SELinux Firewall

SELinux Firewall

SELinux Firewall is an application-level firewall designed to provide advanced security measures, ensure alignment with industry and military standards, and facilitate forensic analysis. Built on the principles of SELinux (Security-Enhanced Linux), SELinux Firewall integrates robust, fine-grained Mandatory Access Control (MAC) to enforce the principle of least privilege. This ensures that each process operates with only the permissions it requires.

SELinux Firewall aligns with the CIS (Center for Internet Security) Level 2 benchmarks for servers and follows the audit-related requirements of the STIG (Security Technical Implementation Guide), a set of cybersecurity guidelines endorsed by the Department of Defense (DoD). Additionally, it supports efficient collection and transmission of log data to systems such as Logstash, Elasticsearch, or Kafka. By emphasizing performance, stability, and security, SELinux Firewall delivers a high-performance, enterprise-ready solution for secure and reliable data transmission.

SELinux Firewall Features

SELinux Fine-Grained MAC

• Provides strong protection by confining users, applications, and services, preventing unauthorized access, and minimizing the impact of potential exploits.
• Supports Type Enforcement (TE), Role-Based Access Control (RBAC), Multi-Level Security (MLS), and Multi-Category Security (MCS).
• Enforces the principle of least privilege to ensure that each process operates with only the permissions it needs.
• Offers robust control over network access.

Comprehensive Auditing System

• Consistently gathers data on security-relevant events.
• Facilitates investigation of security policy breaches.
• Aligns with STIG guidelines to meet DoD cybersecurity recommendations.

Labeled IPsec Integration

• Combines IPsec with MAC labels to enhance security.
• Assigns MAC labels to IP packets to enforce policies effectively.
• Includes the full security context in packet labels.
• Prevents attacks on remote audit servers originating from compromised proxies.

Proxy Servers and Secure Traffic Management

SELinux Firewall provides comprehensive proxy services with advanced filtering capabilities to ensure secure and efficient traffic management. Unlike traditional IP-level NAT firewalls that allow direct sessions between clients and destination servers, SELinux Firewall’s proxy servers establish separate sessions for client-proxy and proxy-server communications. This architecture enhances security by isolating clients from direct contact with potentially untrusted servers, thereby reducing the risk of protocol-level vulnerabilities and attacks. Operating at layer 7 of the OSI model, SELinux Firewall provides application-level inspection and filtering to enforce security policies tailored to specific applications and protocols.

Application Protocol Support

SELinux Firewall supports a wide variety of application protocols commonly used in web servers, email servers, and reverse proxies, including:

• HTTP/HTTPS
• HTTP/2
• gRPC
• WebSocket
• SMTP/SMTPS
• IMAP/IMAPS
• POP3/POP3S
• MongoDB
• Redis
• MySQL
• PostgreSQL

SSL/TLS termination is supported, enabling secure communication by decrypting and encrypting SSL/TLS traffic at the firewall.

Application Filters

SELinux Firewall includes several application filters to manage and secure various types of traffic:

• Mongo Proxy Filter: Provides visibility and control over MongoDB traffic.
• Redis Proxy Filter: Manages and optimizes Redis traffic.
• MySQL Proxy Filter: Controls and monitors MySQL traffic.
• PostgreSQL Proxy Filter: Controls and monitors PostgreSQL traffic.

HTTP Filters

The firewall supports a range of HTTP filters for detailed traffic management and security:

• Router Filter: Routes HTTP requests to appropriate upstream clusters.
• JWT Auth Filter: Handles JSON Web Token (JWT) authentication.
• Rate Limit Filter: Applies rate limiting policies to HTTP traffic.
• CORS Filter: Manages Cross-Origin Resource Sharing (CORS) headers.
• gRPC JSON Transcoder Filter: Converts RESTful JSON requests to gRPC and vice versa.
• HTTP Buffer Filter: Buffers HTTP requests for inspection or rate limiting.
• External Authorization Filter: Delegates authorization decisions to an external service.

Intrusion Detection (AIDE)

• Incorporates AIDE for detecting unauthorized system changes.

Forensic Data Collection

• Collects extensive logs of security-relevant events for forensic analysis.
• Provides data that can be leveraged by AI systems in real-time to counteract attackers.
• Supports detailed forensic analysis by external systems.

IDM Integration

• Centralizes user management and authentication across platforms.
• Streamlines access control and enhances overall security.

By integrating these features, SELinux Firewall ensures a secure, efficient, and standards-aligned system for protecting sensitive environments. All processes are fully confined.