Project Nova

Nova Cyber Security Software Features

Nova was developed under Army SBIR A10-014 with the objective to develop a system to limit the effectiveness of a cyber attack and to increase the resources required by an intruder to perform hostile reconnaissance of the network, resulting in additional time for the defenders to mount an appropriate response.

The premise of Nova was to develop a method to give incorrect information to attackers, so they waste time and resources attempting to exploit systems and services that may or may not exist.  The attacker will get a false picture of the number and types of systems connected to the network; when a false machine is contacted, or when an inappropriate network scan is performed, Nova will alert the system administrator of an attack.

Nova Overview

  • Nova has an easy to use web interface for monitoring, configuration, and information logs
  • Nova deploys of any number lightweight honeypots which look like real machines:
  • Honeypots fool Operating System version fingerprinters and can act like any one of thousands of operating systems
  • Honeypots will respond to ICMP packets and TCP probes
  • Honeypots can acts as proxies and make it so real services on your network will appear on the honeypots
  • Honeypots emulate dozens of common network services such as Telnet, FTP, and HTTP
  • An automated honeypot generator creates honeypots by scanning your network and creating honeypots that are configured to look like your existing systems
  • Nova monitors all traffic to honeypots and looks for hostile traffic patterns
  • Nova monitors all logins to honeypot services and logs those IPs as hostile
  • Nova alerts users with email, rsyslog, and an easy to use web interface dashboard

Nova Complements Existing Security Tools

Nova is meant to complement, not replace, the usual suite of security tools such as firewalls, anti-virus software, and traditional signature based intrusion detection systems.  Firewalls provide a first line of defense against attackers.  Antivirus software and traditional intrusion detection tools perform deep payload matching and analysis.  Nova works differently; by deploying a network of honeypots it actively fools attackers performing network reconnaissance, a first step in network attacks that traditional security tools usually miss.  Additionally, in cases besides honeypot logins, Nova only observes the packet headers and traffic characteristics, providing a unique and difficult to bypass classification system, while signature based scanners can easily be bypassed by clever attackers and advanced persistent threats that have the time and resources to customize a payload.