Update docs/tech_docs/firewalls.md

docs/tech_docs/firewalls.md

@@ -45,10 +45,6 @@ Selecting the right firewall is a pivotal decision that depends on specific orga
 
 ---
 
-Here are the individual fact sheets for Cisco Meraki MX and SELinux, expanding the comparative analysis with their unique features and technical specifications:
-
----
-
 ### 4. Cisco Meraki MX
 - **Models Covered**: Meraki MX64, MX84, MX100, MX250
 - **Throughput**:
@@ -87,4 +83,42 @@ Here are the individual fact sheets for Cisco Meraki MX and SELinux, expanding t
   - **Management Tools**: Various tools available for policy management, including `semanage`, `setroubleshoot`, and graphical interfaces like `system-config-selinux`.
 - **Advantages**:
   - **Granular Control**: Provides very detailed and customizable security policies.
-  - **Audit and Compliance**: Excellent support for audit and compliance requirements with comprehensive logging.
+  - **Audit and Compliance**: Excellent support for audit and compliance requirements with comprehensive logging.
+
+  Here are the additional fact sheets for AppArmor, a Linux security module, and typical VPN technologies used within Linux environments:
+
+---
+
+### 6. AppArmor (Application Armor)
+- **Base**: Linux Kernel security module similar to SELinux
+- **Main Use**: Provides application security by enabling administrators to confine programs to a limited set of resources, based on per-program profiles.
+- **Operation Mode**:
+  - **Enforce Mode**: Enforces all rules defined in the profiles and restricts access accordingly.
+  - **Complain Mode**: Does not enforce rules but logs all violations.
+- **Security Features**:
+  - **Profile-Based Access Control**: Each application can have a unique profile that specifies its permissions, controlling file access, capabilities, network access, and other resources.
+  - **Ease of Configuration**: Generally considered easier to configure and maintain than SELinux due to its more straightforward syntax and profile management.
+- **Deployment**:
+  - **Compatibility**: Integrated into many Linux distributions, including Ubuntu and SUSE.
+  - **Management Tools**: `aa-genprof` for generating profiles, `aa-enforce` to switch profiles to enforce mode, and `aa-complain` to set profiles to complain mode.
+- **Advantages**:
+  - **Simplicity and Accessibility**: Less complex than SELinux, making it more accessible for less experienced administrators.
+  - **Flexibility**: Offers effective containment and security without the extensive configuration SELinux may require.
+
+### 7. Linux VPN Technologies
+- **Common Solutions**:
+  - **OpenVPN**: A robust and highly configurable VPN solution that uses SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.
+  - **WireGuard**: A newer, simpler, and faster approach to VPN that integrates more directly into the Linux kernel, offering better performance than older protocols.
+  - **IPSec/L2TP**: Often used in corporate environments, IPSec is used with L2TP to provide encryption at the network layer.
+- **Throughput and Performance**:
+  - **OpenVPN**: Good performance with strong encryption. Suitable for most consumer and many enterprise applications.
+  - **WireGuard**: Exceptional performance, particularly in terms of connection speed and reconnection times over mobile networks.
+- **Security Features**:
+  - **OpenVPN**: High security with configurable encryption methods. Supports various authentication mechanisms including certificates, pre-shared keys, and user authentication.
+  - **WireGuard**: Uses state-of-the-art cryptography and aims to be as easy to configure and deploy as SSH.
+- **Deployment**:
+  - **Configuration**: Both OpenVPN and WireGuard offer easy-to-use CLI tools and are supported by a variety of GUIs across Linux distributions.
+  - **Compatibility**: Supported across a wide range of devices and Linux distributions.
+- **Advantages**:
+  - **OpenVPN**: Wide adoption, extensive documentation, and strong community support.
+  - **WireGuard**: Modern cryptographic techniques, minimalistic design, and kernel-level integration for optimal performance.