How to protect data from being stolen?

Question

We have Ubuntu Server with Subversion installed on it. It makes automatic backups every week. And it doesn't connected to the Internet. Seems all OK with security. But one thing concern me — this server is in the room that accessed by a lot of people. Are there any solutions to protect valuable data from being physically stolen by someone? I mean something like some fast format device that could erase all data on server's HDDs if unauthorized person will try to extract these HDDs.

I know that ideal solution is to create standalone server room with restricted access, but it is too expensive yet.

score 12 · Accepted Answer · answered Jul 23 '09 at 18:05

I can't think of any reasonable solutions that will prevent theft of the media, so the best you can hope for is to render the data useless: Place the subversion repository on an encrypted partition. This way the filesystem is unreadable without the (lengthy) pass phrase.

score 4 · Answer 2 · answered Jul 23 '09 at 19:51

Put the computer in a locked box with only power & network cables running out of it. If need be, you can also drill holes in the box just big enough to fit keyboard/mouse/monitor cables. Monitor anytime this box is opened using a method suggested by other answers here.

I'd also take it as a serious breach of security anytime a layer 2 connection to this box is interrupted; you don't know if someone cut the network cable and plugged it into a hub.

score 3 · Answer 3 · answered Jul 23 '09 at 18:17

Well, outside of invisible dog fences and making people wear the shock collars in the office, I would think the best option for you with current technology would be to securer the location as best as possible.

If you can, cage off the area that the server sits. Put a door in there, and no one can gain access.

You can also use the door chimes that stores use (the ones that got off when someone enters the store) to monitor when someone comes close to the servers, thereby alerting you or other IT staff. You could also attach an alarm that will go off when the server rack is opened, chiming in the IT department. You can use a simple door alarm like this if you have room in the rack.

Encrypting the drives is probably your best bet, though.

score 2 · Answer 4 · answered Jul 23 '09 at 18:02

Unfortunately I would suggest moving the server to a secure location.

There are several little tricks / hacks that can be done to "wipe" a drive if not booted up in X manner, ect. However most of them are reversible, and if any good hacker really wants your data & steals the entire machine, there is little you can do to prevent him from getting it.

score 1 · Answer 5 · answered Jul 23 '09 at 19:10

This sort of situation is where you start looking under "Physical security." Depending on the importance of the data, how much it's worth, and how much you want to pay, solutions range from "put it behind a locked door" to "guard it with a man with a gun".

Someone has already mentioned encrypting the data, which is a good backup in case the physical security fails somehow.

How to protect data from being stolen?

5 Answers5