Mac OS X | Security / Privacy | Monitor / Keylog | HenWen

HenWen - 2.0

GUI for Snort network intrusion detection system

Download v 2.1.2

(File Size: 1.7M)

Free Product Alerts!

All Time:	(4.7)
Version 2.0:	(4.5)
Selected Version:	2.0
Release Date:	2003-04-23
License:	Freeware
Downloads (version 2.0):	2,743
Downloads (all versions):	37,631

Information Related to Version:

Broken Link? Newer Version? Tell us!

Product Description:

HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary.

Features:

Drag and drop installation (no installer or uninstaller necessary)
Includes a precompiled Snort 2.0 binary for Mac OS X (with the Spade and ASN.1 patches applied)
Supports all major Snort preprocessor and output plugins
Supports statistical packet anomaly detection with Silicon Defense's Spade
Supports all Snort rule sets, and makes it easy to add additional rule sets
Supports configuring all current Snort rule variables
Supports direct logging to MySQL databases
Supports ODBC database logging (for PostgreSQL, Oracle, MS SQL Server, and more)
Supports auto-blocking
Can update Snort rules over the network
Can set up Snort to run at system startup
Includes a helper application, LetterStick, which can:

Provide real-time security alert pop-up windows
E-Mail alerts as they are received
Speak the alert text, or play a sound effect, when an alert is received
Use Terminal to view the Snort logs

Supports modem and broadband network connections
Runs on HFS+, UFS, AFP, and NFS volumes (SMB and other volume types should work as well, but they haven't been tested)
Available in English, German, and French (in the same package)

What's new in this version:

Updated to Snort 2.0, which includes a number of new features, including faster pattern matching, enhanced protocol decoding and anomaly detection, another important security fix (see http://www.kb.cert.org/vuls/id/139129), and many bug fixes.
Changes to HenWen:

Uses a brand new XML-based alert configuration system that is more flexible, less prone to breakage, easier to configure, fits in one tab, and works similarly to IDScenter's ruleset wizard. Unfortunately, it is not backward compatible with the old system, so you will need to re-enter your rule settings if upgrading from a previous version of HenWen (sorry).
Support for the ARP spoof preprocessor (finally!).
Support for all of Snort 2.0's engine configuration options.
Support for MySQL 4.0.x.
HenWen can now do a simple security check on bundled files to make sure they haven't been modified behind your back. This can be enabled or disabled in HenWen's new Preferences window (choose "Preferences..." from the application menu).
HenWen now does a better job of handling security authorization failures.
HenWen's window is smaller now.
Added a new menu item, "Open Console" to the Special menu, to make it easier to bring up the Console when something goes wrong.
Numerous internal fixes for better forward compatibility.
Things that have been dropped: Mac OS X 10.1.x support, the Italian localization, and the shellcode preprocessor (which is no longer part of Snort).

Changes to LetterStick:

LetterStick now runs as a background application with a menu bar status item. If you would like to return to the older foreground version of LetterStick, uncheck the "Run LetterStick as a background application" check box in its preferences, and restart the program.
LetterStick now keeps track of the most reported alerts as a statistic.
Integration with the Snort.org rule set database. If alert pop-ups are turned on in LetterStick, and a rule triggers an alert, then there's a new button called "What's this?" that will point your Web browser to an online database entry containing more information about the alert. Also, E-Mailed alerts triggered by a rule will contain a hyperlink to the same online database.

Other changes:

The snort-log-rotate shell script has been updated. Manual configuration of the network interface value is no longer necessary.
The manual has been updated.