From e91bd265e7cbbfd09a71ce7835ea35239b1237b7 Mon Sep 17 00:00:00 2001 From: medusa Date: Sun, 28 Apr 2024 13:49:37 +0000 Subject: [PATCH] Update docs/tech_docs/firewalls.md --- docs/tech_docs/firewalls.md | 44 ++++++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/docs/tech_docs/firewalls.md b/docs/tech_docs/firewalls.md index 6433d3a..2a7dbd7 100644 --- a/docs/tech_docs/firewalls.md +++ b/docs/tech_docs/firewalls.md @@ -45,10 +45,6 @@ Selecting the right firewall is a pivotal decision that depends on specific orga --- -Here are the individual fact sheets for Cisco Meraki MX and SELinux, expanding the comparative analysis with their unique features and technical specifications: - ---- - ### 4. Cisco Meraki MX - **Models Covered**: Meraki MX64, MX84, MX100, MX250 - **Throughput**: @@ -87,4 +83,42 @@ Here are the individual fact sheets for Cisco Meraki MX and SELinux, expanding t - **Management Tools**: Various tools available for policy management, including `semanage`, `setroubleshoot`, and graphical interfaces like `system-config-selinux`. - **Advantages**: - **Granular Control**: Provides very detailed and customizable security policies. - - **Audit and Compliance**: Excellent support for audit and compliance requirements with comprehensive logging. \ No newline at end of file + - **Audit and Compliance**: Excellent support for audit and compliance requirements with comprehensive logging. + + Here are the additional fact sheets for AppArmor, a Linux security module, and typical VPN technologies used within Linux environments: + +--- + +### 6. AppArmor (Application Armor) +- **Base**: Linux Kernel security module similar to SELinux +- **Main Use**: Provides application security by enabling administrators to confine programs to a limited set of resources, based on per-program profiles. +- **Operation Mode**: + - **Enforce Mode**: Enforces all rules defined in the profiles and restricts access accordingly. + - **Complain Mode**: Does not enforce rules but logs all violations. +- **Security Features**: + - **Profile-Based Access Control**: Each application can have a unique profile that specifies its permissions, controlling file access, capabilities, network access, and other resources. + - **Ease of Configuration**: Generally considered easier to configure and maintain than SELinux due to its more straightforward syntax and profile management. +- **Deployment**: + - **Compatibility**: Integrated into many Linux distributions, including Ubuntu and SUSE. + - **Management Tools**: `aa-genprof` for generating profiles, `aa-enforce` to switch profiles to enforce mode, and `aa-complain` to set profiles to complain mode. +- **Advantages**: + - **Simplicity and Accessibility**: Less complex than SELinux, making it more accessible for less experienced administrators. + - **Flexibility**: Offers effective containment and security without the extensive configuration SELinux may require. + +### 7. Linux VPN Technologies +- **Common Solutions**: + - **OpenVPN**: A robust and highly configurable VPN solution that uses SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. + - **WireGuard**: A newer, simpler, and faster approach to VPN that integrates more directly into the Linux kernel, offering better performance than older protocols. + - **IPSec/L2TP**: Often used in corporate environments, IPSec is used with L2TP to provide encryption at the network layer. +- **Throughput and Performance**: + - **OpenVPN**: Good performance with strong encryption. Suitable for most consumer and many enterprise applications. + - **WireGuard**: Exceptional performance, particularly in terms of connection speed and reconnection times over mobile networks. +- **Security Features**: + - **OpenVPN**: High security with configurable encryption methods. Supports various authentication mechanisms including certificates, pre-shared keys, and user authentication. + - **WireGuard**: Uses state-of-the-art cryptography and aims to be as easy to configure and deploy as SSH. +- **Deployment**: + - **Configuration**: Both OpenVPN and WireGuard offer easy-to-use CLI tools and are supported by a variety of GUIs across Linux distributions. + - **Compatibility**: Supported across a wide range of devices and Linux distributions. +- **Advantages**: + - **OpenVPN**: Wide adoption, extensive documentation, and strong community support. + - **WireGuard**: Modern cryptographic techniques, minimalistic design, and kernel-level integration for optimal performance. \ No newline at end of file