Setting up a Tor hidden service--is this secure?

[FuZzY_BuBbLeS]

I want to set up a Tor hidden service (for legitimate, but possibly illegal reasons). I have an old PC that I got from a company Win XP Pro installed. I will be using Ubuntu for the OS and thttpd as the web server software. I have a few questions:

1) Would it be reasonable to install Ubuntu alongside Windows so that I can set up FDE with Truecrypt in Windows? Or should I man up and sort out encrypted LVM etc.?

2) How can I make my server more secure? I mean, Ubuntu is a relatively safe OS, but I feel like if I'm going to be running a hidden service on it then I will need to harden it a bit more.

3) Are there any thttpd-specific configuration changes I should make?

[PaulyDefran]

No idea about #2 or #3, but for #1, if you don't care that someone could tell that there is encryption, then LUKS it should be. If you want to hide the fact, then a TC Hidden OS option may serve you better. You'll be sacrificing hard drive space for the decoy, and some would question using Windows as the host when anonymity is the goal. Since this Hidden Service is probably going to be up 24/7, realize that the encryption keys will be in memory and one of the first things grabbed during triage on an incident response.

PD

[mirimir]

As PaulyDefran said, you'll be hosed if they get the server while it's up. Running from home is OK when you're learning and testing. But, if you have hidden services up 24/7, and they handle sensitive information, you want to be using hosted servers. Specifically, you want bulletproof hosting, and you want to pay for it anonymously. And you SSH to it only through Tor.

For security, you have your servers running in VMs, with Tor on the host machine. That way, even if the server is compromised, is has no Internet access except through Tor. Check the tor-talk archives, and the seedier sections of THW, and you'll find instructions and FAQs.