We are creating a web application that will be installed on a server and sold to a client, similar to a Google Mini Search appliance. We are looking at various ways to secure the server from being breached and the source of the application stays safe. The client will access this from a web interface, again like Google Mini.
Is there other ideas I am missing here to lock this down?
Hardware:
- No floppy disk, CD ROM, USB ports
- Chassis intrusion detection
Software:
- BIOS password Secret Windows password
- Certain parts of the source code is obfuscated
Completely physically protecting a machine that is no longer in your direct control is impossible.
For instance, chassis intrusion detection is only any good to you if the machine is opened while it is running and connected to the network - otherwise how would you know the event had happened? Making the chassis very difficult to intrude would probably be a more practical solution, unless you are willing to rig something up that destroys part of the machine (probably the harddrive) if the case is opened (that would no doubt be very expensive to research and develop). For instance, most secure tokens used for PKI are designed to be air-tight and have something on the main chip that reacts to air in such a way as to render the chip inoperable fairly instantly (so you can't open the fob and try read the cryptographic salts stored on the chip.
For protecting the software, even in the case when the drive it is stored on is removed, you could try using an encrypted filesystem, though for the thing to start up successfully the keys would need to be stored on the machine so you would need to protect the medium that held the keys (perhaps with the "open me and I'll destroy bits" type protection if possible). Storing the keys off-site would not help as the machine would have to contact you to get keys in order to boot so the code that allows it to do this would need to be protected as if it is the key (as it effectively is).
Absolute security is unfortunately not possible, especially if you are using common parts rather than custom designed everything, and beyond a certain point there is little to gain from throwing more and more effort at the problem - once you've put of the opportunists and a few slightly more persistent nerds which are breaking in for a challenge what you have left are determined people who will get round whatever protection you use eventually (probably distressingly quickly).
If I'm wrong and there is a magic bullet out there it will not be an easily affordable magic bullet! It might be worth researching what specific products (like the Google one you mention) do to try protect themselves and their content.
From a physical perspective, the Google Search Appliance is not all that secure. I won't go into details, ahem.
Compile the source code where you can. In Python, you could be delivering .pyc files instead of .py files, which would at least deter casual intruders. I'll bet there's an option somewhere to compile the code to something even better.
However, when it comes to the physical end, you're a little helpless. Glue it all shut?
Take "Chassis intrusion detection" -- okay, so intrusion has been detected. Now what? Do you report it somewhere? Hard to do if the cable is unplugged. You'd have to establish a queue wherein that intrusion notice just sits around until it is delivered to your home system.
Are you going to be out to physically examine the machine every so often? You could put a big old wax seal on it. I'm not entirely kidding, perhaps a special tape with your company name on it might do.
Perhaps one of the people from Make could help you craft, in a larger chassis, some kind of lever or strictly mechanical device which, when the chassis was opened, press a very large magnet (labeled "ANTI-INTRUSION MAGNET") onto the hard drive. The steel hard drive chassis would make all but the most powerful magnets less than optimal, so you could maybe make a "window" for your hard drive chassis (yes, this has been done).
Most ridiculous scenario: cover the case in "WARNING: THERMITE-ENABLED DRIVE DESTRUCTION -- PLEASE PLACE SERVER ON BOTTOM OF RACK" stickers.
Have you thought about using an encrypted file system?
But, wondering whether you have thought this through much. Servers fail. You wouldn't want to destroy a customers data because of a fan failure. e.g. open case and loose the lot.
The trouble it would cause you to protect your intellectual property is likely to destroy your company's reputation. It would be better to make it quite hard (i.e. HARD), but not impossible.
Errm, what about daylight savings?