The ethernet is extremly vulnerable to attacks from malicious users. Anybody who can gain direct access to an ethernet segment, can easily monitor all traffic and inject forged data. This is very dangerous, because many protocols transfer data either un-encoded or in easily decipherable form. Also, authorization is often based on the assumption that the return address or a session id can be trusted, but this is no longer true if users gain unlimited access to the ethernet; it does not really matter if this access is achieved by having physical control over part of the network or by running a compromised or inherently insecure operating system. There are various attacks from machines that are not directly connected to your ethernet segment, but the majority of them can be prevented by installing and maintaining a properly configured firewall. For more information, you should regularly monitor security related newsgroups and mailinglists.