Preventing theft of data on remotely deployed servers exposed to physical access [closed]

security linux

I am trying to think of a way to secure Linux servers that are exposed to physical access. My specific platform are small form factor Linux servers on a PC Engines brand alix2d13 mother board. The small size presents an additional risk of removal from the premises by an attacker.

Assuming there is physical access to the server:

1) ROOT-PASSWORD: You connect a console cable to the server and you get a prompt for a password. If you don’t know the password you can restart the machine in single user mode and reset the password. Voilà, you get root access.

In order to secure the above you insert a password on the GRUB menu so when server is restarted in order to enter single user mode you have to provide the GRUB password.

2) GRUB_PASSWORD. If you shut down the machine, get the hard drive out and mount it on another workstation you will be able to browse the /boot directory which contains the grub.cfg file inside which you can find the GRUB password. You can either change the GRUB password or delete it.

Obviously when we talk about big production machines most probably there won't be any physical access and apart from that, even if someone gets physical access to the server he won't shut it down.

What are possible solutions to prevent data theft on servers that are physically easy to steal?

The way I see it, one way or another access to the contained data can be obtained.


Solution 1:

The rule I've always worked from is that once an attacker has physical access to your host, they can eventually break into it - unless, as kasperd says, you use strong all-disk encryption with a boot password, and are willing to be there to enter it every time the host boots.

Solution 2:

The solution I'm aware of is encrypt the disk and use a TPM: Trusted Platform Module

In this way there's now way do decrypt the hard drive as:

Full disk encryption applications [...] can use this technology [TPM] to protect the keys used to encrypt the computer's hard disks and provide integrity authentication for a trusted boot pathway (for example BIOS, boot sector, etc.) A number of third party full disk encryption products also support TPM. However, TrueCrypt decided not to use it. - Wikipedia

Of course I might be wrong and the TPM can be easily cracked or I might not know other solutions.

Related

How to keep cron from stampeding?
How do you remotely administer your Linux boxes? [closed]
Restore SSH session
Effect of distance from server
how to use du to see files greater than a threshold size
Ansible: Add IPs from inventory to /etc/hosts of all nodes
Where do you normally keep your UNIX/Linux scripts?
Extract repository name from GitHub url in bash
My DNS record can only point to an IP address. How do I make it reach for a port?
Ethical quandry over security nondisclosure [closed]
Does a Gateway of a Subnet need to be a "real" Computer?
Should I run my database off of a RAID 5 configuration?