Possibilities
Move ~50 purchasers & planners into BSD, ~ $12K
Provide a router with ACLs (cannot be stateful) for BSD to block:
- telnet in to BSD, r*, ftp in to BSD, NIS (via portmapper)
- DECnet, IPX (does Flex server use this?), AppleTalk (only IP printers in BSD)
- NT networking, ie.135-139
Buy a firewall which supports stateful blocking [s] ~ $12K
Put all BSD on switches (avoid sniffing, can block snmp), cost ~ $45K