The best way to run a hidden service: one or two computers?

[hikki@xxxxxxxxxxxxx]

When running a hidden service, obviously hidden so no one can find the 
true source and IP of the web server because lives may be depended on 
that, I've heard that the best and safest way is to use a dedicated 
server computer with two operating systems and the server being inside a 
virtual machine. So if the web server should get cracked, the cracker 
will be locked inside the virtual machine and cannot do side-channel 
attacks or any other clever methods to reveal the true source.

Then I read somewhere that theres even a more secure way, and that is by 
using two dedicated computers. One computer with the web server running,

being connected with a LAN cable to the second computer which works as a 
firewalled router with Tor running on it with the hidden service keys. 
Again, if a cracker cracks the server machine, he will be physically 
trapped inside the server and cannot access the second computer nor the 
internet directly.

What are your opinions on this?
What should be done and what should be avoided while setting up such 
systems?


Thank you in advance for help!
Kind regards,
Hikki.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/