Any links or tips on securing the console of a NetBSD machine?  (Besides
BIOS passwords and disabling floppy/CD-ROM booting.)

I'm already pretty familiar with network security issues but am curious
about the usual steps to tighten up the console as I find this varies
from OS to OS (my experience is mainly with Linux and OpenBSD).

Did some google and list archive searches but there didn't seem to be
many messages on this topic.  I was surprised to find the other day that
(when I turned on IPSec without first creating /etc/ipsec.conf.. which I
thought would fall back reasonably and still boot normally) the console
was by default configured to let me get a root shell without prompting
for the password.  I understand this is probably a safety measure in
case you can't mount some of your filesystems, etc. but I would like to
know if there are any other quirks to watch out for and may wish to
modify as appropriate.

Thanks.