Program Book Short Term Internship

AP STATE COUNCIL OF HIGHER EDUCATION

(A STATUTORY BODY OF GOVERNMENT OF ANDHRA PRADESH)
Virtual Internship Cybersecurity

A SHORT-TERM INTERNSHIP REPORT ON

CYBER SECURITY
Submitted in partial fulfillment of the requirements for the Award of Degree of
BACHELOR OF TECHNOLOGY
in
COMPUTER SCIENCE AND ENGINEERING
Submitted by
S. RAASHEED RABBANI 20AM1A0537

Under Supervision of

Mrs. G. RAGA JYOTHI, MTech

Assistant Professor, Dept. of CSE

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

SVR ENGINEERING COLLEGE

AYYALUR METTA, NANDYAL, KURNOOL(DIST.) – 518503
(Approved by AICTE, permanently affiliated to JNTUA, Anantapur)
ECE & CSE Dept are accredited by NBA.
NANDYAL, ANDHRA PRADESH.
Academic Year: 2020 - 2024
Virtual Internship Cybersecurity

SVR ENGINEERING COLLEGE

AYYALUR METTA, NANDYAL, KURNOOL(DIST.) – 518503
(Approved by AICTE, permanently affiliated to JNTUA, Anantapur)
ECE & CSE Dept are accredited by NBA.

CERTIFICATE
This is to certify that the “Short – Term Internship report” on CYBER SECURITY submitted by S.
RAASHEED RABBANI (Regd. No.: 20AM1A0537) is a bonafide work done by him and submitted
during 2023 - 2024 academic year, in partial fulfillment of the requirements for the award of the degree of
BACHELOR OF TECHNOLOGY in COMPUTER SCIENCE AND ENGINEERING, at PALO
ALTO Networks.

Signature of the Co-Ordinator Signature of the Guide

K. AMARENDRANATH MTech Mrs. G. RAGA JYOTHI MTech

Assistant professor, CSE Assistant Professor , CSE

Signature of HOD
Head of the Department
Assistant Professor & HOD, Dept. Of CSE
Virtual Internship Cybersecurity

SVR ENGINEERING COLLEGE

(Approved by AICTE, permanently affiliated to JNTUA, Anantapur)
ECE & CSE Dept are accredited by NBA.
NANDYAL, ANDHRA PRADESH.

Internship on “CYBERSECURITY”
Name of the Student : S. Raasheed Rabbani
Regd. Number : 20AM1A0537
Department : CSE
Program : BTech
Regulation : R20
Year & Semester : IV BTech – I Semester
Duration : 10/05/2023 - 25/06/2023
Domain : Cyber Security
Supported by : Palo Alto Networks, Edu Skills
Type of Internship : Virtual (Online)
Date of Submission :

Signature of the Student Signature of HOD

Virtual Internship Cybersecurity

PROGRAM BOOK FOR

SUMMER INTERNSHIP
(Virtual)

Name of the Student: SYED. RAASHEED RABBANI

Name of the College: SVR ENGINEERING COLLEGE

Registration Number: 20AM1A0537

Period of Internship: From: 10/05/2023 To: 12/07/2023

Name & Address of the AICTE EDUSKILLS FOUNDATION

Intern Organization : (Palo Alto Networks)

Virtual Internship Cybersecurity

Student’s Declaration

I, SYED. RAASHEED RABBANI, a student of B. Tech Program, Reg. No. 20AM1A0537 of the
Department of COMPUTER SCIENCE AND ENGINEERING, SVR ENGINEERING
COLLEGE do hereby declare that I have completed the mandatory Virtual Internship from MAY
2023 to JULY 2023 in AICTE-EDUSKILLS FOUNDATION under the Faculty Guideship of
Mrs. G. RAGA JYOTHI MTech, Department of Computer Science & Engineering, at SVR
ENGINEERING COLLEGE.

(Signature and Date)

Endorsements

Faculty Guide

Head of the Department

Principal

SVREC 0
Virtual Internship Cybersecurity

Certificate from Intern Organization

SVREC 1
Virtual Internship Cybersecurity

Vision and Mission of the Institute

Vision:
▪ To produce Competent Engineering Graduates & Managers with a strong base of Technical &
Managerial Knowledge and the Complementary Skills needed to be Successful Professional
Engineers & Managers.
Mission:
▪ To fulfill the vision by imparting Quality Technical & Management Education to the Aspiring
Students by creating Effective Teaching/Learning Environment and providing the State-of-the-
Art infrastructure and Resources.
Vision and Mission of the Department
Vision:
▪ To produce Industry ready Software Engineers to meet the challenges of 21st Century.
Mission:
▪ Impart core knowledge and necessary skills in Computer Science and Engineering through
innovative teaching and learning methodology.
▪ Inculcate critical thinking, ethics, lifelong learning and creativity needed for industry and society.
▪ Cultivate the students with all-round competencies, for career, education and self- employability.

Program Educational Objectives (PEOs):

SNO: PEO Number PEOs’
1 PEO 1 Graduates will be prepared for analysing, designing, developing and testing
the software solutions and products with creativity and sustainability
2 PEO 2 Graduates will be skilled in the use of modern tools for critical problem
solving and analysing industrial and societal requirements
3 PEO 3 Graduates will be prepared with managerial and leadership skills for career
and starting up own firms
Program Specific Outcomes (PSOs):
SNO PSO Number PSO
1 PSO 1 Develop creative solutions by adapting emerging technologies / tools for real
time applications.
2 PSO 2 Apply the acquired knowledge to develop software solutions and innovative
mobile apps for various automation applications

SVREC 2
Virtual Internship Cybersecurity

Program Outcomes (PO's):

PO Graduate PO Statements
Number Attributes
1 Engineering Apply the knowledge of mathematics, science, engineering
Knowledge fundamentals, and an engineering specialization to the solution of
complex Engineering problems.
2 Problem Analysis Identify, formulate, review research literature, and analyse
Complex engineering problems reaching substantiated conclusions
using first principles of mathematics, natural sciences, and
engineering sciences.
3 Design/Development Design solutions for complex engineering problems and design
of Solutions system components or processes that meet the specified needs with
appropriate consideration for the public health and safety, and the
cultural, societal, and environmental considerations.
4 Conduct Ability to review research literature, use research methods to
Investigations of execute project and synthesize the problem to provide valid
Complex Problems conclusions.

5 Modern Tool Usage Create, select, and apply appropriate techniques, resources,
and modern engineering and IT tools including prediction and
modelling to complex engineering activities with an understanding
of the limitations.
6 The Engineer and Apply reasoning informed by the contextual Knowledge to assess
Society societal, health, safety, legal and cultural issues and the consequent
responsibilities relevant to the professional engineering practice.

7 Environment and Understand the impact of the professional engineering solutions in

Sustainability societal and environmental contexts, and demonstrate the
knowledge of, and need for sustainable development.
8 Ethics Apply ethical principles and commit to professional ethics and
responsibilities and norms of the engineering practice.
9 Individual and team Function effectively as an individual, and as a member or leader in
work diverse teams, and in multidisciplinary settings.
10 Communication Communicate effectively on complex engineering activities with
the engineering community and with society at large, such as,
being able to comprehend and write effective reports and design
documentation, make effective presentations, and give and receive
clear instructions.
11 Project Management Demonstrate knowledge and understanding of the engineering and
and Finance management principles and apply these to one’s own work, as a
member and leader in a team, to manage projects and in
multidisciplinary environments.
12 Life-long Learning Recognize the need for, and have the preparation and ability to
engage in independent and life-long learning in the broadest
context of technological change.

SVREC 3
Virtual Internship Cybersecurity

ACKNOWLEDGEMENT

An endeavor of a long period can be successful only with the advice of many well-wishers. I take
this opportunity to express my deep gratitude and appreciation to all those who encouraged for
successfully completion of the internship work.

I am thankful to my Guide Mrs. G. Raga Jyothi MTech for her valuable guidance and suggestions
in analyzing and testing throughout the period, till the end of internship work completion.

I would like to thank to Mr. K. Amarendranath MTech internship coordinator Department of

CSE for their support and advices toget and complete internship in above said organization.

I would like to thank my Head of the Department M.N. Mallikarjuna Reddy MTech for his
constructive criticism throughout my internship.

It is indeed with a great sense of pleasure and immense sense of gratitude that I acknowledge the
help of these individuals.

I wish to express my sincere gratitude to our Managing Director S. DINESH REDDY and
o u r h o n o r a b l e Principal Dr. P. MALLIKARJUNA REDDY, for the facilities provided to
accomplish this internship.

I am sincerely thankful to AICTE-EDUSKILLS for giving me the opportunity to do a virtual

internship.

In conclusion, I am extremely grateful to my department staff members who helped me in

successful completion of this internship.

S. Raasheed Rabbani
(20AM1A0537)

SVREC 4
Virtual Internship Cybersecurity

ABSTRACT

This abstract provides a comprehensive overview of key elements in the field of cybersecurity,
covering fundamental concepts in network security, cloud security, and Security Operations Centers
(SOC) and this course offered by Palo Alto Networks.

▪ The Introduction to cybersecurity sets the stage by emphasizing the increasing importance of
safeguarding digital assets in our interconnected world. As technology evolves, so do the
threats, making it imperative to establish robust security measures.

▪ Fundamentals of network security delve into the core principles of securing communication
channels and data exchange within a network. Topics include encryption, firewalls, and
intrusion detection systems, providing a solid foundation for building secure infrastructures.

▪ Cloud security fundamentals explore the unique challenges posed by cloud computing
environments. As organizations increasingly migrate to the cloud, understanding the
principles of data protection, identity management, and secure access becomes paramount.

▪ The fundamentals of Security Operations Centers (SOC) are crucial in maintaining a proactive
cybersecurity stance. The abstract covers the key components of a SOC, including threat
detection, incident response, and continuous monitoring. It emphasizes the role of skilled
professionals and advanced technologies in identifying and mitigating cyber threats.

In conclusion, this abstract serves as a roadmap for individuals seeking a holistic understanding of
cybersecurity, addressing essential components such as network security, cloud security, and the
operations of a Security Operations Center. This foundation is crucial for building robust and adaptive
cybersecurity strategies in the face of evolving digital threats.

This abstract provides a glimpse into a comprehensive cybersecurity course from Palo Alto Networks,
offering a well-rounded education on next-generation firewall technologies, cloud security, and
proactive defense strategies.

SVREC 5
Virtual Internship Cybersecurity

INDEX

1.EXECUTIVE SUMMARY 8-9

2.OVERVIEW OF THE ORGANISATION 10 - 11

3.INTRODUCTION 12 - 19

3.1 Introduction to Cyber Security 13

3.2 Introduction to SaaS 14

3.3 Vulnerabilities and Exploits 15 - 19

4.INTERNSHIP PART 20 - 24

4.1: Introduction to Cyber Security 20

4.2: Fundamentals of Network Security 21

4.3: Fundamentals of Cloud Security 22

4.4: The fundamentals of SOC 23

4.5: Weekly Reports 24

5. GALLERY/ PHOTOS 25 - 28

6.CONCLUSION 29

7.REFERENCES 30

8. EVALUATION PART 31 - 32

SVREC 6
Virtual Internship Cybersecurity

Learning Objectives/Internship Objectives

Internships are generally thought of to be reserved for college students looking to gain
experience in a particular field. However, a wide array of people can benefit from Training
Internships in order to receive real world experience and develop their skills.

An objective for this position should emphasize the skills you already possess in the area and
your interest in learning more.

Internships are utilized in a number of different career fields, including architecture,

engineering, healthcare, economics, advertising and many more.

Some internship is used to allow individuals to perform scientific research while others are
specifically designed to allow people to gain first-hand experience working.

Utilizing internships is a great way to build your resume and develop skills that can be
emphasized in your resume for future jobs. When you are applying for a TrainingInternship,
make sure to highlight any special skills or talents that can make you stand apart from the rest
of the applicants so that you have an improved chance of landing the position.

SVREC 7
Virtual Internship Cybersecurity

1. EXECUTIVE SUMMARY

Reporting on the performance of cyber risk and security programs is critical to avoiding
breaches, learning from prior performance, and mitigating risk. Effective communication and
decision making between different levels of an organization – from the practitioners and managers
on the ground to the C-suite and the Board – can be the difference between keeping systems secure
and suffering a massive incident.
Learning Objectives:

• Develop a deep understanding of network security fundamentals, including firewalls,

intrusion detection systems, and encryption.

• Gain expertise in configuring and managing industry-leading network security solutions,

with a focus on Fortinet technologies.
• Master the art of crafting and enforcing security policies to ensure compliance with industry
standards and regulations.

• Acquire the skills necessary to detect, analyze, and respond to security incidents with
precision and efficiency.

• Learn how to implement and manage virtual private networks (VPNs) for secure remote
access.

• Enhance problem-solving and critical-thinking abilities by troubleshooting network

security issues.

• Develop proficiency in network monitoring and traffic analysis to identify and mitigate
security threats.

• Cultivate strong communication and teamwork skills through collaboration with experts in
the field.

• Gain insights into security best practices, vulnerability management, and threat intelligence.

• Explore potential career paths in network security and cybersecurity, with guidance on
professional development.

SVREC 8
Virtual Internship Cybersecurity

Outcomes Achieved:
• Protection Against Unauthorized Access: Network security measures ensure that only
authorized individuals or devices can access the network and its resources. This prevents
unauthorized users from compromising sensitive data or systems.
• Data Confidentiality: Network security measures, such as encryption, help maintain the
confidentiality of data during transmission and storage, ensuring that sensitive information
remains private.
• Data Integrity: Network security safeguards prevent data from being tampered with during
transmission or storage, ensuring that data remains accurate and unaltered.
• Availability: A well-implemented network security strategy ensures that network resources
and services are available when needed. This reduces downtime due to cyber-attacks or
other disruptions.
• Prevention of Malware and Viruses: Network security tools, such as firewalls and
antivirus software, can detect and block malware and viruses, preventing them from
infecting devices and spreading through the network.
• Protection Against Insider Threats: Network security measures can also monitor and
detect suspicious activities by authorized users, helping to mitigate the risk of insider
threats.
• Detection and Mitigation of Cyber Threats: Network security solutions, such as intrusion
detection and prevention systems (IDPS), can identify and respond to cyber threats in real-
time, helping to minimize the impact of attacks.
• Compliance with Regulations: Effective network security measures help organizations
comply with industry-specific regulations and data protection laws, reducing legal and
financial risks.
• Business Continuity: Network security measures contribute to business continuity by
preventing disruptions caused by security incidents, ensuring that operations can continue
without major interruptions.
• Cost Savings: While investing in network security solutions can have upfront costs, the
long-term outcome is often cost savings. Preventing security breaches and data breaches
can save organizations significant financial and reputational.

SVREC 9
Virtual Internship Cybersecurity

2. OVERVIEW OF THE ORGANISATION

Palo Alto Networks is a leading cybersecurity organization headquartered in Santa

Clara, California. Founded in 2005, the company has established itself as a formidable force
in the realm of cybersecurity solutions. Its core product, the Next-Generation Firewall
(NGFW), has redefined network security by offering advanced features like application-level
visibility and control, ensuring protection against an ever-evolving landscape of cyber threats.
Palo Alto Networks has also ventured into cloud security with Prisma Cloud, safeguarding
cloud-native applications and data. With a global reach, a commitment to cybersecurity
research through initiatives like Unit 42, and strategic acquisitions to bolster its capabilities,
Palo Alto Networks continues to play a pivotal role in safeguarding organizations against
cyberattacks and securing the digital world. Here's an overview of the organization:

1. Products and Services: Palo Alto Networks offers a range of cybersecurity products
and services, including next-generation firewalls, cloud security, endpoint protection, threat
intelligence, and security analytics.
2. Next-Generation Firewall (NGFW): Their NGFW technology is a key product,
providing advanced features such as application visibility and control, intrusion prevention, and
user-based policies to protect against evolving cyber threats.
3. Cloud Security: Palo Alto Networks has expanded its offerings to address cloud
security challenges. Their Prisma Cloud platform provides security for cloud-native
applications, ensuring the protection of data and workloads in cloud environments.
4. Global Reach: The company has a global presence and serves organizations of all
sizes, from small businesses to large enterprises, across various industries.
5. Threat Intelligence: Palo Alto Networks operates a threat intelligence platform called
Unit 42, which conducts research on emerging threats and provides insights to the cybersecurity
community.
6. Cybersecurity Ecosystem: Palo Alto Networks actively engages in building a holistic
cybersecurity ecosystem. This involves integration with other cybersecurity tools and
technologies to create a unified defense strategy. Their focus on interoperability allows
organizations to enhance their overall security posture.

SVREC 10
Virtual Internship Cybersecurity

7. Automation and Orchestration: The company emphasizes the importance of

automation and orchestration in cybersecurity. By automating routine tasks and orchestrating
responses to security incidents, Palo Alto Networks aims to improve the efficiency and
effectiveness of cybersecurity operations.
8. Education and Training: Palo Alto Networks is committed to fostering
cybersecurity education and training. They provide resources, certifications, and training
programs to empower cybersecurity professionals and organizations to better understand and
mitigate emerging threats
9. Community Engagement: The company actively engages with the broader
cybersecurity community. This includes participating in industry events, conferences, and
forums. By fostering collaboration and knowledge sharing, Palo Alto Networks contributes to
the collective resilience against cyber threats.
10. Regulatory Compliance: Recognizing the importance of regulatory compliance, Palo
Alto Networks designs its solutions to help organizations meet industry-specific and regional
cybersecurity regulations. This is particularly crucial for businesses operating in highly
regulated sectors.
11. Customer Support and Services: Palo Alto Networks provides comprehensive
customer support and services. This includes technical assistance, regular updates, and access
to a knowledge base. Their customer-centric approach aims to ensure that organizations can
effectively deploy and manage their cybersecurity solutions.
12. Adaptive Security Architecture: Palo Alto Networks follows an adaptive security
architecture approach. This involves continuous monitoring, analysis, and adaptation to the
evolving threat landscape. This dynamic approach allows for the identification and mitigation
of emerging threats in real-time.
13. Incident Response Capabilities: Palo Alto Networks equips organizations with
robust incident response capabilities. This involves not only the detection of security incidents
but also the provision of tools and processes to respond effectively, minimizing the impact of
security breaches.

SVREC 11
Virtual Internship Cybersecurity

3.INTRODUCTION

3.1 Introduction to Cyber Security

Introduction to Web 2.0 and Web 2.0 Applications
Core business applications are now commonly installed alongside Web 2.0 apps on a variety
of endpoints. Networks that were originally designed to share files and printers are now used
to collect massive volumes of data, exchange real-time information, transact online business,
and enable global collaboration.
Many organizations are recognizing significant benefits from the use of Enterprise 2.0
applications and technologies, including better collaboration, increased knowledge sharing,
and reduced expenses. Click the arrows for more information about common Web 2.0 apps
and services (many of which are also SaaS apps).
Web 3.0
The vision of Web 3.0 is to return the power of the internet to individual users, in much the
same way that the original Web 1.0 was envisioned. To some extent, Web 2.0 has become
shaped and characterized, if not controlled, by governments and large corporations dictating
the content that is made available to individuals and raising many concerns about individual
security, privacy, and liberty.

AI and machine learning are two related technologies that enable systems to understand and
act on information in much the same way that a human might use information. AI acquires
and applies knowledge to find the most optimal solution, decision, or course of action.
Machine learning is a subset of AI that applies algorithms to large datasets to discover
common patterns in the data that can then be used to improve the performance the system.

SVREC 12
Virtual Internship Cybersecurity

Blockchain is essentially a data structure containing transactional records (stored as blocks)

that ensures security and transparency through a vast, decentralized peer-to-peer network
with no single controlling authority. Cryptocurrency, such as Bitcoin, is an example of a
blockchain application.
Managed Security Services
The global shortage of cybersecurity professionals – estimated by the International
Information System Security Certification Consortium (ISC) squared to be 2.72 million in
2021 – is leading many organizations to partner with third-party security services
organizations. These managed security service providers (MSSPs) typically operate a fully
staffed 24/7 security operations centers (SOCs) and offer a variety of services such as log
collection and aggregation in a security information and event management (SIEM) platform,
event detection and alerting, vulnerability scanning and patch management, threat
intelligence, and incident response and forensic investigation, among others.
Protect Networks and Cloud Environments

To effectively protect their networks and cloud environments, enterprise security teams must
manage the risks associated with a relatively limited, known set of core applications, as well
as the risks associated with an ever-increasing number of known and unknown cloud-based
applications. The cloud-based application consumption model has revolutionized the way
organizations do business, and applications such as Microsoft Office365 and Salesforce.

3.2 Introduction to SaaS

Data is located everywhere in today’s enterprise networks, including in many locations that
are not under the organization’s control. New data security challenges emerge for
organizations that permit SaaS use in their networks. With SaaS applications, data is often
stored where the application resides – in the cloud.
SVREC 13
Virtual Internship Cybersecurity

Thus, the data is no longer under the organization’s control, and visibility is often lost. SaaS
vendors do their best to protect the in their applications, but it is ultimately not their
responsibility. Just as in any other part data of the network, the IT team is responsible for
protecting and controlling the data, regardless of the location.

SaaS Security Challenges

Because of the nature of SaaS applications, their use is very difficult to control – or have
visibility into – after the data leaves the network perimeter. This lack of control presents a
significant security challenge: End users are now acting as their own “shadow” IT
department, with control over the SaaS applications they use and how they use them. Click
the arrows for more information about the inherent data exposure and threat insertion risks
of SaaS.
Cyberattack Lifecycle
Modern cyberattack strategy has evolved from a direct attack against a high-value server or
asset (“shock and awe”) to a patient, multistep process that blends exploits, malware, stealth,
and evasion in a coordinated network attack (“low and slow”).

The cyberattack lifecycle illustrates the sequence of events that an attacker goes through to
infiltrate a network and exfiltrate (or steal) valuable data. Blocking just one step breaks the
chain and can effectively defend an organization’s network and data against an attack.
Malicious Outsiders
The most common source of breaches for networks overall is also a critical concern for SaaS
security. The SaaS application becomes a new threat vector and distribution point for
malware used by external adversaries. Some malware will even target the SaaS applications
themselves, for example, retrieved by anyone.
Cyberattack Types
Attackers use a variety of techniques and attack types to achieve their objectives. Malware
and exploits are integral to the modern cyberattack strategy. This lesson describes the
different malware types and properties, the relationship between vulnerabilities and exploits,
and how modern malware plays a central role in a coordinated attack against a target. This
lesson also explains the timeline of eliminate vulnerability.

SVREC 14
Virtual Internship Cybersecurity

Advanced or Modern Malware

Modern malware is stealthy and evasive. It plays a central role in a coordinated attack against
a target. Advanced or modern malware leverages networks to gain power and resilience.

Modern malware can be updated—just like any other software application—so that an
attacker can change course and dig deeper into the network or make changes and enact
countermeasures. This is a fundamental shift compared to earlier types of malwares, which
were generally independent agents that simply infected and replicated themselves.

3.3 Vulnerabilities and Exploits

Vulnerabilities and exploits can be leveraged to force software to act in ways it’s not intended
to, such as gleaning information about the current security defenses in place.
Vulnerability
Vulnerabilities are routinely discovered in software at an alarming
rate. Vulnerabilities may exist in software when the software is
initially developed and released, or vulnerabilities may be
inadvertently created, or even reintroduced, when subsequent version
updates or security patches are installed.
Exploit
An exploit is a type of malware that takes advantage of a vulnerability
in installed endpoint or server software such as a web browser, Adobe
Flash, Java, or Microsoft Office. An attacker crafts an exploit that
targets a software vulnerability, causing the software to perform
functions or execute code on behalf of the attacker.

Patching Vulnerabilities:
Security patches are developed by software vendors as quickly as possible after a
vulnerability has been discovered in their software.
1. Discovery
An attacker may learn of a vulnerability and begin exploiting it before the software vendor
is aware of the vulnerability or has an opportunity to develop a patch.

SVREC 15
Virtual Internship Cybersecurity

2. Test and Deploy Patch

It may be months or years before a vulnerability is announced publicly. After a security patch
becomes available, time inevitably is required for organizations to properly test and deploy
the patch on all affected systems. During this time, a system running the vulnerable software
is at risk of being exploited by an attacker.
3. Cyberattack Techniques
Attackers use a variety of techniques and attack types to achieve their objectives.
Spamming and phishing are commonly employed techniques to deliver malware and
exploits to an endpoint via an email executable or a web link to a malicious website.
Once an endpoint is compromised, an attacker typically installs back doors, remote
access Trojans (RATs), and other malware to ensure persistence.
4. Phishing Attacks
We often think of spamming and phishing as the same thing, but they are actually separate
processes, and they each require their own mitigations and defenses. Phishing attacks, in
contrast to spam, are becoming more sophisticated and difficult to identify.
5. Spear Phishing
Spear phishing is a targeted phishing campaign that appears more credible to its victims by
gathering specific information about the target, giving it a higher probability of success. A
spear phishing email may spoof an organization or individual that the recipient actually
knows and does business with.
6. Whaling
Whaling is a type of spear phishing attack that is specifically directed at
senior executives or other high-profile targets within an organization. A
whaling email typically purports to be a legal subpoena, customer
complaint, or other serious matter.

7. Watering Hole
Watering hole attacks compromise websites that are likely to be visited by a targeted victim-
for example, an insurance company website that may be frequently visited by healthcare
providers. The compromised website will typically infect unsuspecting visitors with
malware.

SVREC 16
Virtual Internship Cybersecurity

8. Advanced Persistent Threats

Advanced persistent threats, or APTs, are a class of threats that are far more deliberate and
potentially devastating than other types of cyberattacks. APTs are generally coordinated
events that are associated with cybercriminal groups.

Example: Lazarus
Attacks against nation-states and corporations are common, and the group of cybercriminals
that may have done the most damage is Lazarus. The Lazarus group is known as an APT.
They were initially known for launching numerous attacks against government and financial
institutions in South Korea & Asia. In more recent years, the Lazarus group has been
targeting banks, casinos, financial investment software developers, & crypto-currency
businesses.

9. Wi-Fi Protected Access

WLAN networks that do not subscribe to an 802.1x model may be authentication challenges.
10. Security Protocols
The Wi-Fi Protected Access (WPA) security standard was published as an interim standard
in 2004, quickly followed by WPA2. WPA/WPA2 contain improvements to protect against
the inherent flaws in the Wired Equivalent Privacy (WEP), including changes to the
encryption.
11. WPA2
WPA2-PSK supports 256-bit keys, which require 64 hexadecimal characters. Because
requiring users to enter a 64-hexadecimal character key is impractical, WPA2 includes a
function that generates a 256-bit key based on a much shorter passphrase created by the
administrator of the Wi-Fi network and the SSID of the AP used as a salt (random data) for
the one-way hash function.

SVREC 17
Virtual Internship Cybersecurity

12. WPA3
WPA3 security enhancements include more robust brute force attack
protection, improved hotspot and guest access security, simpler
integration with devices that have limited or no user interface, and a 192-
bit security suite. Newer Wi- Fi routers and client devices will support
both WPA2 & WPA3 to ensure backward compatibility.

13. Wi-Fi Attacks

There are different types of Wi-Fi attacks that hackers use to eavesdrop on
wireless network connections to obtain credentials and spread malware.
14. Mainframe Computers
Mainframe computers predate the internet. In fact, mainframe computers predate ARPANET,
which predates the internet. Today, an attacker uses the internet to remotely gain access,
instead of physically breaching the data cent perimeter.
15. Processing Power
The primary value of the mainframe computer was its processing power. The relatively
limited data that was produced was typically stored on near-line media, such as tape.
16. Data Center
Data centers today are remotely accessed by millions of remote endpoint devices from
anywhere and at any time. Unlike the RJEs of the mainframe era, modern endpoints
(including mobile devices) are far more powerful than many of the early mainframe
computers and are themselves targets.
17. Conceptual Architecture
With the protect surface identified, security teams can identify
how traffic moves across the organization in relation to the protect
surface. Understanding who the users are, which applications they
are using, and how they are connecting is the only way to
determine and enforce policy that ensures secure access to data.

SVREC 18
Virtual Internship Cybersecurity

18. Routed and Routing Protocols

Routed protocols, such as IP, manage packets with routing information that enables those
packets to be transported across networks using routing protocols.

Routing protocols are defined at the Network layer of the OSI model and specify how routers
communicate with one another on a network. Routing protocols can either be static or
dynamic.
19. Static Routing
A static routing protocol requires that routes be created and updated manually on a router or
other network device. If a static route is down, traffic can’t be automatically rerouted unless
an alternate route has been configured. Also, if the route is congested, traffic can’t be
automatically rerouted over the less congested alternate route.

20. Dynamic Routing

A dynamic routing protocol can automatically learn new (or alternate) routes and determine
the best route to a destination. The routing table is updated periodically with current routing
information.
21. Area Networks and Topologies

Most computer networks are broadly classified as either LANs or WANs.

22. LANs
A LAN is a computer network that connects end-user devices such as
laptop and desktop computers, servers, printers, and other devices so that applications,
databases, files, etc., can be shared among authorized users on the LAN. A LAN can be
wired, wireless, or a combination of wired and wireless. Examples of networking equipment
commonly used in LANs include bridges, hubs, repeaters, switches, and wireless APs. Two
basic network topologies are commonly used in LANs are Star topology and Mesh topology.

SVREC 19
Virtual Internship Cybersecurity

4. INTERNSHIP PART
This Internship consists of 4 Modules:
1.Introduction to Cyber security

2.Fundamentals of Network security

3.Fundamentals of Cloud security

4.The Fundamentals of SOC (security operations securities)

And each module consists of lessons which provides in details of each module explain.

4.1: Introduction to Cyber Security

It is also known as information technology security or electronic information security.

Cybersecurity can be divided into several categories such as network security, application security,
information security, operational security, disaster recovery and business continuity, and end-user
education.

• Network security is the practice of securing a computer network from intruders, whether
targeted attackers or opportunistic malware.
• Application security focuses on keeping software and devices free of threats. A compromised
application could provide access to the data it’s designed to protect. Successful security begins
in the design stage, well before a program or device is deployed.
• Information security protects the integrity and privacy of data, both in storage and in transit.
• Operational security includes the processes and decisions for handling and protecting data
assets. The permissions users have when accessed a network and the procedures that determine
how and where data may be stored or shared all fall under this umbrella.
• Disaster recovery and business continuity define how an organization responds to a cyber-
security incident or any other event that causes the loss of operations or data. Disaster recovery
policies dictate how the organization restores its operations and information to return to the same
operating capacity as before the event. Business continuity is the plan the organization falls back
on while trying to operate without certain resources.

SVREC 20
Virtual Internship Cybersecurity

• End-user education addresses the most unpredictable cyber-security factor: people. Anyone
can accidentally introduce a virus to an otherwise secure system by failing to follow good security
practices.
4.2: Fundamentals of Network Security
Network security is the practice of securing a computer network from intruders, whether
targeted attackers or opportunistic malware. It involves taking preventative measures to protect the
underlying networking infrastructure from unauthorized access, misuse, malfunction, modification,
destruction or improper disclosure .The fundamentals of network security include detection,
protection, and response .Here are some key concepts:

1.Data Protection: Network security safeguards sensitive data from unauthorized access, ensuring
confidentiality and integrity of information.

2.Preventing Unauthorized Access: It prevents unauthorized users from accessing private networks
and systems, keeping malicious actors at bay.

3.Business Continuity: Network security measures prevent disruptions in business operations caused
by cyberattacks, ensuring smooth functioning.

4.Maintaining Customer Trust: Strong network security builds trust among customers, assuring
them that their data is safe and protected.

5.Compliance: Many industries have regulatory requirements regarding data protection. Network
security helps in complying with these regulations, avoiding legal consequences.

4.3: Fundamentals of Cloud Security

Cloud security is a discipline of cybersecurity focused on the protection of cloud computing systems.
It involves a collection of technologies, policies, services, and security controls that protect an
organization’s sensitive data, applications, and environments . The fundamentals of cloud security
include detection, protection, and response . Here are some key concepts:

• Access control: This is the practice of restricting access to a cloud or specific resources within
a cloud to authorized users only. Access control can be implemented using various methods such
as passwords, biometric authentication, and smart cards .
• Firewalls: A firewall is a network security system that monitors and controls incoming and
outgoing network traffic based on predetermined security rules hardware based.

SVREC 21
Virtual Internship Cybersecurity

• Virtual Private Networks (VPNs): A VPN is a secure connection between two networks
over the internet. VPNs are used to provide secure remote access to an organization’s network
resources .
• Intrusion Detection System (IDS): An IDS is a network security system that monitors
network traffic for signs of malicious activity and alerts the system administrator when it detects
such activity. IDSs can be hardware-based or software-based .

4.4: The Fundamentals of SOC

A Security Operations Center (SOC) is a centralized function within an organization that employs
people, processes, and technology to continuously monitor and improve an organization’s security
posture while preventing, detecting, analyzing, and responding to cybersecurity incidents .

It is an environment or physical facility where various security experts monitor and control enterprise
systems and networks, prevent security breaches and identify and mitigate security threats
proactively. SOC activities and responsibilities fall into three general categories: asset inventory,
routine maintenance and preparation, and incident response planning .
Here are some key concepts:

• Asset inventory: An SOC needs to maintain an exhaustive inventory of everything that needs
to be protected, inside or outside the data center (e.g. applications, databases, servers, cloud
services, endpoints, etc.) and all the tools used to protect them (firewalls, antivirus/, monitoring
software, etc.). Many SOCs will use an asset discovery solution for this task.

• Routine maintenance and preparation: To maximize the effectiveness of security tools and
measures in place, the SOC performs preventative maintenance such as applying software patches
and upgrades, and continually updating firewalls, security policies and procedures. The SOC may
also create system back-ups to ensure business continuity in the event of a data breach, ransomware
attack or other cybersecurity incident.

SVREC 22
Virtual Internship Cybersecurity

WEEKLY OVERVIEW OF INTERNSHIP ACTIVITIES

DATE DAY NAME OF THE TOPIC/MODULE COMPLETED

10/05/2023 Monday Getting Started with Beacon 3.0
11/05/2023 Tuesday Introduction of Cybersecurity Fundamentals
1st WEEK

12/05/2023 Wednesday Cyber Threats

13/05/2023 Thursday Attack Techniques
Friday 9/06/23
Security Models and Security Operating Platform
14/05/2023

15/05/2023 Saturday Final Assessment

DATE DAY NAME OF THE TOPIC/MODULE COMPLETED

17/05/2023 Monday Fundamentals of Network Security
18/05/2023 Tuesday The Connected Globe
19/05/2023 Wednesday Networking and Addressing
2nd WEEK

20/05/2023 Thursday Endpoint Security

21/05/23 Friday Network Security
22/05/2023 Saturday Final Assessment

SVREC 23
Virtual Internship Cybersecurity

DATE DAY NAME OF THE TOPIC/MODULE COMPLETED

01/06/23 Monday Fundamentals of Cloud Security: Cloud Native
Technologies
3rd WEEK

02/06/23 Tuesday Fundamentals of Cloud Security: Cloud Computing

Overview
03/06/23 Wednesday Cloud Security Operations
05/06/23 Thursday Cloud Application Protection Platform
06/06/23 Friday Prisma Cloud
07/06/23 Saturday Final Assessment

DATE DAY NAME OF THE TOPIC/MODULE COMPLETED

16/06/23 Monday Security Operations Fundamentals
17/06/23 Tuesday Elements and Processes
4th WEEK

18/06/23 Wednesday Infrastructure and Automation

19/06/23 Thursday Advanced Endpoint Protection
20/06/23 Friday Threat Prevention and Intelligence
21/06/23 Saturday Cortex Platform and Final Assessment

SVREC 24
Virtual Internship Cybersecurity

5. GALLERY /PHOTOS

Fig 1: Modules of Cloud Security Fundamentals

Fig 2: Cloud Security Operation

SVREC 25
Virtual Internship Cybersecurity

Fig 3: Threat Detection

Fig 4: Knowledge check of Prisma Cloud

SVREC 26
Virtual Internship Cybersecurity

6.CONCLUSION
Cybersecurity is the practice of protecting computer systems, networks, and data from theft,
damage, or unauthorized access. It involves a range of measures and technologies to safeguard
digital assets, including:

Cyber security: Safeguarding the Digital Realm

Cyber security is the critical practice of protecting the vast and interconnected digital ecosystem
that powers our modern world. In an era defined by rapid technological advancements and
increasing digital reliance, the importance of cyber security cannot be overstated.

Key Components of Cyber security

• Vulnerability Management: Identifying and addressing weaknesses in software,

hardware, and configurations is fundamental. Regularly patching and updating systems
helps mitigate known vulnerabilities.
• Access Control: Implementing robust access control mechanisms ensures that only
authorized individuals or entities can access sensitive data and systems.
• Encryption: Encrypting data at rest and in transit safeguards it from unauthorized access,
even if it falls into the wrong hands.
• Threat Detection: Employing advanced monitoring and analytics tools helps in identifying
unusual or malicious activities in real-time, allowing for rapid response.
• Incident Response: Having a well-defined incident response plan is crucial for effectively
managing and mitigating security incidents when they occur.

• Security Awareness: Continuous education and training programs are essential to

empower individuals to recognize and respond to threats like phishing attempts.

• The Future of Cyber security: Looking ahead, cyber security will continue to evolve to
meet emerging challenges. Artificial intelligence and machine learning will enhance threat
detection and response. Zero-trust models will become more prevalent, emphasizing a
"never trust, always verify" approach to security. International collaboration and
regulations will play a crucial role in addressing global cyber threats.

SVREC Pg.27
Virtual Internship Cybersecurity

7. REFERENCES

The following books are referred during the analysis and execution phase of the project

• Palo Alto: https://beacon.paloaltonetworks.com/student/award/5KUKDnnPYN7s1dbTBP5ZgWRm

• Java Pointer : https://www.javatpoint.com/what-is-cyber-security

• Kaspersky : https://www.kaspersky.co.in/resource-center/

• Info security : https://www.infosecurity-magazine.com/

• The hacker news: https://thehackernews.com/

• Security Weekly: https://securityweekly.com/blog

• Graham Cluley : https://www.grahamcluley.com/about-this-site/

• Daniel Miessler: https://danielmiessler.com/=

SVREC Pg.28
Virtual Internship Cybersecurity

Student Self Evaluation of the SUMMER Internship

Student Name: S. RAASHEED RABBANI

Registration No: 20AM1A0537
Period of Internship: From: 30/04/2023 To: 25/06/2023
Date of Evaluation:
Organization Name & Address: Palo Alto Networks
Name of the Person InCharge: Mrs. G. Raga Jyothi

o Please rate your performance in the following areas:

o Please note that your evaluation shall be done independent of the student’s self-evaluation

o Rating Scale: 1 is lowest and 5 is highest rank

1) Oral Communication 1 2 3 4 5
2) Written Communication 1 2 3 4 5
3) Proactiveness 1 2 3 4 5
4) Interaction ability with community 1 2 3 4 5
5) Positive Attitude 1 2 3 4 5
6) Self-Confidence 1 2 3 4 5
7) Ability to learn 1 2 3 4 5
8) Work plan and Organization 1 2 3 4 5
9) Professionalism 1 2 3 4 5
10) Creativity 1 2 3 4 5
11) Quality of work done 1 2 3 4 5
12) Time management 1 2 3 4 5
13) Understanding the Community 1 2 3 4 5
14) Achievement of Desired Outcomes 1 2 3 4 5
15) Overall Performance 1 2 3 4 5

Date: Signature of the Student

SVREC Pg.29
Virtual Internship Cybersecurity

Evaluation by the Supervisor of the Intern Organization

Student Name: S. RAASHEED RABBANI

Registration No: 20AM1A0537
Period of Internship: From: 30/04/2023 To: 25/06/2023
Date of Evaluation:
Organization Name & Address: Palo Alto Networks
Name of the Person InCharge: Mrs. G. Raga Jyothi

o Please rate your performance in the following areas:

o Please note that your evaluation shall be done independent of the student’s self-evaluation

o Rating Scale: 1 is lowest and 5 is highest rank

1) Oral Communication 1 2 3 4 5
2) Written Communication 1 2 3 4 5
3) Proactiveness 1 2 3 4 5
4) Interaction ability with community 1 2 3 4 5
5) Positive Attitude 1 2 3 4 5
6) Self-Confidence 1 2 3 4 5
7) Ability to learn 1 2 3 4 5
8) Work plan and Organization 1 2 3 4 5
9) Professionalism 1 2 3 4 5
10) Creativity 1 2 3 4 5
11) Quality of work done 1 2 3 4 5
12) Time management 1 2 3 4 5
13) Understanding the Community 1 2 3 4 5
14) Achievement of Desired Outcomes 1 2 3 4 5
15) Overall Performance 1 2 3 4 5

Date: Signature of the Student

SVREC Pg.30