However, luckily, virtually no one has the
ability to write a program that could do this and, even if they did, it would
probably require a running time measured in decades. This brings on my concept
of security- creating a system implementation that is so much of a pain and so
slow to break that no one wants to spend that much time on it.

This is what almost all security systems do (ex. DES encryption used by a system
can be 'cracked', but it takes so long that you would need a few years and a
couple of supercomputers to do it.). However, you hear all of the time about
people breaking into systems. Why? Virtually ALL break-ins occur because the
people running the systems and the users are not using the security systems
correctly. In reality, a very simple security system would deter almost all
cracking attempts, but you can't use the system stupidly or less it won't
matter how much security you have- you will be unable to stop a hacker from
getting in. An example of what I am referring to is that many system
administrators have all of these security policies and other useless jargon
that they give to new users (who seldom pay any attention to it) and the new
user ends up doing something like leaving their password blank. This means that
on a non-shadow system, any user could list the password file, see who doesn't
have a password, and start logging in as that person to do evil things.

In effect, what I am saying is that putting in security is not simply installing
a package or even just a one time event. The administrator must ALWAYS keep an
eye out for possible security holes (like wrong permissions on a file or a
program that is setuid root and should not be). Otherwise, it is like putting
a door in the middle of an open field and thinking that everything on your side
of the door is secure. Few people are capable of picking the lock, but anyone
idiot can walk around the side.
