diff --git a/docs/server/source/production-nodes/index.rst b/docs/server/source/production-nodes/index.rst
index c669827e..6ada923e 100644
--- a/docs/server/source/production-nodes/index.rst
+++ b/docs/server/source/production-nodes/index.rst
@@ -4,7 +4,8 @@ Production Nodes
 .. toctree::
    :maxdepth: 1
 
+   node-requirements
    node-assumptions
    node-components
-   node-requirements
+   node-security-and-privacy
    reverse-proxy-notes
diff --git a/docs/server/source/production-nodes/node-assumptions.md b/docs/server/source/production-nodes/node-assumptions.md
index 3335804c..d8d74f0e 100644
--- a/docs/server/source/production-nodes/node-assumptions.md
+++ b/docs/server/source/production-nodes/node-assumptions.md
@@ -10,5 +10,3 @@ We make some assumptions about production nodes:
 1. Production nodes use MongoDB (not RethinkDB, PostgreSQL, Couchbase or whatever).
 1. Each production node is set up and managed by an experienced professional system administrator or a team of them.
 1. Each production node in a cluster is managed by a different person or team.
-
-We don't provide a detailed cookbook explaining how to secure a server, or other things that a sysadmin should know. We do provide some templates, but those are just starting points.
diff --git a/docs/server/source/production-nodes/node-security-and-privacy.md b/docs/server/source/production-nodes/node-security-and-privacy.md
new file mode 100644
index 00000000..3b26ddbb
--- /dev/null
+++ b/docs/server/source/production-nodes/node-security-and-privacy.md
@@ -0,0 +1,11 @@
+# Production Node Security & Privacy
+
+Here are some references about how to secure an Ubuntu 18.04 server:
+
+- [Ubuntu 18.04 - Ubuntu Server Guide - Security](https://help.ubuntu.com/lts/serverguide/security.html.en)
+- [Ubuntu Blog: National Cyber Security Centre publish Ubuntu 18.04 LTS Security Guide](https://blog.ubuntu.com/2018/07/30/national-cyber-security-centre-publish-ubuntu-18-04-lts-security-guide)
+
+Also, here are some recommendations a node operator can follow to enhance the privacy of the data coming to, stored on, and leaving their node:
+
+- Ensure that all data stored on a node is encrypted at rest, e.g. using full disk encryption. This can be provided as a service by the operating system, transparently to BigchainDB, MongoDB and Tendermint.
+- Ensure that all data is encrypted in transit, i.e. enforce using HTTPS for the HTTP API and the Websocket API. This can be done using NGINX or similar, as we do with the BigchainDB Testnet.