LONG-TERM

INTERNSHIP
(On-Site/Virtual)

ANDHRA PRADESH
STATE COUNCIL OF HIGHER EDUCATION
(A STATUTORY BODY OF GOVERNMENT OF ANDHRA PRADESH)
 PROGRAM BOOK FOR

LONG-TERM INTERNSHIP
(Onsite/Virtual)

Burri Bharat

Vignan’s Lara Institute of Technology & Science

20FE1A0428

01/01/2024 29/04/2024

Cisco Networking Academy,

Corporate Affairs,
Cisco Systems India Pvt Ltd.

2023-2024
 An Internship Report on

Cyber Security

Submitted in accordance with the requirement for the degree of

BACHELOR OF TECHNOLOGY

in

Electronics and Communication Engineering

Submitted by:

Burri Bharat
20FE1A0428

Under the Faculty Guide ship of

Mr.K.Vijaya Vardhan, M.Tech(ph.D)

Department of Electronics and Communication Engineering

 Student’s Declaration

I, Burri Bharat a student of Bachelor of Technology, Reg.No.20FE1A0428 of the

Department of Electronics and Communication Engineering, Vignan’s Lara Institute
of Technology & Science, do hereby declare that I have completed the mandatory
internship in Cybersecurity from 01/01/2024 to 29/04/2024 in Cisco Networking
Academy under the Faculty Guide ship of Mr. K. Vijaya Vardhan, Assistant
Professor, Department of Electronics and Communication Engineering, Vignan’s
Lara Institute of Technology & Science.

(Student Signature and Date)

Faculty Guide

Mr.K. Vijaya Vardhan.

Head of the Department

Dr. B. Harish

Principal

Dr. K. Phaneendra Kumar

4
DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING

CERTIFICATE

This is to certify that this Internship report in Cyber Security is a bonafide record of work
carried out by Burri Bharat (20FE1A0428) under the guidance and supervision of Mr. K.
Vijaya Vardhan in practical fulfillment of the academic requirement in Bachelor of
Technology in ELECTRONICS AND COMMUNICATION ENGINEERING of
VIGNAN’S LARA INSTITUTE OF TECHNOLOGY & SCIENCE during the year
2023-2024.

Project Guide Head of the Department

Mr.K. Vijaya Vardhan Dr. B. Harish

EXTERNAL EXAMINER

5
Certificate from Intern Organization

6
 Acknowledgements

The satisfaction that accompanies the successful completion of any task would be
incomplete without the mention of people whose ceaseless cooperation made it possible,
whose constant guidance and encouragement crown all efforts with success.

We are grateful to Mrs. K. VIJAYA VARDHAN, M. Tech(ph.d), Assistant Professor,

Department of Electronics and Communication Engineering for guiding me through this
internship and for encouraging right from the beginning of the internship till the
successful completion of the Internship. Every interaction with him was an inspiration.

We thank Dr. B. HARISH, M. Tech, Ph.D., Professor & HOD, Department of

Electronics and Communication Engineering for support and valuable suggestions.

We also express our thanks to Dr. K. PHANEENDRA KUMAR, Principal, Vignan’s

Lara Institute of Technology & Science for providing the resources to carry out the
Internship.

We also express our sincere thanks to our beloved Chairman Dr. LAVU RATHAIAH

for providing support and stimulating the environment for developing the Internship.

We also place our floral gratitude to all other teaching and lab technicians for their
constant support and advice throughout the Internship.

7
 Contents

1 Student Declaration

2 Certificate from Intern Organization

3 Acknowledgements

4 Executive Summary

5 Introduction to Cybersecurity

6 Protecting data and organization

7 Understanding Ethical and Legal issues

8 CIA Traid and States of data

9 Network protocols

8
 CHAPTER1: EXECUTIVE SUMMARY

The connected electronic information network has become an integral part of our daily lives. All
types of organizations, such as medical, financial, and education institutions, use this network to
operate effectively. They utilize the network by collecting, processing, storing, and sharing vast
amounts of digital information. As more digital information is gathered and shared, the protection of
this information is becoming even more vital to our national security and economic stability.

Cybersecurity is the ongoing effort to protect these networked systems and all of the data from
unauthorized use or harm. On a personal level, you need to safeguard your identity, your data, and
your computing devices. At the corporate level, it is everyone’s responsibility to protect the
organization’s reputation, data, and customers. At the state level, national security, and the safety and
well-being of the citizens are at stake.

Attackers are individuals or groups who attempt to exploit vulnerability for personal or financial gain.
Attackers are interested in everything, from credit cards to product designs and anything with value.

Amateurs – These people are sometimes called Script Kiddies. They are usually attackers with little
or no skill, often using existing tools or instructions found on the Internet to launch attacks. Some of
them are just curious, while others are trying to demonstrate their skills and cause harm. They may be
using basic tools, but the results can still be devastating.

Hackers – This group of attackers break into computers or networks to gain access. Depending on the
intent of the break-in, these attackers are classified as white, gray, or black hats. The white hat attackers
break into networks or computer systems to discover weaknesses so that the security of these systems
can be improved. These break-ins are done with prior permission and any results are reported back to
the owner. On the other hand, black hat attackers take advantage of any vulnerability for illegal
personal, financial or political gain. Gray hat attackers are somewhere between white and black hat
attackers. The gray hat attackers may find a vulnerability in a system. Gray hat hackers may report the
vulnerability to the owners of the system if that action coincides with their agenda. Some gray hat
hackers publish the facts about the vulnerability on the Internet so that other attackers can exploit it.

9
 CHAPTER 2: OVERVIEW OF THE ORGANIZATION

Cisco Systems, Inc. is a multinational technology headquartered in San Jose, California, USA. Founded
in 1984 by Leonard Bosack and Sandy Lerner, Cisco has grown into one of the world's largest and most
influential networking hardware, software, and services companies. Cisco's vision centers around
enabling the seamless connectivity of people, devices, applications, and data to drive innovation,
productivity, and sustainable growth. The company aims to be the global leader in networking
solutions, empowering individuals, businesses, and communities to thrive in a digitally connected
world.

Vision:

Cisco Systems, Inc. envisions a digitally connected world where people, devices,applications, and data
seamlessly interact to drive innovation, productivity, and sustainable growth. As a global leader in
networking solutions, Cisco is committed to empowering individuals, businesses, and communities to
thrive in this interconnected landscape. The company's vision encompasses a future where connectivity is
ubiquitous, reliable, and secure, fostering collaboration, creativity, and prosperity across all sectors of
society.

Team and Infrastructure:

With tens of thousands of employees worldwide, Cisco attracts top talent from a variety of
disciplines, including engineering, software development, marketing, and customer support. Cisco's team
is driven by a passion for technology and to solving complex challenges, working together to deliver
innovative networking solutions. Cisco's infrastructure spans the globe, comprising a comprehensive
network of research and development facilities, manufacturing plants, sales offices, data centers, and
service centers. With a presence in over 100 countries, Cisco operates on a truly global scale, serving
customers across a wide range of industries, including telecommunications, finance, healthcare,
education, government, and more. The company's infrastructure is designed to deliver high-performance
networking solutions that are reliable, scalable, and secure.

10
 CHAPTER3: INTERNSHIPPART

What is Cyber Security?

Cybersecurity is the ongoing effort to protect these networked systems and all of the data from
unauthorized use or harm. On a personal level, you need to safeguard your identity, your data, and your
computing devices. At the corporate level, it is everyone’s responsibility to protect the organization’s
reputation, data, and customers. At the state level, national security, and the safety and well-being of
the citizens are at stake.

What is Cyber War Fare?

Cyberspace has become another important dimension of warfare, where nations can carry out conflicts
without the clashes of traditional troops and machines. This allows countries with minimal military
presence to be as strong as other nations in cyberspace. Cyberwarfare is an Internet-based conflict that
involves the penetration of computer systems and networks of other nations. These attackers have the
resources and expertise to launch massive Internet-based attacks against other nations to cause damage
or disrupt services, such as shutting down a power grid.

An example of a state-sponsored attack involved the Stuxnet malware that was designed to damage Iran’s
nuclear enrichment plant. Stuxnet malware did not hijack targeted computers to steal information.It was
designed to damage physical equipment that was controlled by computers. It used modular codingthat was
programmed to perform a specific task within the malware. It used stolen digital certificates sothe attack
appeared legitimate to the system.

11
 ACTIVITY LOGFOR THEFIRST WEEK

Day Person In-

& Brief description of the daily Charge
Activity Learning Outcome
Date Signature

What is Cyber
Day – 1 The Need of Cyber Security Security and What is
Data

Day - 2 Personal and Organizational Data About Personal and

Organizational Data

Day – 3 Attackers and Cyber Security Types Of Attackers,

Professionals Internal and External
Threats

Day – 4 Cyberwarfare What is Cyberwarfare,

The Purpose of
Cyberwarfare

Day – 5 Analyzing a Cyber Types of Security

Attack Vulnerabilities, Types of
Malware and Symptoms

Day–6 The Cyber Security Land Scape Blended attack,

Impact Reduction

12
 WEEKLYREPORT
WEEK – 1 (From Dt ………..….. to Dt .................... )

Objective of Activity Done:

• Introduction to cyber security.
• Understanding the types of attacks.
• Exposure to the core concepts of cyber security.

Detailed Report:

Cybersecurity is the ongoing effort to protect these networked systems and all of the data
from unauthorized use or harm. On a personal level, you need to safeguard your identity, your
data, and your computing devices. At the corporate level, it is everyone’s responsibility to
protect the organization’s reputation, data, and customers. At the state level, national security,
and the safety and well-being of the citizens are at stake.

Here are some key components and concepts:

Internal Security Threats

Attacks can be originated from within an organization or from outside of the organization, as shown
in the figure. An internal user, such as an employee or contract partner, can accidently or intentionally:

• Mishandle confidential data

• Threaten the operations of internal servers or network infrastructure devices

• Facilitate outside attacks by connecting infected USB media into the corporate computer

• Accidentally invite malware onto the network through malicious email or websites

External Security Threats

External threats from amateurs or skilled attackers can exploit vulnerabilities in network or computing
devices, or use social engineering to gain access.

13
 ACTIVITY LOG FOR THE SECOND WEEK

Day Person In-

& Brief description of the daily Charge
Activity Learning Outcome
Date Signature

Day – 1 How to protect data Protecting your devices and

network, Data maintenance

Day - 2 Safe guarding your online privacy How to provide privacy

to data

Day – 3 Protecting the organization Introduction to protect the

organization

Types of firewalls,
Day - 4 Firewalls Security Appliances

Day – 5 Behavior approach to Botnet, Kill Chain

Cyber Security

Day–6 The Evolution Of Cyber

Behavior based security
Threats

14
 WEEKLY REPORT
WEEK – 2 (From Dt………..….. to Dt .....................)

Objective of Activity Done:

• How to protect the data.
• Understanding the concepts of types of firewalls.
• Understanding the evolution of cyber threats.

Detailed Report:

Your online data is worth something to cyber criminals. This chapter briefly covers authentication
techniques to help you maintain your data securely. It also covers ways to enhance the security of your
online data with tips about what to do and what not to do online.

Software programs are used to encrypt files, folders, and even entire drives.

Encrypting File System (EFS) is a Windows feature that can encrypt data. EFS is directly linked to a
specific user account. Only the user that encrypted the data will be able to access it after it has been
encrypted using EFS. To encrypt data using EFS in all Windows versions, follow these steps:

Step 1. Select one or more files or folders.

Step 2. Right-click the selected data >Properties.

Step 3. Click Advanced…

Step 4. Select the Encrypt contents to secure data check box.

Step 5. Files and folders that have been encrypted with EFS are displayed in green, as shown in the
figure.

15
 ACTIVITYLOG FOR THE THIRD WEEK

Day Person In-

& Brief description of the daily Charge
Activity Learning Outcome
Date Signature

Day – 1 Cisco approach to cybersecurity CSIRT, Security playbook

Finding out the difference

Day - 2 IDS and IPS
between IDS and IPS

Day – 3 Future in cybersecurity To know the career

of cybersecurity

Day – 4 Legal issues in cybersecurity Types of legal issues

Day – 5 Ethical issues in cyber Types of ethical issues

security

Day-6 Education and career in cybersecurity Jobs in cybersecurity

16
 WEEKLY REPORT
WEEK – 3 (From Dt………..….. to Dt .................... )

Objective of Activity Done:

• Understanding of Ethical and Legal issues
• Future in cyber security

Detailed Report:

Cisco’s CSIRT collaborates with Forum of Incident Response and Security Teams (FIRST), the
National Safety Information Exchange (NSIE), the Defense Security Information Exchange (DSIE),
and the DNS Operations Analysis and Research Center (DNS-OARC).

All this information should be compiled into a security playbook. A security playbook is a collection
of repeatable queries (reports) against security event data sources that lead to incident detection and
response. Ideally the security playbook must accomplish the following actions:

• Detect malware infected machines.

• Detect suspicious network activity.

• Detect irregular authentication attempts.

• Describe and understand inbound and outbound traffic.

• Provide summary information including trends, statistics, and counts.

• Provide usable and quick access to statistics and metrics.

• Correlate events across all relevant data sources.

17
INTRODUCTION TO CYBER SECURITY CERTIFICATE

18
 ACTIVITY LOG FOR THE FORTH WEEK

Day Brief description of the daily Person In-

& Activity Charge
Learning Outcome
Date Signature

Day – 1 The cybersecurity world Cyber security domains

Day – 2 Cybersecurity criminals Thwarting cyber

versus specialists security criminals

Day – 3 Common threats Introduction to

threat Arenas

Day – 4 Spreading cybersecurity How threat spread,threats

threats complexity

Confidentiality,
Day – 5 CIA Triad Integrity and Availability

Data at Rest,
Day–6 States of Data Data in transit,
Data in process

19
 WEEKLY REPORT
WEEK – 4 (From Dt………..….. to Dt .................... )

Objective of Activity Done:

• Comprehension of cybersecurity criminals versus specialists.
• Understanding common threats.
• Understanding CIA Traid and States of data.

Detailed Report:

There are many data groups that make up the different domains of the “cyber world”. When groups are
able to collect and utilize massive amounts of data, they begin to amass power and influence. This data
can be in the form of numbers, pictures, video, audio, or any type of data that can be digitized.
New technologies, such as Geospatial Information Systems (GIS) and the Internet of Things (IoT), have
emerged. These new technologies can track the health of trees in a neighborhood. They can provide up-
to-date locations of vehicles, devices, individuals and materials. This type of information can save
energy, improve efficiencies, and reduce safety risks. Each of these technologies will also result in
exponentially expanding the amount of data collected, analyzed and used to understand the world.

Threats and vulnerabilities are the main concern of cybersecurity professionals. Two situations are
especially critical:

When a threat is the possibility that a harmful event, such as an attack, will occur.

When a vulnerability makes a target susceptible to an attack.

Confidentiality prevents the disclosure of information to unauthorized people, resources and processes.
Another term for confidentiality is privacy. Organizations restrict access to ensure that only authorized
operators can use data or other network resources. For example, a programmer should not have access
to the personal information of all employees.

Integrity is the accuracy, consistency, and trustworthiness of data during its entire life cycle. Another
term for integrity is quality. Data undergoes a number of operations such as capture, storage, retrieval,
update, and transfer. Data must remain unaltered during all of these operations by unauthorized entities.
20
 ACTIVITY LOG FOR THE FIFTH WEEK

Day Person In-

& Brief description of the daily Charge
Activity Learning Outcome
Date Signature

Day – 1 Malware and Malicious code Types of malwares,

Email and
Browser attacks

Day - 2 Deception The art of deception,

Deception methods

Day – 3 Attacks Types of cyber attacks

Day – 4 Cryptography Private and Public key

encryption

Day – 5 Access Controls Types of access controls,

Authentication methods

Day–6 Obscuring data Steganography, Data

obfuscation

21
 WEEKLY REPORT
WEEK – 5 (From Dt………..….. to Dt .................... )

Objective of Activity Done:

• Acquiring knowledge on Malware and Malicious code.
• Understanding theartofdeception and deception methods.
• Exploration of cryptography and access controls.

Detailed Report:

Malicious software, or malware, is a term used to describe software designed to disrupt computer
operations, or gain access to computer systems, without the user's knowledge or permission. Malware
has become an umbrella term used to describe all hostile or intrusive software. The term malware
includes computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other
malicious programs. Malware may be obvious and simple to identify or it can be very stealthy and
almost impossible to detect.

A criminal observes, or shoulder surfs, to pick up PINs, access codes or credit card numbers. An
attacker can be in close proximity to his victim or the attacker can use binoculars or closed circuit
cameras to shoulder surf. That is one reason that a person can only read an ATM screen at certain
angles. These types of safeguards make shoulder surfing much more difficult.

Types of cyber attacks:

Denial-of-Service (DoS) attacks are a type of network attack. A DoS attack results in some sort of
interruption of network services to users, devices, or applications.

Sniffing is similar to eavesdropping on someone. It occurs when attackers examine all network traffic
as it passes through their NIC, independent of whether or not the traffic is addressed to them or not.

Spoofing is an impersonation attack, and it takes advantage of a trusted relationship between two
systems.

22
 ACTIVITY LOG FOR THE SIXTH WEEK

Day Brief description of the daily Person In-

& Activity Charge
Learning Outcome
Date Signature

Day – 1 Types of data integrity controls Hashing algorithms,

salting

Day - 2 Digital signatures Signatures and the law

Day – 3 Certificates The basics of digital

certificates

Database integrity,
Day – 4 Database integrity Database validation
enforcement

Day – 5 High availability, Measure to The five nines,

improve availability Asset management

Day–6 Incident response Incident response phases

and technologies

23
 WEEKLY REPORT
WEEK – 6 (From Dt………..….. to Dt .................... )

Objective of Activity Done:

• Understanding the concept of digital signatures.
• In-depth exploration of dataintegritycontrols.
• Understanding database integrity enforcement.
Detailed Report:
The hash tool uses a cryptographic hashing function to verify and ensure data integrity. It can also verify
authentication. Hash functions replace clear text password or encryption keys because hash functions are
one-way functions. This means that if a password is hashed with a specific hashing algorithm, it will always
result in the same hash digest. It is considered one-way because with hash functions, it is computationally
infeasible for two different sets of data to come up with the same hash digest or output.
Hashing is a one-way mathematical function that is relatively easy to compute, but significantly harder to
reverse. Grinding coffee is a good analogy of a one-way function. It is easy to grind coffee beans, but it is
almost impossible to put all of the tiny pieces back together to rebuild the original beans.

A cryptographic hash function has the following properties:

• The input can be any length.

• The output has a fixed length.

• The hash function is one way and is not reversible.

• Two different input values will almost never result in the same hash values.

• A digital signature helps to establish authenticity, integrity, and non-repudiation. Digital

signatures have specific properties that enable entity authentication and data integrity as shown in the
figure.

• Digital signatures are an alternative to HMAC.

24
 ACTIVITY LOG FOR THE SEVENTH WEEK

Day Brief description of the daily Person In-

& Activity Charge
Learning Outcome
Date Signature

Day – 1 Defending systems and devices Host hardening, Hardening

wireless devices

Day - 2 Server Hardening About secure remote access

Day – 3 Network Hardening About securing network

devices

Physical access control,

Day – 4 Physical security Survelliance

Day – 5 Understanding the ethics of cyber Cyber laws and liability

security

Day–6 Cybersecurity domains User domain, device

domain

25
 WEEKLY REPORT
WEEK – 7 (From Dt………..….. to Dt .................... )

The objective of Activity Done:

• Understanding the concept of digital signatures.
• In-depth exploration of server hardening and network hardening.

Detailed Report:
The operating system plays a critical role in the operation of a computer system and is the target of many
attacks. The security of the operating system has a cascading effect on the overall security of a computer
system.
Malware includes viruses, worms, Trojan horses, keyloggers, spyware, and adware. They all invade
privacy, steal information, damage the system, or delete and corrupt data.

It is important to protect computers and mobile devices using reputable antimalware software. The
following types of antimalware programs are available:

• Antivirus protection - Program continuously monitors for viruses. When it detects a virus,
the program warns the user, and it attempts to quarantine or delete the virus, as shown in Figure 1.

• Adware protection – Program continuously looks for programs that display advertising on
a computer.

• Phishing protection – Program blocks the IP addresses of known phishing websites and
warns the user about suspicious sites.

• Spyware protection – Program scans for keyloggers and other spyware.

• Trusted / untrusted sources – Program warns the user about unsafe programs trying to
install or unsafe websites before a user visits them.

26
 ACTIVITY LOG FOR THE EIGHTH WEEK

Day Brief description of the daily Person In-

& Activity Charge
Learning Outcome
Date Signature

Day – 1 The ethics of cyber security Cybercrime and Cyber laws

Day - 2 IT security management The cloud control matrix

framework

Day – 3 Security assessments Vulnerability scanners,

Types of scanners

Operation security, Types

Day – 4 Network security testing of network tests
techniques

Day – 5 Network security testing tools Nmap and Zenmap

Day–6 Penetration testing Penetration phases

27
 WEEKLY REPORT
WEEK – 8 (From Dt………..….. to Dt .................... )

Objective of Activity Done:

• Understanding the ethics of cyber security.

• Understanding the network security testing techniques and tools.

Detailed Report:

Network security testing is a critical component of maintaining a robust and resilient cybersecurity
posture for organizations of all sizes. It involves evaluating the security measures in place within a
network infrastructure to identify vulnerabilities, weaknesses, and potential entry points for malicious
actors. The primary goal of network security testing is to proactively detect and address security flaws
before they can be exploited by attackers.

There are several key methods and techniques used in network security testing:

1. Vulnerability Assessment: This involves scanning network systems, devices, and applications to
identify known vulnerabilities. Vulnerability assessment tools such as Nessus, OpenVAS, and
Qualys are commonly used to automate this process. The results of these scans provide valuable
insights into potential security risks within the network.
2. Penetration Testing (Pen Testing): Penetration testing goes beyond vulnerability assessment by
simulating real-world attacks to assess the effectiveness of security controls. Penetration testers,
also known as ethical hackers, attempt to exploit identified vulnerabilities to gain unauthorized
access to network resources. By emulating the tactics and techniques of malicious hackers,
organizations can uncover weaknesses and validate the efficacy of their security defenses.
3. Security Audits: Security audits involve a comprehensive review of an organization's network
infrastructure, policies, and procedures to ensure compliance with regulatory requirements and
industry best practices. Auditors assess the effectiveness of security controls, evaluate risk
management processes, and identify areas for improvement.
4. Security Scanning and Monitoring: Continuous security scanning and monitoring tools are used
to detect and respond to security threats in real-time. Intrusion detection systems (IDS) and intrusion
prevention systems (IPS) monitor network traffic for suspicious activity and can automatically block
or alert administrators to potential threats.

28
CYBER SECURITY ESSENTIALS CERTIFICATE

29
 ACTIVITY LOG FOR THE NINTH WEEK

Day Brief description of the daily Person In-

& Activity Charge
Learning Outcome
Date Signature

Day – 1 Information sources Network intelligence

communities, Security blogs
and podcasts

Day - 2 Threat intelligence Services Fire eye, Automated

Indicator sharing
`
Day – 3 Common vulnerabilities and About CVE
Exposures database

Operation security, Types

Day – 4 Network security testing of network tests
techniques

Day – 5 Threat intelligence communication Understanding

standards communication standards

Day–6 Network and server profiling About types of profiling

30
 WEEKLY REPORT
WEEK – 9 (From Dt………..….. to Dt .................... )

Objective of Activity Done:

• Understanding the Threat intelligence Services.

• Understanding the Common vulnerabilities and Exposures database.

Detailed Report:

Threat intelligence services play a crucial role in modern cybersecurity by providing organizations with
valuable insights into emerging threats, malicious actors, and vulnerabilities that could potentially impact
their networks and data. These services gather, analyze, and disseminate information about cyberthreats
from various sources, enabling organizations to make informed decisions and enhance their security
posture. Here's an overview of threat intelligence services and their key components:

1. Data Collection: Threat intelligence services collect data from a wide range of sources, including
open-source intelligence (OSINT), proprietary feeds, dark web monitoring, security researchers,
government agencies, and industry partners. This data may include indicators of compromise
(IOCs), such as malicious IP addresses, domains, malware signatures, and suspicious file hashes, as
well as contextual information about threat actors, tactics, techniques, and procedures (TTPs).
2. Data Analysis: Once collected, threat intelligence data undergoes rigorous analysis to identify
patterns, trends, and correlations that could indicate potential threats or vulnerabilities. Analysts use
a combination of manual analysis and automated tools to contextualize the data, assess its credibility
and relevance, and extract actionable insights for decision-makers.
3. Threat Intelligence Feeds: Many threat intelligence services offer subscription-based feeds that
deliver real-time or near-real-time threat intelligence directly to organizations' security systems,
such as firewalls, intrusion detection systems (IDS), and security information and event
management (SIEM) platforms. These feeds enable organizations to automatically block known
malicious IP addresses, domains, and file hashes, as well as detect and respond to suspicious activity
more effectively.
4. Cyber Threat Intelligence Reports: In addition to threat feeds, threat intelligence services often
produce detailed reports and briefings that provide in-depth analysis of specific threats, attack
campaigns, or industry-specific trends. These reports typically include actionable recommendations
and mitigation strategies to help organizations defend against current and future threats.

31
 ACTIVITY LOG FOR THE TENTH WEEK

Day Brief description of the daily Person In-

& Activity Charge
Learning Outcome
Date Signature

Day – 1 Threat impact PII, PHI, PSI

Day - 2 The modern security operations Elements of a soc

center
`
Day – 3 Windows architecture and operations Hardware abstraction
layers

Run as a administrator,
Day – 4 Windows configuration and Local users and domains
monitoring

Day – 5 Windows security The netstat command

Day–6 Linux basics Understanding linux

32
 WEEKLY REPORT
WEEK – 10(From Dt………..….. to Dt ................... )

Objective of Activity Done:

• In-depth exploration of threat impacts.

• Understanding the windows security and linux basics.

Detailed Report:

CyberOps Associate v1.0 (CA) contains 28 modules of content, labs, activities, videos and quizzes.
Some of these labs use virtual machines to monitor and analyze cybersecurity threats.

When you have completed CA, you will have gained the practical experience you need to prepare for
the certification exam. This course aligns with the Cisco Certified CyberOps Associate (CBROPS)
certification. Candidates need to pass the 200-101 CBROPS exam to achieve the Cisco Certified
CyberOps Associate certification. The CBROPS exam tests a candidate’s knowledge and skills related
to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security
policies and procedures.

Windows computers use many different types of hardware. The operating system can be installed
on a purchased computer or a on computer that is assembled by the user. When the operating system
is installed, it must be isolated from differences in hardware.

All of the code that runs in kernel mode uses the same address space. Kernel-mode drivers have no
isolation from the operating system. If an error occurs with the driver running in kernel mode, and it
writes to the wrong address space, the operating system or another kernel-mode driver could be adversely
affected. In this respect, the driver might crash, causing the entire operating system to crash.

When user mode code runs, it is granted its own restricted address space by the kernel, along with a
process created specifically for the application. The reason for this functionality is mainly to prevent
applications from changing operating system code that is running at the same time. By having its own
process, that application has its own private address space, rendering other applications unable to modify
the data in it. This also helps to prevent the operating system and other applications from crashing if that
application crashes.

33
CYBER THREAT MANAGEMENT CERTIFICATE

34
 ACTIVITY LOG FOR THE ELEVENTH WEEK

Day Brief description of the daily Person In-

& Activity Charge
Learning Outcome
Date Signature

Day – 1 Network communications process Client-server

communications

Day - 2 Communication protocols About network protocols

`
Day – 3 Data encapsulation Segmenting, Sequencing

Day – 4 Ethernet Ethernet encapsulation

Day – 5 IPV4 protocol Characteristics of IP

Day–6 Types of IPV4 addresses IPV4 classes and default

mask

35
 WEEKLY REPORT
WEEK – 11(From Dt………..….. to Dt ................... )

Objective of Activity Done:

• In-depth exploration of data communication process.

• Understanding the network protocols.

Detailed Report:

All computers that are connected to a network and that participate directly in network communication
are classified as hosts. Hosts are also called end devices, endpoints, or nodes. Much of the interaction
between end devices is client-server traffic. For example, when you access a web page on the internet,
your web browser (the client) is accessing a server. When you send an email message, your email client
will connect to an email server.

Servers are simply computers with specialized software. This software enables servers to provide
information to other end devices on the network. A server can be single-purpose, providing only one
service, such as web pages. A server can be multipurpose, providing a variety of services such as web
pages, email, and file transfers.

Simply having a wired or wireless physical connection between end devices is not enough to enable
communication. For communication to occur, devices must know “how” to communicate.
Communication, whether by face-to-face or over a network, is governed by rules called protocols. These
protocols are specific to the type of communication method occurring.

For example, consider two people communicating face-to-face. Prior to communicating, they must agree
on how to communicate. If the communication is using voice, they must first agree on the language.
Next, when they have a message to share, they must be able to format that message in a way that is
understandable.

The network layer, or OSI Layer 3, provides services to allow end devices to exchange data across
networks. As shown in the figure, IP version 4 (IPv4) and IP version 6 (IPv6) are the principle
network layer communication protocols. Other network layer protocols include routing protocols
such as Open Shortest Path First (OSPF) and messaging protocols such as Internet Control Message
Protocol (ICMP).

36
 ACTIVITY LOG FOR THE TWELETH WEEK

Day Brief description of the daily Person In-

& Activity Charge
Learning Outcome
Date Signature

Day – 1 Address resolution protocol Mac and IP, ARP

Day - 2 Transport layer Characteristics of Transport

Layer

`
Day – 3 Network services DHCP, DNS, NAT

Day – 4 Network communication devices End devices, Routers

Day – 5 Network security infrastructure Network topologies

Day–6 Attackers and their tools Threat actor tools

37
 WEEKLY REPORT
WEEK – 12(From Dt………..….. to Dt ................... )

Objective of Activity Done:

• In-depth exploration of data communication devices.

• Understanding the network services.

Detailed Report:

There are two primary addresses assigned to a device on an Ethernet LAN:

• Physical address (the MAC address) – This is used for Ethernet NIC to Ethernet NIC
communications on the same network.
• Logical address (the IP address) – This is used to send the packet from the original source
to the final destination.

IP addresses are used to identify the address of the original source device and the final destination device.
The destination IP address may be on the same IP network as the source or may be on a remote network.

Ethernet MAC addresses, have a different purpose. These addresses are used to deliver the data link
frame with the encapsulated IP packet from one NIC to another NIC on the same network. If the
destination IP address is on the same network, the destination MAC address will be that of the destination
device.

The figure shows the Ethernet MAC addresses and IP address for PC-A sending an IP packet to the file
server on the same network.

The Layer 2 Ethernet frame contains:

• Destination MAC address – This is the MAC address of the file server’s Ethernet NIC.
• Source MAC address – This is the MAC address of PC-A’s Ethernet NIC.

The Dynamic Host Configuration Protocol (DHCP) for IPv4 service automates the assignment of IPv4
addresses, subnet masks, gateways, and other IPv4 networking parameters. This is referred to as
dynamic addressing. The alternative to dynamic addressing is static addressing. When using static
addressing, the network administrator manually enters IP address information on hosts.

38
39