We have a development server in our office whose database will soon contain sensitive data. Our main concern is what would happen in the case of a physical break-in and theft.

Right now there are two layers of security:
1. The login for the OS
2. The login for the database

But I'm not sure that's the best we can do. Is there anything more we can do to protect this machine in case it's stolen?

My idea is to make the hard drive so big that it wouldn't fit through the door.

Encryption, Encryption, Encryption.

Login passwords don't matter if your hard drive is stolen. They can just hook it up to any other PC as a secondary drive, or boot from a live CD.

If you don't have physical security of the machine I think that is the most important change to make. Even fab a cage for it.

Or you could encrypt the drive and turn it off everytime you leave

How, exactly are you going to make the "hard drive" physically bigger?? Or do you mean the CPU case itself, which is fairly pointless, since if someone wanted the data, they'd just open the box up, and slip the hard drive out of the case.

Best suggestion would be to encrypt the partition where the data is, and have it prompt for a password at boot time. That way, no password=no data. Yes, you can MAYBE decrypt it, but it'll take a very long time. Don't know about your physical environment, but if you're that worried, strip the screw heads that hold the hard drive(s) in place, and bolt the CPU cabinet to a large table, and strip the screws out on the case, too. That way, someone couldn't just open the case up, without a SIGNIFICANT effort....and that includes YOU, so be careful.

I don't know the mechanics of it but basically we'd manufacture a special hard drive that's about 10 feet in diameter.

It sounds like encryption is the way to go. For someone with no background in encryption (my background is in web development with no special emphasis on security), could someone give me some pointers on what I should do next?

Thanks!

Is it practical to turn it off every night, being a server?

Will people want it to be accessible 24 hours, thats why I recommended addressing physical security.

It would probably be annoying to turn it off each night but we can live with it if there are no easier options.

We will actually have two machines: a local development server and a local production server. I don't imagine either will need to be used outside of work hours.

Nothing to it. Pick a distro of Linux (the current openSUSE works well, as do others), and load it. At build time, you'll have the option of encrypting partitions..select it, follow the prompts.

Whenever the system boots from then on, you'll get prompted for a password. Three strikes, you're out, no partition mounted.

And really, a 10 foot diameter disk? Not sure how you'd expect to get it to work, or manufacture it, since platters that large would be insanely heavy, and under tremendous stress from the force of spinning, let along designing heads and servos to make it work. And if you're talking about putting a smaller drive into an enclosure might be ok, but a waste of effort, since you could just lock/secure the computer enclosure with bolts/etc., for about $10.

If I've already installed the OS and everything, is it too late? If so, is there a relatively painless way to copy everything on my machine somewhere else, reinstall Linux (I'm on Ubuntu) and put everything back on the original machine (assuming that's the right way to go)?

Thanks for all your advice, by the way.

No, not too late, but more difficult. You don't say what version of Ubuntu, but the community docs have info.
https://help.ubuntu.com/community/En...lesystemHowto3

No matter WHAT you do, MAKE BACKUPS. Easiest way is to get a cheap, external USB hard drive, plug it in, and copy everything over. If the DB isn't in production now, shut it down, do a dump of the DB, and copy the dump file(s) and the entire directory structure to the USB device, before proceeding with anything...and that's at a minimum.

You don't say WHAT database, how it's layed out, how big, etc., so there are lots of variables. If you're uncomfortable with doing it, I'd strongly suggest hiring a consultant, if the data is important/sensitive, to come in and do it for you.

So maybe the priority should be backups first, encryption second.

Luckily we don't have any important data on this machine yet. All we have is one small app and a few other nicknacks, so it's probably not a huge deal to move those, blow this machine away, then move it all back.

Backups should ALWAYS be a priority. If you're not backing your data up, you're inviting trouble. If you've only got a small amount of data, then you could even back it up to a USB flash drive, then wipe the machine and start over. But for long-term backups, think of something more robust...external USB hard drives give you lots of space for very little $$$, and you can easily script existing utilities to make backups of your important data each day, and copy it to the drive. Even that's not ideal, but it will give you SOMETHING.

Closely related question: if we're looking to host this data on our production server as well, what should I look for in a hosting company as far as security features?

This is totally against what you originally posted.

If you've really got sensitive data, you definitely do NOT want a hosted server. Yes, they're 'secure'...but you don't KNOW what goes on there, and don't have control over things (sometimes). Build your own production server, and host it yourself, if you want security. You'll not only be secure, you'll actually wind up saving money.

If you do proceed with hosting, read some online reviews of service/security, since that's where you'll get the best information.

Never host proprietary or controlled data with a hosting service. If you want to use a data center you have to rent a rack where you can place your own hardware and just get network pipe.

This is why I was pushing physical security from the start. Encrypting a disk on a server is a waste of time in my opinion because network penetration is your biggest threat. An encrypte4d disk only protects you from the machine being taken while powered off.