It is often handy to be able to connect to remote computers / networks via vpn or wifi such as work or home. Network manager can handle this easily, but what happens if you want to give someone temporary access to your wifi, or connect to your home vpn from someone else's computer.

If a vpn or wifi connection could be saved to a file then when run on another machine could make use of the defined connection until it was disconnected (or the session ended). No details about the connection or its security settings are retained by the host machine.

Right now, any application a user runs can access the network and send whatever it pleases anywhere it likes.

Ubuntu users shouldn't have to wonder if any of the programs on their system are 'phoning home' to check for updates - or worse, to upload information about them in a sneaky way.

I propose that we package strict network access profiles along with every application that needs to use the network.
If no network access profile is present in an application's .deb file, Ubuntu should NOT allow it to access the network.

It should be up to the package maintainer to find out if an application needs to open any 'listening' ports, or access an outside server, etc. The maintainer should then write and include the strictest workable profile possible.

Both SELinux and AppArmor might be able to handle implementation of this kind of policy already. We're already including AppArmor and SeLinux profiles for some applications; we just need the default policies to be stricter. In addition, we may want to configure the iptables firewall as well.

Something like the Authorizations control panel would be great in terms of a UI for seeing which application is permitted to do what. Perhaps PolicyKit integration could allow us to grant or revoke application network access privileges.

I think it would be better to have an IM protocol that has these requirements.


When logging on from a different machine, both machines can be used at the same time for IM. So I could be logged on to an account from 2 places, and the messages would be received both places. So the other clients would have in their IP_to send list both locations.

Also simple encryption available.

File moving available (file size limit options).
Current IM standards should be realized.

Wouldn't that be cool to add to kopote , something that is better?

I want to set up an IPSec certificate for my network connection with GNOME Network Admin.

Firefox 3 has done away with the useful security feature in Firefox 2 whereby secure encrypted connection were indicated with a visually prominent yellow addressbar.

This feature is really useful in quickly determining if a page into which I enter my personal info (login name, password etc.) is secure. Now I have to be alert enough to always keep an eye on some small icons which don't come to attention easily.

This feature can be restored, but its not straightforward and needs some tweaking of internals. Please bring this feature back, at least on the Ubuntu version.

a toggle to turn on/off all deamons that you want on a home network but not on a public one. e.g:

samba (not only do you not want to share your files with joe blogs but it also has several security vulnerabilities)
nfsd (again you probably don't want to be sharing your file)
zeroconfd (this is security through obscurity, but useful for all those little applets that publish to it which haven't been added to the list of programs to stop, YET)

initially this could be done by a script combined with a simple system tray applet
-====-
Later versions could include
*auto toggling based on the network id
*integration into nm-applet GUI
*option for ftp deamons
*gui configuration
*mark all networks unsecure by default, so a default ubuntu computer that hasnt said its on a home network isnt vulnerable to smba or nfs exploits.
*toggling firewall settings as suggested in http://brainstorm.ubuntu.com/idea/10314/

network-manager should have an option to allow automatic connection to open/unsecured networks.