Let's say I want to move my 1U Dell server to co-location site with a hostile company who will try to steal my code (this is almost 90% probability if I dont take steps)...
The limitation for their hostility I see (or hope) - they can't remove the box completely and tell me, "oops, it got lost in mail", they can't hire experts from too high level (like FBI or NSA), so it has to be done on the level of a savvy sysadmin reading hacking forums. Also, they would have to explain any downtime (which is easy but in conjunction with tampering evidence will be powerful deterrent).
Now..
From my understanding the best way to secure your software is to encrypt it on the disk.
Then to disable external access to boot your server for cold boot attack (I think - disconnect optical drive, USB, com port etc.)
Then I still have the following problems - opening the case and connecting to the MB or removing RAM where the decripted software was running before a cold boot attack.
Question #1 - are there other threats for the code to be stolen in the given situation?
What I am thinking is to make sure if they tamper with the case I will get hard proof which can be brought to court and I get the compensation. If the tamper evident device is convincing and reliable then they won't risk their reputation with the legal case and leave this alone.
Please tell me what you think. Is it feasible plan? Is it possible to narrow the chances of stealing to opening the box (I mean is disconnection USB etc will work?) Are there any other things I need to consider?
EDIT. I will try to compile the answers.
The main consideration - using Dell TPM. Box is Dell R210
- RAM removal (cold boot attack)
- Console access using unsecure account [doest it help to recover TPM keys?]
- Boot from another hard disk [doest it help to recover TPM keys?]
EDIT EDIT. Guys, most of you wrongly assumed that having box on colocation means an ISP or Internet company who sells colo to the webservers, gamers etc. Nothing even close in my case. There are few guys in my area of expertise who sells colo at affordable price. (By colo I mean letting other people they know to put boxes in their racks) And we all are doing the same thing so they dont need to ask they know what I do and I know what they do. Putting unsecured box to them is like leaving open bottle of Glenfiddich 18 next to an alcoholic and walk away. Whatever the morality is they will be really really tempted to open it. I know cos I would too in their shoes. Cold boot is not so much sophisticated thing to do either. So most of your projections simply doesnt count in my case.
I am going to leave it open for couple of day is someone would like to add to the actual physical threats list.
Thank you for your patience :)