diff --git a/docs/tech_docs/firewalls.md b/docs/tech_docs/firewalls.md index d4dc9be..6433d3a 100644 --- a/docs/tech_docs/firewalls.md +++ b/docs/tech_docs/firewalls.md @@ -41,4 +41,50 @@ Network Address Translation (NAT) is crucial for hiding internal IP addresses an - **Palo Alto Networks** may involve higher costs but justifies them with advanced features and comprehensive security coverage. ### Conclusion -Selecting the right firewall is a pivotal decision that depends on specific organizational requirements including budget, expected traffic volume, administrative expertise, and desired security level. This analysis highlights the distinct capabilities and configurations of Cisco ASA, Fortinet FortiGate, and Palo Alto Networks, guiding organizations towards making an informed choice that aligns with their security needs and operational preferences. \ No newline at end of file +Selecting the right firewall is a pivotal decision that depends on specific organizational requirements including budget, expected traffic volume, administrative expertise, and desired security level. This analysis highlights the distinct capabilities and configurations of Cisco ASA, Fortinet FortiGate, and Palo Alto Networks, guiding organizations towards making an informed choice that aligns with their security needs and operational preferences. + +--- + +Here are the individual fact sheets for Cisco Meraki MX and SELinux, expanding the comparative analysis with their unique features and technical specifications: + +--- + +### 4. Cisco Meraki MX +- **Models Covered**: Meraki MX64, MX84, MX100, MX250 +- **Throughput**: + - **Firewall Throughput**: Up to 4 Gbps + - **VPN Throughput**: Up to 1 Gbps +- **Concurrent Sessions**: Up to 2,000,000 +- **VPN Support**: + - **Protocols**: Auto VPN (IPSec), L2TP over IPSec + - **Remote Access VPN**: Client VPN (L2TP over IPSec) +- **NAT Features**: + - **1:1 NAT, 1:Many NAT** + - **Port forwarding, and DMZ host** +- **Security Features**: + - **Threat Defense**: Integrated intrusion detection and prevention (IDS/IPS) + - **Content Filtering**: Native content filtering, categories-based + - **Access Control**: User and device-based policies +- **Deployment**: + - **Cloud Managed**: Entirely managed via the cloud, simplifying large-scale deployments and remote management. + - **Zero-Touch Deployment**: Fully supported +- **Special Features**: + - **SD-WAN Capabilities**: Advanced SD-WAN policy-based routing integrates with auto VPN for dynamic path selection. + +### 5. SELinux (Security-Enhanced Linux) +- **Base**: Linux Kernel modification +- **Main Use**: Enforcing mandatory access controls (MAC) to enhance the security of Linux systems. +- **Operation Mode**: + - **Enforcing**: Enforces policies and denies access based on policy rules. + - **Permissive**: Logs policy violations but does not enforce them. + - **Disabled**: SELinux functionality turned off. +- **Security Features**: + - **Type Enforcement**: Controls access based on type attributes attached to each subject and object. + - **Role-Based Access Control (RBAC)**: Users perform operations based on roles, which govern the types of operations allowable. + - **Multi-Level Security (MLS)**: Adds sensitivity labels on objects for handling varying levels of security. +- **Deployment**: + - **Compatibility**: Compatible with most major distributions of Linux. + - **Management Tools**: Various tools available for policy management, including `semanage`, `setroubleshoot`, and graphical interfaces like `system-config-selinux`. +- **Advantages**: + - **Granular Control**: Provides very detailed and customizable security policies. + - **Audit and Compliance**: Excellent support for audit and compliance requirements with comprehensive logging. \ No newline at end of file