My /400 sits on an internal network. - There is no Internet access from the /400 but there is Internet access through a firewall from PCs on the same internal network. - The /400's modems are set up for dial out only. In order to connect to the /400 remotely, someone must dial in to a secure server then connect to the /400. - There are approximately 13,000 other machines on the internal network. These may be PCs, various flavors of UNIX, mainframes, etc. (basically any kind of OS available) With these facts in mind, do you think I should turn on IP security? Our main security currently is simple UserID/Password security with object security after sign-on (level 40), along with several FTP, ODBC, Remote Command exit programs. Your opinions please! Thanks, Steve