What we need is an application which centralises security. I'd like to think of it as "Security and Stability". It should monitor the following in a centralised location:



- Track system crashes/unclean shutdowns of applications and make it easily accessible. If apache has never crashed except the day a server was compromised for instance, it may provide a clue about how it was hacked.

- Firewall status. No IPtables enabled = insecure

- Show all security updates. Users should be informed when there are updates available specifically targetting security (in addition to the applet currently present).

- User rights. If the user is running as root, they should be told the risks.

- Anti-virus. There should be integration with Anti-virus here, or a one click means of listing various versions of anti-virus. Integration should also allow a one click option to start scanning, and an indication if automatic scanning is enabled. It could also offer an easy way to install rootkit detectors and anti-virus. Its better for us to get ahead of viruses, and make sure people don't pass existing ones on (I believe ClamAV is an example of a free one?)

- Rootkit detection. There are lots of Rootkit detection systems out there. I suggest that users be able to click a button and run a quick test.

- Permission checker, Use information from APT to identify changes in permissions to system files. Many newbies do stupid things like change the permissions on a config file so they can access it via gui. Lets make sure they have an easy way to fix it.

- Identify if your network is broadcasting everyones traffic to everyone (ie, hubs, not switches). Maybe not easy, and not really neccessary.

[....]

I like to use OpenDNS (http://www.opendns.com/) NS servers as provider independent service. But unfortunately DHCP overwrites my DNS configuration in the Network Manager.

I don't like to hack a script overwriting /etc/resolv.conf to my favourites. Even a "sticky" checkbox within the nm-applet would be fine for me to glue them into resolv.conf.

Ps: After confirming informations from comment on idea http://brainstorm.ubuntu.com/idea/10238/ I will stop using OpenDNS and look for another service. But beside this I still like my idea to use e.g. DNRD (http://dnrd.sourceforge.net/).

It would be good if we could extend the behavior of network-manager ourselves to add support for new encryption types or networking methods which can be triggered by different states of the connection. Some possible plugins may include:

- New VPN connection types. Some of us may have weird VPN connection protocols that we normally need to run other apps for. This would allow users to add support for network-manager instead, without waiting for the next version.
- Wireless cracking plugin. Whilst its illegal, people could code plugin's which automatically tries to break into other connections when no connection is detected, to help optimise uptime. Great for road warriors :D
- Act on new connections easily. You could have extensions which automatically submit a GPS trace/webcam photo on connection for instance. Whilst your inbox would fill very quickly, at least if your laptop got stolen, you could very easily track it down
- Perform actions based on network type. On connection, you could have a plugin for instance that warns of connections which are known to be insecure (ie, you can see packets going to other networks).
- If WPA3 comes out, users could add support themselves to the network-manager, instead of having to edit config files, and run the apps themselves.

All within one tool, and it really eliminates the need for terminal or extra frontend config/connect tools for different connection types

It would be nice if there was a way to store the network settings on a memory stick (or on a network share), and make it so that they may be loaded onto any computer.

This would make it much easier for IT departments, university help desks and network administrators who want an easy way to set up peoples computers. The settings could even cover wireless and VPN settings, or even much more complex networks, and have a way to log the Mac address being set up (so that a list of Mac addresses and corresponding names could easily be generated, and added to the Mac filtering list).

I have often wished I could share my cellular internet connection with those around me via wifi, and I think this is something that would distinguish linux. A simple menu option in the network manager wouldn't cause too much clutter I think.

Ok, I must say that network manager's location feature is completely useless right now because you need sudo rights to change the 'location', this is just ridiculous, I'll explain what goes on right now:

You can turn the network off, turn wireless off, change wireless network to anything else, and do a lot of things without using sudo rights. But if you want to change the 'location' in the network manager. (And 'locations' are a bunch of settings already set up by the administrator so you know they are safe) You need to open the network manager, unlock it, type password and select the new location.
This makes the 'locations' feature totally useless, it doesn't help users at all , you still need admin rights to change the location, and in the case of a lappie this basically means everytime, At home I have static IPs, elsewhere I have DHCP when connecting an ethernet cable to my netbook, somewhere else it is better to use wireless, but I better use specific DNS servers. These locations should be changeable by the user as easily as you can change wireless networks, really.

Contribute to the Auto-NDISwrapper project & include it in a future release when stable

http://easylinuxwifi.org/

"This program automatically looks at what Wi-Fi card you have, it disables any wireless driver currently installed, fetches the correct Windows driver from the Internet and installs it with NDISwrapper."

This seems like an ambitious but do-able project that could use some help and it seems 100% up the Ubuntu alley.

Network Manager should detect when the system is on battery and ask, or offer a setting to UNLOAD network device modules to save battery....

IE
...like when you right click the icon besides providing the option to disable the Bluetooth it can offer to completly disable/enable selected devices

In my opinion this is a security problem. I can think of two scenarios:
* You are able/allowed to connet to a secured network and trust all other participants on that network. Now, by mistake, the encryption is disabled by the AP administrator. You still send confidential data over the network without knowing that everybody can evesdropping.
* Maybe this problem is also usable for an active attack: Is it possible to provide an access point with the same ssid / (MAC?) in a way, that it 'shadows' the proper access point? (sending with more power, sending on a different channel?)

Once a connection was established to a encrypted network, there should at least a warning if that encryption no longer exists (changed?).

Tethering is a neat way of obtaining internet connectivity through a USB-enabled cell phone (blackberry).

Right now getting it set up in Ubuntu is a trial - to say the least.

It would be nice if these connections could be automatically configured as needed and treated as part of the whole Ubuntu automatic networking UI.