HeX LiveCD development in 2011

This is the 3rd post relating to planned development for FreeBSD-based O/S this yea (1: PC-BSD, 2: pfSense)

HeX LiveCD is a Network Security Monitoring (NSM) centric Live CD, built based on the principles of NSM, for analysts, by analysts. Besides containing most of the popular Open Source NSM tools, the HeX Live CD also contains tools to perform network forensics.

HeX 2.0, released in October 2008, is based on FreeBSD 7.0 and comes with Fluxbox as the default desktop environment. Development has slowed down with no new releases since, but the team has plans to change this in 2011.

C.S. Lee, project leader writes with regards to his 2011 development plans:

“We don’t have clear roadmap for what we are going to do with HeX in 2011, however the HeX 3.2 beta version will be released once we go through the testing phase, actually we have the HeX that is based on FreeBSD 8.2 in our closed development, and we will release the beta after we have tested ourselves.

Though we don’t have any roadmap specifically for this year, we do have todo

  • Split development – HeX will have 3 versions – Workstation, Sensor, Server(We really hope to get this done for a while but all the members are busy with own works). Right now we have HeX workstation only that’s available for security analyst to do packet post processing.
  • Remain bsd spirit, while we use HeX for many situation, especially for our security consulting works, it will remain free and open.
  • Improve the installer, not many actually know we have the easiest installer even before pc-bsd having one, we have modified version of bsd installer to get HeX installed to your laptop or vm, and many don’t know about it.
  • Largest packet processing and analysis tools in HeX workstation, you can compare ours with the rest of liveCD and you will definitely find we have almost all packet analysis tools in HeX, and all of them are categorized professionally
  • NSM Console improvement – you may have never heard of NSM Console, we actually have NSM Console that glue all the packet analysis tools together, it’s very modular and flexible where you can include any tools by writing the simple module. It’s like metasploit for packet analysis. NSM Console is written in ruby. We will ask for feedback and also suggestion to improve the tool.
  • HeX USB Stick – We actually have this in house, and we will release it soon, the reason we don’t release previously because FreeBSD has a lot of hard time when trying to boot from USB device until the USB stack has improved lately.
  • Include more tools, if you know any packet analysis tools that want to be included into HeX, let us know.
  • So for HeX Server and Sensor, I would like to explain a bit, for the server it will be a central server to collect all the network data from the sensor
  • For the HeX Sensor they will have tools like snort, bro, argus and many others, they will collect the network data and send to the HeX Server, then we can use HeX workstation to login to HeX Server and do the analysis.
  • HeX will also take advantage from the FreeBSD network stack development, for example in 8.2 BPF zero copy i implemented, and people may not heard about freebsd ringmap, so we may include ringmap implementation for our HeX Sensor, it’s currently in the testing and can be used with freebsd stable. Thanks to Alexandar for his work on that.

I would like to emphasize that with HeX normally you get almost full scale packet analysis platform, e.g, if you want to do ids/ips you can use snort/bro, if you want to do netflow analysis you can use argus/silktools/nfdump/fprobe/etc, and if you want to do statistical analysis you can use ourmon/tcpdstat/darkstat, if you want to do packet¬†visualization, you can use afterglow, etherape and so forth.”

Thanks for the update, Mr Lee, and wishing you and the team all the best for 2011.

If you have used HeX LiveCD in the past or are still using it, what is your experience and what would you like to be added or changed? Let us know in the comments below.