What we need is an application which centralises security. I'd like to think of it as "Security and Stability". It should monitor the following in a centralised location:



- Track system crashes/unclean shutdowns of applications and make it easily accessible. If apache has never crashed except the day a server was compromised for instance, it may provide a clue about how it was hacked.

- Firewall status. No IPtables enabled = insecure

- Show all security updates. Users should be informed when there are updates available specifically targetting security (in addition to the applet currently present).

- User rights. If the user is running as root, they should be told the risks.

- Anti-virus. There should be integration with Anti-virus here, or a one click means of listing various versions of anti-virus. Integration should also allow a one click option to start scanning, and an indication if automatic scanning is enabled. It could also offer an easy way to install rootkit detectors and anti-virus. Its better for us to get ahead of viruses, and make sure people don't pass existing ones on (I believe ClamAV is an example of a free one?)

- Rootkit detection. There are lots of Rootkit detection systems out there. I suggest that users be able to click a button and run a quick test.

- Permission checker, Use information from APT to identify changes in permissions to system files. Many newbies do stupid things like change the permissions on a config file so they can access it via gui. Lets make sure they have an easy way to fix it.

- Identify if your network is broadcasting everyones traffic to everyone (ie, hubs, not switches). Maybe not easy, and not really neccessary.

[....]

I think that the User, Group, Others filesystem permission system is poor. Using ACL will improve security in a simpler way when you need complex filesystem access configuration. Things like a user is part of project A and project B. This user must have full access in all files and directories of project A but must have access only in certain files and directories of project B. It's very simple to do this on a NTFS filesystem, but in linux it is very painful because you have to configure your filesystem to use ACLs, configure the ACL and then use it. Windows systems has it implemented directly on the filesystem and has a GUI to help you with setting permissions easily. For server administration it's a marvelous thing and for home users that understands how to use filesystem permission could be a way to make their files and directories more secure. Another important thing is that the read, write, execute access level model is inadequate for today's needs. An example of how this is lacking is that if you need to give a file, residing in the 3rd directory tree level, permission to be read by a user that cannot have access to directories in the first and the second directory tree level, you must give him access to them. This is only one example of how POSIX filesystem permission system is a poor and inadequate model.

I think it would be good to have a convenient (graphical) way (not using commands in terminal) to put a password on GRUB.

Right now you must browse many different sections to see which security software do you have in Ubuntu.

You can find security tools in at least 4 sections in aptitude/synaptic!!!!!!!

doing some administrative tasks like installing new packages/softwares, changing some settings and ... (generally sudo tasks) requires the user to enter his/her password. entering your password every time you want to do those tasks is not so user-friendly and may distract new users to linux and ubuntu in particular.

Easy way for user to select a system mode which changes the system Speed, Power Saving, Security, Handicap Mode, and System Resources.
This could be done as button on the panel.

1. Create system modes which change system settings to optimum settings and services, toggled though taskbar icon.
2. examples of system modes: server, desktop, kiosk, airplane, low power, gaming, wifi hotspot (lowpower sercurity), desktop no network, desktop no internet, desktop lockdown.
3. GUI/Wizard to alow users to create their own custom system modes.
4. option to autochange system mode on a schedule or extended system idle.

-- Your in a meeding switch to "No interruptions mode".
-- Your at a Cyber Cafe, select Hot Spot mode (low power plus Security.).
-- Your on an Air Plane, select Flight mode (disable wifi, bluetooth, low power mode).
-- Your at work, select work mode (disable automatic sleep, turn on locking of screensaver, turn on email notification.).
-- Your at Conference, create and select mode "Speech or Presentation mode" to hide or declutter desktop, disable email and im notifications, change resolution, disable desktop effects, disable screensaver.
-- Your leaving work; select mode which will logout or lock computer, turn on restrictive firewall, apply system updates and then disable ethernet/wifi card and go to low power/shutdown/hibernate.
-- Your babysitting kids, select kid safe mode (kiosk plus option to set time limit, big icons.).
-- Your grandparents using your system, select mode to decrease resolution and increase font size to make everything bigger on the screen, and turn on big icons.
-- Your handicap friend using your system, select handicap mode (turns on Assistive Technologies, big icons, increase font size).
-- You install a system in a shared public space (Library, Lounge, or Cafe) which may have kids, handicap, visually impaired or other people you may wish to change the mode for.

Online stored system key for use by system, so every Ubuntu installed system, going online, will be unique, user as well, so better experience for Ubuntu community will bring more informations about system usage, if possible and secure, by system keys, user interactivity. Firewall, emails, documents, files, can be signed automatically.

At the beginning, sry my bad english...

My idea is that Ubuntu could/should be the first OS, that has a built-in national electronic ID-card (smart card with certificates for Authentication; Issuing digital signatures; Encryption; Electronic voting; Buying ID-tickets) support.

I know that at this moment, my country, Estonia, is few of which have ID-card with that kind of features but i belive that can change in pretty sort of time.

You can look more information about our ID-card project at http://www.id.ee/?lang=en .

Screenshots of new open source Estonian ID-card software (Beta testing under Ubuntu):

http://bayimg.com/image/eaepmaaci.jpg

http://bayimg.com/image/faepjaaci.jpg

http://bayimg.com/image/faepgaaci.jpg

http://bayimg.com/image/faephaaci.jpg

the administration menu/control center needs an option called disks, drives, harddrives or storage. this should give you access to boot menu, partitions, filesystems, swap, mount options, encryption and options for secure deleting / cleanup.

Recently on the ubuntu forums (and elsewhere) people have been posting bad commands to maliciously damage peoples systems. There should be a warning in the terminal (which could be swiched off in the terminal settings) when these commands are enterd before the command is executed. e.g.

tomatz@Desktop:/usr/bin#rm -r .[^.]*
Bash SECURITY WARNING Do you really want to enter this command? It could damage your system! (Y/N)
n
tomatz@Desktop:/usr/bin#

I really believe this should be implemented as this is obviously a security flaw. Most viruses in windows require user execution to infect the system which makes this security flaw not much different.