However, "physical security" and "USB port" don't play well together. However, if you disable Ctrl-Alt-Del, put that BIOS password on, don't install sudo, etc, then *maybe* it would be possible to expose a USB port for use by an encrypted filesystem. However, then it is vulnerable to vandalism. What is the purpose of this black box? How public will this "untrusted location" be?
Thanks for your attention again.I'm sorry I sended this answer to your private email instead of send it to the list
The mission of my investigation is to have a configuration (if it's possible of course) for a black box with debian to associate clients to a closed system.
Let's say for example money transfer (just as an example)If you want to be part of the system, one black box is delivered for you, and the workers localy in your network interact with the system using a web site contained on it.
If they need any help with the box, a central administration is given to them via ssh, but nobody localy should have access to the box.
My main concern is for example, if somebody has access to turn off the box, create one image disk, and go home with all the information available, at this moment, I want to have all the information encrypted as much as possible to make this task more difficult.
By default, I should consider in my prerequisites that it could be possible, so among others security policies the encryption should be added. The person who has physical access to the server is not necessary root, and I know it's the main problem.
Thanks again for all your time Greetings Enediel