Problem: Server docs say little re/ prod. node security & privacy

Solution: Create a new docs page, "Production Node Security & Privacy"

docs/server/source/production-nodes/index.rst

@@ -4,7 +4,8 @@ Production Nodes
 .. toctree::
    :maxdepth: 1
 
+   node-requirements
    node-assumptions
    node-components
-   node-requirements
+   node-security-and-privacy
    reverse-proxy-notes

docs/server/source/production-nodes/node-assumptions.md

@@ -10,5 +10,3 @@ We make some assumptions about production nodes:
 1. Production nodes use MongoDB (not RethinkDB, PostgreSQL, Couchbase or whatever).
 1. Each production node is set up and managed by an experienced professional system administrator or a team of them.
 1. Each production node in a cluster is managed by a different person or team.
-
-We don't provide a detailed cookbook explaining how to secure a server, or other things that a sysadmin should know. We do provide some templates, but those are just starting points.

docs/server/source/production-nodes/node-security-and-privacy.md

@@ -0,0 +1,11 @@
+# Production Node Security & Privacy
+
+Here are some references about how to secure an Ubuntu 18.04 server:
+
+- [Ubuntu 18.04 - Ubuntu Server Guide - Security](https://help.ubuntu.com/lts/serverguide/security.html.en)
+- [Ubuntu Blog: National Cyber Security Centre publish Ubuntu 18.04 LTS Security Guide](https://blog.ubuntu.com/2018/07/30/national-cyber-security-centre-publish-ubuntu-18-04-lts-security-guide)
+
+Also, here are some recommendations a node operator can follow to enhance the privacy of the data coming to, stored on, and leaving their node:
+
+- Ensure that all data stored on a node is encrypted at rest, e.g. using full disk encryption. This can be provided as a service by the operating system, transparently to BigchainDB, MongoDB and Tendermint.
+- Ensure that all data is encrypted in transit, i.e. enforce using HTTPS for the HTTP API and the Websocket API. This can be done using NGINX or similar, as we do with the BigchainDB Testnet.