On Wed, 2005-03-23 at 17:56, dan wrote: > Hello, all - > > I'm trying to do some research on some of the best practices to > deploying a server that would be on a private LAN. This server would > not have any Internet connectivity - it would be used to facilitate the > workings of a proprietary client program that would contact this server > for specific information. > > I have managed to bring down the install of a FC3 release to just under > 500M. Although I am not satisfied with this yet, that is pretty small > compared to what I've done and seen in the past. I'll keep working on > that one. > > The problem that I'm faced with is that no one should be allowed to > tamper with this server. No one should be able to log in, change > settings, or anything of the like. Most of the things you went on to describe are taken care of by locking the server away and restricting physical access to it. Short of that about all you can do is make is slightly harder for some one to get access into the system. Physical security of computer systems is 90% of the task. The rest is taking care of network and user security. Without physical security there is no way to keep someone that is motivated enough from stealing the system and systematically breaking through any encryption or other security mechanisms you put in place. About the only thing you did not mention was placing an access bomb on the system which would attempt to erase the data during the next boot up if you don't enter a pass phrase. :) And even those can be defeated since most good computer forensic specialists make bit level copies of hard drives prior to trying to access them, and then they don't boot from those drives. There was another thread along the same lines. If you are unable to physically secure the system you might try putting epoxy in the various ports you don't want anyone to have access to. But that is not going to prevent someone from taking the whole system. -- Scot L. Harris webid@xxxxxxxxxx He draweth out the thread of his verbosity finer than the staple of his argument. -- William Shakespeare, "Love's Labour's Lost"