The simple fact is that if someone has physical access to your box they OWN it. Anything you put on it can be easily defeated.
Ok see this is a basic fallacy. The proper statement would be: Anyone willing to make enough effort WILL be able to break into your system. So what you want to do is either make it hard enough that they aren't willing to spend the effort, or slow them down enough so that you can respond. For example banks: Banks use a heavy steel vault. Why? Not because it can't be broken into, given enough time and a plasma torch I can get in. What they do is slow me down enough that police have plenty of time to respond to the alarm, when people with guns show up and tell me to assume the felon position that is the end of my attempt to break into the vault. Case in point: a friend uses a small computer lab on campus for grads. They have a Linux fileserver, it is reasonably secure, they don't have root, etc. Now I looked at it and said "I can break into it in less then 10 seconds and I don't need to know anything about the machine". My friends disbelieved me. So I hit ctrl-alt-del to reboot it (this is a LOT nicer then hitting the reset button =), and typed "linux single" at the boot prompt, rats, foiled by sulogin. Ok, hit ctrl-alt-del again and typed "linux init=/bin/sh", haha, a root prompt. all in under 10 seconds. Now if LILO had been properly secured I would have to bring boot media with me (not something I usually carry around), and if the BIOS was secure I'd have to bring my list of BIOS passwords (which won't always work, especially on newer machines), and boot media, and spend a LOT longer breaking in (by which someone might notice the server is down and have walked over to it to investigate).
M
-Kurt