Engarde Secure Linux Professional Review

Most people who know me often tell me that I am paranoid. I say that I have good reason to be. Hacker attacks and malicious code are just a few examples of why I am cautious with my computer systems.

Guardian Digital's Engarde Secure Linux Professional offers a lightweight, robust, and secure Linux Distribution for small and large networks.

A Great Distribution

The very first thing that I noticed about Engarde Secure Linux was how light weight it was. I believe that the Installation CD was about 120MB. Installation took about ten minutes. The cool thing was that it is basically secure out of the box. This ultimately depends on how well you configure your new Engarde Box. It was designed to be secure but a novice user could really mess things up.

To be safe use a tool like Nessus to check your systems security after you have set it up. This distribution is really great for small to large business. Ease of administration and added security means less man hours. The home business user would appreciate its completeness, ease of use, and its low cost. One feature I really liked was the web based administration. You can easily administer most of the system directly from this secure interface.

Other notable features are:

• Secure easy web interface.
• Robust and lightweight host.
• Network Intrusion Detection (LIDS & Snort).
• Web interface to Tripwire.
• DNS, Secure E-mail, secure FTP server, and secure web server.
• Built-in Firewall, NAT support.
• Proactively monitor activity and track network access.
• DSL/Cable Modem Ready.
• DHCP client.
• Web based Backup tool.
• Supports numerous devices.
• 2.2.20X Kernel.

Installation

Installation was pretty straight forward. I actually used a VMWare Session for the installation. The machine was had 1.5GHZ Processor, 256MB RAM, 10GB RAM allocated to it. The entire installation was straight forward and simple. Non- *nix gurus should be able to install it. You should still have a good understanding of networks, protocols, different types of servers, etc. The auto disk partitioning worked like a champ and there is an option for the more seasoned user to manually partition disks.

Lightweight!

As I said before Engarde Secure Linux is an extremely lightweight. Packaging a minimal amount of services accomplishes this. Most major Linux distributions tend to bundle tons of junk you really don't need. That approach is great for the average user who wants to pick and choose what they want to run but not too good for just a server. Those added services also tend to compromise security. Guardian Digital has packaged only the services you need to get the job done. Also, instead of enabling every single service packaged Engarde makes you turn on only those you wish to run.

Secure

Engarde is probably the most secure Linux distribution on the market. If I'm wrong then I'm sure that the readers will surely let me know! Anyhow as I stated earlier Engarde does not package a bunch of unnecessary software. Less to keep under wraps. Access to certain files (IE /var/log) is stripped from ordinary users. Why do they need to see that stuff anyway? Popular servers have been replaced with others (IE Uses PostFix MTA instead of Sendmail) which help prevent the likelihood of a successful attack. There are lots of tools for network security and SSH is enabled on default. I really love this feature! I personally believe that telnet is evil.

Updates

Updating the system is made really easy through the Guardian Digital secure network. This utility is web enabled. All you need is a connection to the Internet (I recommend a high speed one). There is the Update Agent which updates existing packages. Installation Agent checks for new Installable packages. Install from local media allows you to install new packages locally (IE a CDROM). I used this feature to install Engarde Secure Professional Workstation. Stay tuned for that review.

Summary

I am happy to see a Linux distribution that is really secure straight from the box. You can tell that a lot of thought and planning went into it. Instead of lumping a bunch of programs together and calling it a distribution, Engarde was designed to be Secure from the ground on up. It was also designed with business in mind. In other words it has a purpose. Few distributions sport a good web interface for administration like Engarde, especially as an integral part of the system. Overall I am happy with the way it performs.