[nknight]

Yep. Classically, we abdicate responsibility as soon as physical security is breached. With virtual machines the problem is mostly the same, but it moves from "true physical" to "virtual physical" -- once the host environment is breached, all bets are off.

Any sysadmin that claims to be able to protect against a physical access attack or its contextual equivalent is either lying or incompetent. In neither case should that sysadmin be considered "professional".

[RLG_RLG]

Use BIOS & boot loader passwords. Encrypt the file systems. This will not stop 3 letter agencies, foreign governments, or aliens.

[nknight]

It won't stop a private individual, either, not even one with a budget of approximately $0. Cold boot and similar attacks, even just yanking the memory or forcing a CMOS reset, are trivial. Please tell me you don't do this for a living.

[RLG_RLG]

We are talking about live servers. Monitoring should detect server going down, raising suspicion of a physical attack.

The evil maid attack would be useful against the system admin's workstation. Securing NOCs is beyond the scope of this discussion, but it is not difficult.