Protect the data against what? With all computer security questions, you have to consider different threats, and different effects.
A. Prevent them from reading it? There are two questions here. First: Is the encryption good enough that an attacked needs the key, or can the key be bypassed? For most modern encryption algorithms, if implemented carefully, without explicit back doors, the answer is that the attacker will need the key (the NSA and such may be capable of bypassing encryption by brute-force attacks, but let's not worry about that, as it is unlikely that your disk will attract the full force of such agencies). Second: where is the encryption key stored, and how long does it live in use? If the encryption key is only stored in the brain of the human user, who types it in when mounting the encrypted disk, and then the computer is powered down after we are done using the disk, then the only way to read the disk is either to get the human to divulge the key (for example by pointing a gun at them), or to get into the system while the disk is mounted. In this scenario, the most likely attack is (as SirDice said) someone logging into your system (authorized or unauthorized), and just reading the mounted file system. So the thing you really need to guard against are for example ssh brute force attacks on the root account.
If they key is stored on any form of media, then the real danger lies in attack on the media. For example, you may have a piece of paper with the key (or the equivalent pass phrase) taped to the bottom of your keyboard in the office. Then anyone who can flip your keyboard over can read the disk, either before or after removing the disk from your system. A really stupid version of this would be to store the key in a world-readable file on the unencrypted root disk of your system, and have a little script that automatically mounts the encrypted disk every time you boot. At that point, you don't even have to bother encrypting any more: anyone who can log into your system (or exploit it, for example by using a mis-configured web browser to fetch
http://your.server.com/~root/secret_key.txt) has access to the data.
So to protect the data from being read, the most important thing is to protect the key, and to protect the system on which the disk is mounted.
B. Prevent them from modifying the data, or destroying it? To begin with, there are in-band modifications of the data, for example writing to the file system. I'm sure you wouldn't consider the superuser logging in, mounting the encrypted disk, and
rm'ing a file to be destroying the data, but you would rather think of it as a normal file system operation. But what if the superuser hacked in, and did
rm -Rf /mnt/encrypted_disk? That goes back to what we said above: protect the system against unauthorized access.
That leaves access to the physical disk. You worry that someone might come in with a screwdriver, physically take the disk out, and connect it to his server and overwrite the data. Well, there is nothing you can do about that, except by using hardware encryption (which is offered by many disk drives). But protecting against a guy with a screwdriver and his own server is silly, because once the attacker has physical access to the disk, he can destroy the data much more easily: Using a hammer. And no encryption in the world will protect the data against a person who simply smashes the disk. If you want to deal with such attacks, you need physical security. My wife used to work at one of these US federal government labs, where they have soldiers with machine guns posted at the door to the computer room. This is a bit expensive, but very effective.
So, can you be more specific: What types of attack are you really worried about? And what caliber of ammunition are you intending to use against the guy with a small hammer? (That last question is meant as a joke)
Personally, I have a 1TB external USB disk, which I keep in my office. It is encrypted (although not using geli and ZFS, but Macintosh encryption). The key is stored in my head (and on a piece of paper I keep in my safe at home, and my wife knows the combination to the safe). I think my Mac is pretty secure against attack; the best protection is that there are hundreds of other Macs in the office, our network is managed by competent people, and I try to not make enemies. I only mount the disk for an hour or so, perhaps once a week or so. If someone steals the disk from my office, they won't be able to read the data, but they will be able to reformat the drive and use it, and I will have to recreate the data (big pain). Since there is lots of other nicer computer stuff in my office, I don't think anyone would bother stealing a 3-year-old generic external disk, not interesting enough.
