We looked hard. No firewall. The server was connected directly to the Internet, public IP and all, with no firewall as protection.

"OK," I said. "We gotta -- "

"No way," he interrupted me, an expression of terror on his face. "I'm not touching this thing again until I have to."

Well, he was the boss. We went about our business, and for a while the server ran fine. Then, a couple of months later, we received a call from the university's Information Security department. Apparently their intrusion-detection system was picking up traffic on the network that suggested our NT4 server had been hacked.

Information Security took the machine -- bringing down the database and other network systems -- and performed a forensic analysis; the FBI even got involved. They concluded that the personal data on the server had been compromised.