The outside

An attacker must attempt to garner information on your machine remotely. This can easily be defeated by disabling unused services, and especially services which give out system information. i.e. finger, rusers, etc..
This allows you to create a very narrow set of break points for your system security. When these points are monitored by logging routines it becomes very easy to detect an attempted breakin.

The inside

If an attacker has a user account on the system, he can easily monitor usage patterns on a machine. Look for misconfigurations on programs that are used. It should be noted that securing a machine internally is VERY VERY difficult.

Which way do you want an attacker to come at your machine?

Do not give accounts out to people that you do not know and trust personally. If you do, then you have handed them the keys to your system.

Some common occurances are...

Friend of a friend of a ...

Your good friend has this friend he knows from another college who wants an account on your machine because he heard it was real cool and all. Well, wanting to make your friend happy and to show off to this guy you decide to give him an account. You have now placed all of your faith in your friends trust of this person.

IRC

Your new to some channel and really want to start getting included in the conversations. You have really good stuff to say don't you?? Well, along the way one of the active members on the channel asks you for an account because he needs to do some work. He'd really be greatful and starts to discuss things with you that go along with the channels topic. This guy is so nice to you that you decide to give him an account.

Now you have 400Megs of Warez and other assorted goodies on your machine.

Or even worse, you have legions of users all logging in through this one account and using it as a launch of point to break into other machines. Guess who gets the heat when they trace it back?