Best practices for private server deployment on LAN

[dan]

Hello, all -

I'm trying to do some research on some of the best practices to 
deploying a server that would be on a private LAN.  This server would 
not have any Internet connectivity - it would be used to facilitate the 
workings of a proprietary client program that would contact this server 
for specific information.

I have managed to bring down the install of a FC3 release to just under 
500M.  Although I am not satisfied with this yet, that is pretty small 
compared to what I've done and seen in the past.  I'll keep working on 
that one.

The problem that I'm faced with is that no one should be allowed to 
tamper with this server.  No one should be able to log in, change 
settings, or anything of the like.

I've had several ideas, which all have their own pitfalls:

Encrypted filesystem with a key located on the disk so that the system 
can decrypt on the fly as it needs to.  This is done so that the drive 
cannot be transferred to another machine and booted, or cannot be 
"browsed" if it were a slave to another machine.  This would not quite 
work because the key is still physically there, and anyone with enough 
time an initiative on their hands can spend a few weeks and a dozen 
cases of beer and figure this out.

Making my own form of init, that would not allow for getty or anything 
such as that.  But again, anyone can take this drive into another 
machine, or boot directly off of the machine.

Creating the system so that it will not "work" with any cdrom devices. 
Then I'd have to get a list of devices that are CDROMs, and make the 
system not "read" those.  I'd do the same with hard disks.  But even 
this information can be forged, and it just sounds funny.

How many of you guys have deployed servers like this in the past, where 
you did not want the client to haev the ability to tamper with said 
machine?  What did you do to prevent this type of activity, if anything? 
  I'm just fishing for answers here.

Thanks
-dant