One thing to keep in mind is that it is often to ensure that intruders = can't do anything on a system rather than try to prevent them from = intruding in the first place. =20 If you break into a safe, and there is nothing there....you leave. This angle works for many businesses and users. However..... financial institutions, governments, military, research organizations = have more at stake. =20 So what needs to be done are two steps. 1 Assess the risks: Conduct a through risk assessment. What = cost/damage/etc. can an intruder cause on a system? =20 2 Assess the threats: Conduct a through threat assessment. Where = might intruders come from? Is there a possibility of financial gain = that might attract "professional" hackers or "information warriors"? Some of my clients have a minimum level of security to secure against = the "average" hacker. These clients have no exposure if compromised. = Other clients have levels of security that utilize bio-metric secured = workstations. =20 Thanks=20 Paul G. Seldes Transaction Information Systems 111 Broadway, 10th floor New York, NY 10006 212-962-1550 http://www.tisny.com