The better the physical security around your network, the more secure the
network will be. (This applies to wired networks as well.) Keep wireless
transmitters (routers, switches, and so on) as close to the center of your
building as possible. Note or monitor the range of transmitted signals to
determine whether your network is open to mobile network sniffing—a geek
sport known as war driving. Wireshark is an example of a program that is
useful for analyzing wireless traffic (as well as all other network activity). An
occasional walk around your building not only gives you a break from sitting
at your desk but can give you a chance to notice any people or equipment that
should not be in the area.
Keep in mind that it takes only a single rogue wireless access point hooked up
to a legitimate network hub to open access to your entire system. These
access points can be smaller than a pack of cigarettes, and the best way to
spot them is to scan for them with another wireless device.
Passwords and Physical Security
The next step toward better security is to use secure passwords on your
network and ensure that users use them as well. For somewhat more physical
security, you can force the use of a password with the GRUB bootloader,
remove bootable devices such as floppy and CD-ROM drives, or configure a
network-booting server for Ubuntu.
Also keep in mind that some studies show that as many as 90% of network
break-ins are done by current or former employees. If a person no longer
requires access to your network, lock out access or, even better, remove the
account immediately. A good security policy also dictates that any data
associated with the account first be backed up and retained for a set period of
time to protect against loss of important data. If you are able to do so, remove
the terminated employee from the system before the employee leaves the
building.
Finally, be aware of physical security. If a potential attacker can get physical
access to your system, getting full access becomes trivial. Keep all servers in
a locked room and ensure that only authorized personnel are given access to
clients. Laptops and other mobile devices should be configured with only
what is needed, and any truly sensitive data should be kept on machines that
are physically secured. When machines containing any sensitive data must be
used outside a secure environment, you should use hard drive encryption,
such as that available when installing Ubuntu.
Something that you may find useful for laptops and other mobile devices is
Prey. Prey has a basic version that is open source, free software that will help