An Internship Report

On
ZERO TRUST CLOUD SECURITY
Submitted in partial fulfillment of the requirements of the degree of

BACHELOR OF TECHNOLOGY
in
INFORMATION TECHNOLOGY
Submitted by

YERVA VENKATA ASHOK REDDY (218X1A1266)

Guided by

Mr. KOPPISETTY R. M. C. SEKHAR M. Tech .,(Ph.D.,)

Assistant Professor

DEPARTMENT OF INFORMATION TECHNOLOGY

KALLAM HARANADHAREDDY INSTITUTE OF TECHNOLOGY

(AUTONOMOUS)

Approved by (AICTE, New Delhi; Permanently Affiliated to JNTU Kakinada)

Accredited by NAAC with an ‘A’ Grade

NH-16, Chowdavaram, Guntur, 522019(A.P)

ACADEMIC YEAR 2024-2025

 Program Book for Summer Internship

Name of the Student : YERVA VENKATA ASHOK REDDY

Name of the College : KALLAM HARANADHAREDDY INSTITUTE

OF TECHNOLOGY

Registration Number : 218X1A1266

Period of Internship : from 09-01-2024 to 19-03-2024

Name &Address of the

Intern Organization : EDU SKILLS
 Student Declaration

I YERVA VENKATA ASHOK REDDY a student of B. Tech, Reg.No 218X1A1266 of the Department of

INFORMATION TECHNOLOGY, KALLAM HARANADHA REDDY INSTITUTE OF TECHNOLOGY

do hereby declare that I have completed the mandatory internship virtually during from JANUARY - 2024 to

MARCH -2024 in EDU SKILLS under the Faculty Guideship of Mr. KOPPISETTY R. M. C. SEKHAR

M.TECH., (Ph.D.,), Department of INFORMATION TECHNOLOGY, KALLAM HARANADHAREDDY

INSTITUTE OF TECHNOLOGY.

Signature of the student

Endorsement

Faculty Guide External Examiner

Head of the Department Principal

Course Completion Certificate
 ACKNOWLEDGMENT

I profoundly express my gratitude and respect towards our honorable chairman SRI
KALLAM MOHAN REDDY, Chairman, KHIT for his precious support in the college.

I express my deepest gratitude to the dynamic director of our institute Dr. M. UMA
SHANKARA REDDY M.Sc. Ph.D., Director, KHIT for his valuable guidance and blessing.

I would like to thank Dr.B.S.B.REDDY, Principal, KHIT, Chowdavaram, Guntur for

providing the required resources to complete this Project work.

I want to thank Dr.Md.SIRAJUDDIN M. Tech Ph.D., Head of the Department, Information

Technology, KHIT for his encouragement and valuable guidance in bringing the shape of
this project.

I express my thanks to Mr. K. R. M. C SEKHAR M.Tech., (Ph.D.,) Department of Information

Technology, KHIT for his guidance in bringing the shape of this project.

Finally, I would like to thank my parents for being supportive all the time, and I am very
much obliged to them.
CONTENTS

1. EXECUTIVE SUMMARY ............................................................................................ 01-09

2. OVERVIEW OF THE ORGANIZATION ................................................................... 10-11
3. INTERNSHIP PART ...................................................................................................... 12-22
4. ACTIVITY LOG............................................................................................................. 23-42
5. OUTCOMES OF THE INTERNSHIP ......................................................................... 43-44
6. CONCLUSION ................................................................................................................ 45-46
8. STUDENTS SELF EVALUATION .............................................................................. 47-48
LIST OF FIGURES

1.1: cyber security ......................................................................... 09

3.2.1: types of cyber security ......................................................... 16
3.5.1: various type of cybersecurity threats................................... 20
 CHAPTER 1: EXECUTIVE SUMMARY

The Zero Trust Cloud Security virtual internship provides participants with hands-on experience in
implementing and managing modern cybersecurity principles in cloud environments. Zero Trust is
a security framework that assumes no implicit trust within or outside an organization’s network,
requiring strict identity verification for every user and device attempting to access resources.

Fig1.1: CYBER SECURITY

Key Features of the Internship:
1. Learning Zero Trust Architecture:
Understanding the Zero Trust security model and its core principles: never trust, always verify.

Exploring security technologies such as identity and access management (IAM), multi-factor
authentication (MFA), and continuous monitoring.

2. Cloud Security Fundamentals:

Learning about cloud security architectures, including Infrastructure as a Service (IaaS), Platform as
a Service (PaaS), and Software as a Service (SaaS).
Understanding cloud-native security solutions, including encryption, data protection, and network
segmentation.

3. Hands-on Experience:
Practical labs and simulations focused on implementing Zero Trust in cloud platforms like AWS,
Azure, and Google Cloud.

Working with security tools such as VPNs, firewalls, and security information and event
management (SIEM) systems.

4. Risk Management & Compliance:

Identifying cloud-specific security risks and how Zero Trust mitigates these risks.

8
Addressing compliance frameworks like GDPR, HIPAA, and SOC 2 in cloud environments.

5. Collaboration & Mentorship:

Interns will work on real-world case studies, engage in peer collaboration, and receive

guidance from experienced cyber security professionals.

Learning Objectives:
• Explore career alternatives prior to graduation.
• Integrate theory and practice.
• Assess interests and abilities in our fields of study.
• Learn to appreciate work and its function in the economy.
• Develop work habits and attitudes necessary for job success.
• Build a record of work experience.
• Acquire employment contacts leading directly to a full-time job following graduation from
college.
Outcomes:
• A virtual internship was an opportunity to practice flexibility and develop collaboration.
• Practice our communication skills.
• Time management skills in a completely virtual environment.
• Widen our world and connections.
• Prepare for the future of work.
• Develop how to work.
• Enhance our employability

9
 CHAPTER 2: OVERVIEW OF THE ORGANIZATION

Introduction of the Organization:

EduSkills is a not-for-profit organization focused on empowering and upskilling students, educators,
and institutions in the field of education, particularly in the areas of digital literacy, employability
skills, and industry-aligned training. EduSkills partners with educational institutions, industry
leaders, and government bodies to bridge the skill gap between academia and industry, aiming to
enhance the quality of education and equip learners with the necessary tools to succeed in the modern
workforce.
Key Focus Areas of EduSkills:
Digital Literacy: EduSkills emphasizes the importance of digital literacy and provides resources
and programs to help students and teachers become proficient in using digital tools and technologies.
Industry-Aligned Training: Through partnerships with leading tech companies like Cisco, AWS,
Palo Alto, and VMware, EduSkills offers industry-certified training courses that align with current
market demands, ensuring that students and professionals are equipped with relevant and up-to-date
skills.
Capacity Building for Educators: EduSkills provides training for teachers, helping them adopt
new teaching methodologies and integrate technology into their curriculums, thus improving the
overall quality of education delivery.

Employability and Job Readiness: The organization helps students develop skills that enhance
their employability. This includes not only technical skills but also soft skills like communication,
problem-solving, and teamwork, which are critical for career success.

Collaboration with Academia and Industry: EduSkills works closely with schools, colleges,
universities, and companies to create a seamless pathway for students from education to
employment. Their initiatives often include practical training, internships, and mentorship
opportunities.
Mission of EduSkills:
EduSkills aims to democratize education and skill development by making quality learning
accessible to students from all backgrounds, regardless of geography or socio-economic conditions.
By doing so, the organization strives to create a future-ready workforce capable of meeting the
demands of the rapidly changing job market.

Key Programs and Initiatives:

Skills Training and Certification: Offering free and low-cost training programs in collaboration with
global technology leaders to help students earn industry-recognized certifications.
10
EduSkills Academy: A learning platform that provides courses in emerging technologies like
cybersecurity, cloud computing, AI, and data science.
Teacher Training Programs: Helping educators integrate digital tools and pedagogical innovations
into their classrooms.
Partnerships:
EduSkills has established strong partnerships with leading global companies and educational
platforms, leveraging these connections to provide students with opportunities to learn cutting-edge
technologies. These partners often provide curriculum, certification, and tools necessary for real-
world application.

In summary, EduSkills serves as a bridge between academia and industry, fostering a collaborative
environment where students, educators, and professionals can gain the skills necessary to thrive in
an increasingly digital world.
vision and mission and goals of the eduskills organization
Vision:
EduSkills envisions a world where quality education and essential skills are accessible to all,
enabling individuals to thrive in a rapidly evolving digital landscape. The organization aims to create
a future-ready workforce equipped with the necessary tools to succeed in various industries,
ultimately contributing to economic growth and societal development.

Mission:
EduSkills’ mission is to empower students, educators, and institutions through innovative training
programs and resources that enhance digital literacy and employability. By collaborating with
industry leaders and educational institutions, EduSkills strives to bridge the skill gap between
academia and the workforce, ensuring that learners are prepared for the challenges of the modern
job market.
Goals:
Enhance Digital Literacy:
Provide accessible training and resources that improve digital skills among students and educators.
Industry-Relevant Training:
Develop and deliver programs that align with current market demands and emerging technologies,
facilitating industry-recognized certifications.
Empower Educators:
Offer professional development opportunities for teachers to integrate technology and innovative
teaching methods into their classrooms.

11
Promote Employability:
Equip students with both technical and soft skills necessary for career success, increasing their
employability in the competitive job market.
Foster Collaboration:
Build partnerships with educational institutions, industry stakeholders, and government bodies to
create a cohesive ecosystem that supports skill development.
Support Diverse Learners:
Ensure equitable access to education and training resources for learners from various backgrounds,
fostering an inclusive learning environment.
Continuous Improvement:
Regularly assess and adapt programs to meet the evolving needs of students and the job market,
ensuring that EduSkills remains relevant and effective in its mission.

12
 CHAPTER 3: INTERNSHIP PART

The Cyber security Intern provides an opportunity to gain professional experience in a real-world
setting

Modules:
Fundamental of cyber security
• Cyber security and attack surface
• Types of cyber security
• Importances of cyber security for business
• Cyber security framework and compliance
• Cyber threats, cyber-attacks and cyber attackers
• Various types of cyber attacks
• Cyber safety and its measures
• Perimeter based and zero trust security models
• Zscaler zero trust exchange

3.1 Cyber security and attack surface:

Cybersecurity involves protecting computer systems, networks, and data from digital attacks, theft,
and damage. It encompasses a wide range of practices, technologies, and processes aimed at
safeguarding information and ensuring the integrity, confidentiality, and availability of data.
Key elements of cybersecurity include:
Threat Intelligence: Understanding and analyzing potential threats to anticipate and mitigate risks.
Incident Response: Having a plan in place to address and recover from security breaches.
Access Control: Managing who can access what information, often through authentication and
authorization mechanisms.
Encryption: Protecting data by transforming it into a secure format that can only be read by authorized
users.
Network Security: Protecting the integrity and usability of networks through hardware and software
technologies.
Attack Surface
The attack surface refers to the total number of points (attack vectors) in a system that an attacker can
exploit to gain unauthorized access. A larger attack surface typically means more potential
vulnerabilities.

13
Components of the Attack Surface:
User Interfaces: Any point where users interact with a system, such as web applications and APIs.
Network Interfaces: All the entry points to a network, including open ports and communication
protocols.
Software Applications: Programs that might contain vulnerabilities or be misconfigured.
Third-party Services: Any external services or components integrated into your system that could
introduce vulnerabilities.
Reducing the Attack Surface
To minimize the attack surface, organizations can implement several strategies:
Regular Audits and Assessments: Identifying and mitigating vulnerabilities in systems and
applications.
Minimize Services: Disable unnecessary services and applications to reduce potential entry points.
Patch Management: Regularly updating software to fix known vulnerabilities.
Network Segmentation: Dividing networks into smaller segments to limit access and reduce the
potential impact of a breach.
User Education: Training users to recognize phishing attempts and other common attack methods.
3.2 Types of cyber security:
Cybersecurity is vital for several reasons, each addressing different aspects of technology, business,
and personal safety. Here are some key types of cybersecurity importance:
1. Data Protection
Confidentiality: Safeguarding sensitive data from unauthorized access.
Integrity: Ensuring that data is accurate and unaltered during transmission and storage.
Availability: Making sure data and systems are accessible when needed.
2. Business Continuity
Disaster Recovery: Establishing protocols to restore operations after a cyber incident.
Minimizing Downtime: Reducing the impact of attacks to maintain productivity and service delivery.
3. Regulatory Compliance
Adhering to Laws: Meeting industry regulations (e.g., GDPR, HIPAA) to avoid legal penalties.
Building Trust: Demonstrating a commitment to security to customers and partners.
4. Reputation Management
Brand Protection: Preventing breaches that can harm a company’s reputation.
Customer Loyalty: Ensuring trust by safeguarding customer data and privacy.
5. Intellectual Property Protection
Safeguarding Innovations: Protecting proprietary information and trade secrets from theft or
espionage.

14
 Fig 3.2.1: TYPES OF CYBER SECURITY
6. Financial Security
Preventing Loss: Reducing the risk of financial loss from cyberattacks, such as ransomware or fraud.
Insurance Benefits: Lowering premiums by demonstrating strong security practices.
7. Employee Safety
Awareness and Training: Educating employees about cybersecurity threats to reduce risks of
breaches.
Creating a Safe Work Environment: Ensuring that internal systems are secure from attacks.
8. National Security
Protecting Critical Infrastructure: Securing systems that support essential services like power,
healthcare, and transportation.
Countering Cyber Warfare: Defending against state-sponsored attacks and cyber terrorism.
9. IoT Security
Managing Connected Devices: Ensuring the security of Internet of Things devices, which can be
vulnerable entry points.
10. Evolving Threat Landscape
Adapting to New Threats: Continuously updating security measures to respond to emerging threats
and attack methods.

15
3.3 Importances of cyber security for business
Certainly! Security can be categorized into various types, each focusing on different areas of
protection. Here’s an overview of the main types of security:
1. Physical Security
Protection of Physical Assets: Involves safeguarding physical locations, such as buildings and
equipment, from unauthorized access, theft, and natural disasters.
Components: Access controls (locks, badges), surveillance (CCTV), security personnel, and
environmental controls (fire alarms, climate controls).
2. Cybersecurity
Protection of Digital Information: Focuses on protecting computer systems, networks, and data from
cyber-attacks and unauthorized access.
Components: Firewalls, encryption, intrusion detection systems, antivirus software, and security
policies.
3. Network Security
Securing Network Infrastructure: Involves protecting the integrity and usability of networks from
intrusions and attacks.
Components: VPNs, firewalls, intrusion prevention systems, and secure configurations.
4. Application Security
Securing Software Applications: Ensures that applications are designed and maintained to prevent
vulnerabilities.
Components: Secure coding practices, application testing, vulnerability assessments, and patch
management.
5. Information Security
Protecting Data Integrity: Focuses on protecting data from unauthorized access and corruption.
Components: Access controls, encryption, data classification, and secure data storage.
6. Operational Security (OpSec)
Protecting Processes and Information: Involves processes that protect sensitive information and
operational capabilities.
Components: Risk assessments, security policies, and employee training.
7. Cloud Security
Securing Cloud Environments: Focuses on protecting data and applications hosted in cloud services.
Components: Identity management, access controls, encryption, and compliance monitoring.
8. Endpoint Security
Protecting End-user Devices: Involves securing devices like laptops, smartphones, and tablets that
connect to the network.
Components: Antivirus software, endpoint detection and response (EDR), and mobile device
16
management (MDM).
9. Mobile Security
Securing Mobile Devices: Focuses on protecting smartphones and tablets from threats and
vulnerabilities.
Components: App vetting, data encryption, and remote wipe capabilities.
10. Disaster Recovery and Business Continuity
Planning for Incidents: Ensures that operations can continue or recover quickly in the event of a
disaster or major disruption.
Components: Backup systems, recovery plans, and continuity planning.
3.4 Cyber security framework and compliance
Cybersecurity frameworks and compliance are essential for organizations aiming to establish robust
security practices and meet regulatory requirements. Here’s an overview of key frameworks and
compliance considerations:
Cybersecurity Frameworks
NIST Cybersecurity Framework (CSF)
Developed by the National Institute of Standards and Technology, this framework provides a policy
framework of computer security guidance for how private sector organizations can assess and improve
their ability to prevent, detect, and respond to cyber attacks.

Core Functions:
Identify: Understanding organizational risks and resources.
Protect: Implementing safeguards to limit the impact of potential events.
Detect: Developing and implementing activities to identify the occurrence of a cybersecurity event.
Respond: Taking action regarding a detected cybersecurity incident.
Recover: Maintaining plans for resilience and restoring services affected by cybersecurity incidents.
ISO/IEC 27001
An international standard for managing information security. It provides requirements for establishing,
implementing, maintaining, and continually improving an information security management system
(ISMS).
Key Components: Risk management, security controls, and continuous improvement.
CIS Controls
Developed by the Center for Internet Security, these are a set of best practices for securing IT systems
and data. The controls provide actionable guidance on protecting against the most common cyber
threats.
Categories: Basic, foundational, and organizational controls, with a focus on risk management and
security hygiene.
17
COBIT (Control Objectives for Information and Related Technologies)
A framework for developing, implementing, monitoring, and improving IT governance and
management practices. It helps organizations align IT goals with business objectives and manage risks
effectively.
PCI DSS (Payment Card Industry Data Security Standard)
A set of security standards designed to ensure that all companies that accept, process, store, or transmit
credit card information maintain a secure environment. Compliance is mandatory for businesses
handling card payments.
Cybersecurity Maturity Model Certification (CMMC)
Developed by the U.S. Department of Defense, this framework is designed to enhance the protection
of sensitive information within the defense industrial base. It includes multiple levels of maturity that
organizations must achieve for compliance.
Organizations must be aware of and comply with industry-specific regulations, such as:
GDPR: General Data Protection Regulation for data protection and privacy in the European Union.
HIPAA: Health Insurance Portability and Accountability Act for protecting healthcare information
in the U.S.
FISMA: Federal Information Security Management Act for federal agencies in the U.S.
Audits and Assessments
Regular security audits and assessments help organizations identify vulnerabilities and ensure
compliance with internal policies and external regulations.
Documentation and Reporting
Maintaining thorough documentation of policies, procedures, and incident responses is crucial for
demonstrating compliance during audits.
Training and Awareness
Continuous employee training on cybersecurity best practices and compliance requirements is
essential for fostering a security-aware culture within the organization.
Risk Management
Implementing a risk management process to identify, assess, and mitigate cybersecurity risks is
fundamental for both compliance and effective security.
3.5 Cyber threats, cyber-attacks and cyber attackers
1. Cyber Threats
Cyber threats are potential malicious activities that aim to compromise or damage digital information
systems, networks, or devices. They target vulnerabilities in software, hardware, or human behavior
to steal data, disrupt services, or cause harm. Cyber threats can be categorized into several types:
Malware: Software designed to harm or exploit a system, including viruses, trojans, spyware, and
ransomware.
18
Phishing: Fraudulent attempts to obtain sensitive information, often by impersonating trustworthy
entities through emails or fake websites.
Ransomware: A type of malware that encrypts files, demanding payment (ransom) in exchange for
decrypting them.
Insider Threats: Employees or individuals with access to sensitive data who intentionally or
unintentionally cause harm.
Zero-day Exploits: Attacks that occur before a software vulnerability is known and patched.
Man-in-the-Middle (MITM): Attacks where a hacker intercepts communication between two parties
to steal or alter data.

Fig 3.5.1 Various Type Of Cybersecurity Threats

2. Cyber Attacks
A cyber-attack is an actual incident where a cyber threat is realized. Cyber-attacks are deliberate and
aim to disrupt, damage, or gain unauthorized access to a system or data. Common types of cyber-
attacks include:
DDoS (Distributed Denial of Service): Overloading a system with traffic to make it unavailable to
legitimate users.
SQL Injection: Inserting malicious code into a database query to access or manipulate sensitive
information.
Social Engineering: Manipulating individuals into revealing confidential information, such as
passwords or personal details.
Brute Force Attacks: Systematically attempting all possible password combinations to gain access to
a system.
Credential Stuffing: Using stolen login details (from another breach) to gain access to multiple
accounts.
Supply Chain Attacks: Targeting third-party suppliers or contractors to compromise a larger
19
organization indirectly.
3. Cyber Attackers
Cyber attackers (hackers) are individuals or groups who perform cyber-attacks. They may have
different motivations, such as financial gain, political goals, espionage, or simply causing disruption.
Types of cyber attackers include:
Hacktivists: Individuals or groups that attack systems to promote political or social agendas (e.g.,
Anonymous).
Cybercriminals: Individuals or organized groups that engage in cybercrime for financial gain, often
through phishing, fraud, or ransomware.
State-Sponsored Hackers: Hackers employed or supported by nation-states, usually involved in
espionage, sabotage, or political warfare.
Insider Threats: Employees or partners with legitimate access to systems who turn malicious.
Script Kiddies: Inexperienced hackers who use pre-made tools and scripts to launch attacks, typically
without fully understanding the complexities.
Advanced Persistent Threats (APT): Sophisticated and often state-sponsored groups that infiltrate
systems and remain undetected for long periods to steal data or cause harm over time.
3.6 Various types of cyber attacks
Cyber-attacks come in many forms, each exploiting different vulnerabilities in systems, networks, or
users. Here’s an overview of the most common types of cyber-attacks:
1. Malware Attacks
Malware refers to malicious software designed to disrupt, damage, or gain unauthorized access to
systems. Types of malware include:
Viruses: Spread by attaching themselves to legitimate programs, capable of self-replicating and
spreading to other files.
Trojans: Disguised as legitimate software, but open backdoors to allow unauthorized access to a
system.
Ransomware: Encrypts a victim’s data and demands payment for decryption.
Spyware: Secretly gathers information from a system and transmits it to an attacker.
Worms: Self-replicating programs that spread across networks without user intervention.
2. Phishing Attacks
Phishing is a social engineering technique where attackers impersonate trustworthy entities to trick
users into revealing sensitive information, such as passwords or credit card numbers. Types of phishing
include:
Spear Phishing: Targeted phishing aimed at specific individuals or organizations, often customized
for higher success rates.
Whaling: Phishing attempts targeted at high-profile individuals like CEOs or executives.
20
Clone Phishing: Creating a copy of a legitimate email but replacing its attachments or links with
malicious ones.
3. Denial of Service (DoS) & Distributed Denial of Service (DDoS)
In a DoS attack, the attacker overwhelms a system, server, or network with traffic, rendering it
unavailable to legitimate users. A DDoS attack amplifies this by using multiple compromised systems
(often through botnets) to send massive amounts of traffic.
Botnets: Networks of infected computers controlled by a central server to carry out DDoS attacks.
Application-layer DDoS: Focuses on specific applications to exhaust their resources.
4. SQL Injection Attacks
In an SQL injection attack, malicious SQL statements are inserted into a query to manipulate a
database. These attacks allow attackers to view, modify, or delete data and, in some cases, gain
administrative access to the system.
Error-based SQL Injection: Exploiting database error messages to gain information.
Blind SQL Injection: The attacker does not receive direct feedback but uses time-based or Boolean
techniques to gather information.
5. Cross-site Scripting (XSS)
In this attack, malicious scripts are injected into web pages viewed by other users. If successful, XSS
can lead to the theft of cookies, session tokens, or personal information. Types include:
Stored XSS: The malicious script is permanently stored on a server and executed when a victim loads
a page.
Reflected XSS: The malicious script is reflected off a web application and executed in the user’s
browser.
6. Man-in-the-Middle (MitM) Attacks
In MitM attacks, an attacker intercepts communication between two parties without their knowledge,
either to eavesdrop or alter the communication. Common MitM techniques include:
Session Hijacking: Stealing a user’s session token to gain access to their account.
Eavesdropping: Listening in on conversations over unencrypted communication channels.
SSL Stripping: Downgrading a user’s secure connection to an insecure one to intercept data.
7. Brute Force Attacks
These attacks involve systematically trying all possible combinations of passwords or encryption keys
until the correct one is found. Variations include:
Dictionary Attack: Using a predefined list of common passwords.
Credential Stuffing: Using credentials leaked from other breaches to access accounts.
Hybrid Attack: Combining dictionary and brute force methods to crack passwords.
8. Password Attacks
In these attacks, cybercriminals attempt to gain access to systems by stealing or guessing passwords.
21
Common techniques include:
Keylogging: Recording keystrokes to steal sensitive information.
Password Spraying: Attempting commonly used passwords across many accounts without triggering
account lockout mechanisms.
9. Cryptojacking
This attack involves secretly using a victim’s computer resources to mine cryptocurrency. It typically
happens via infected websites, malicious scripts, or compromised software.
3.7 Cyber safety and its measures
1. Strong Passwords and Authentication
Create strong passwords: Use a mix of uppercase and lowercase letters, numbers, and special
characters. Passwords should be at least 12 characters long.
Use passphrases: Passphrases (a sequence of words or characters) are harder to guess and easier to
remember than traditional passwords.
Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring two
or more forms of verification (e.g., password + a code sent to your phone).
2. Antivirus and Anti-malware Software
Install reputable antivirus software: This can help detect and remove malware from your devices.
Run regular scans: Schedule regular full-system scans to check for malware or malicious software.
Enable real-time protection: Many antivirus programs offer real-time protection, which actively
monitors for threats.
3. Secure Wi-Fi Networks
Encrypt your Wi-Fi network: Use WPA3 (Wi-Fi Protected Access 3) encryption to secure your
wireless network. Avoid using WEP or WPA, as they are outdated and easily compromised.
Change default router settings: Change the default username and password for your router, and
ensure remote management is disabled.
Avoid public Wi-Fi: Public Wi-Fi networks are often unsecured. If you must use them, avoid
accessing sensitive information or use a VPN (Virtual Private Network).
4. Encryption
Encrypt sensitive data: Encryption converts data into unreadable formats without a decryption key.
Encrypt important files and communications, especially when transmitting them over the internet.
Use end-to-end encryption for communication: Messaging apps and email services that offer end-
to-end encryption (like Signal or encrypted email services) ensure that only the sender and recipient
can read the message.
5. Email and Phishing Awareness
Be cautious with email attachments and links: Only open attachments or click on links from trusted
sources. Phishing emails often contain links that look legitimate but redirect to malicious websites.
22
Verify sender details: Check the email address of the sender and be cautious of unusual requests for
sensitive information.
Anti-phishing software: Install tools that can detect and filter phishing attempts and spam emails.

23
 CHAPTER-4: ACTIVITY LOG AND REPORT
ACTIVITY LOG FOR THE FIRST WEEK: - (09/01/2024-14/01/2024)

Day Brief description of the Learning Outcome

& daily activity
Date
Day-1 Cloud environments remain a
Increase in Cloud-Based Attacks primary target for cybercriminals
09/01/2024
due to miscon figurations, weak
identity management, and
monitoring.
Day-2 The role of cyber criminals and
Cyber security Criminals versus their motivations. Finally, the
10/01/2024 Cyber security Specialists
chapter explains how to become a
cyber security specialist.
Day-3 Cyber threats are particularly
Threat Arenas
dangerous to certain industries and
11/01/2024
the records they must maintain.
Day-4 The new generation of attacks
Heightened Recognition of Cyber involves intelligent selection of
12/01/2024 security Threats and Threat
victims. In the past, attacks would
complexity
select the low hanging fruit or most
Vulnerable victims.
Day-5 The specialty areas then define
A work force Framework for common types of cyber security
13/01/2024 Cyber security
work like security provisioning,
operate, Collect and analysis etc.
Day-6 International technology
Online Cyber security organizations often sponsor works
14/01/2024 Communities
hops and conferences. These
organizations often keep cyber
security professionals inspired and
motivated

24
ACTIVITY LOG FOR THE SECOND WEEK: - (15/01/2024 - 20/01/2024)

Day Brief description of the Learning Outcome

& daily activity
Date
Day-1 Describe the steps taken to Set up
Project Setup the project environment.
15/01/2024
Day-2 Summarize the data collected for
Exploits Targeting Remote Work the project.
16/01/2024 Infrastructure
Day-3 Provide details on the data cleaning
Data Cleaning and Preprocessing and preprocessing steps
17/01/2024
undertaken.
Day-4 Summarize the key insights gained
Exploratory Data Analysis from the initial EDA.
18/01/2024
(EDA)
Day-5 If applicable, outline the initial
Model Selection considerations for model alizations
19/01/2024
and trends identified in the data.
Day-6 Briefly outline the planned next
Next Step steps based on the findings and
20/01/2024
progress made during the first
week.

25
ACTIVITY LOG FOR THE THIRD WEEK: (21/01/2024 – 26/01/2024)

Day Brief description of the Learning Outcome

& daily activity
Date
Day-1 Detail any further steps taken in
Data Refinement data cleaning and preprocessing.
21/01/2024
Day-2 Outline any feature engineering
Feature Engineering performed during Week 2 and the
22/01/2024 rationale behind those choices.
Day-3 Summarize progress in model
Model Development development. Include insights
23/01/2024 gained, initial model training
results.
Day-4 Describe the chosen validation
Validation Strategy strategy and any insights gained
24/01/2024 from validation results.
Day-5 Report on updates to project
Documentation Updates documentation, including any
25/01/2024 changes to the data dictionary.
Day-6 Highlight any collaborations or
Collaboration and communications with team
26/01/2024 Communication members, stakeholders or clients.

26
ACTIVITY LOG FOR THE FOURTH WEEK: (27/01/2024 – 01/02/2024)
Day Brief description of the Learning Outcome
& daily activity
Date
Day-1 Summarize efforts in refining
Model Tuning and and optimizing the chosen
27/01/2024 Optimization model.
Day-2 Discuss the outcomes of the
28/01/2024 Validation Results model validation, including any
challenges faced and solutions
implemented.
Day-3 Detail any feedback received
Feedback Incorporation from stakeholders or team
29/01/20240 members.
Day-4 If relevant, discuss efforts to
Model Interpretability interpret the model, including
30/01/2024 the exploration of feature.
Day-5 Report on any updates made to
Documentation Updates project documentation.
31/01/2024
Day-6 Summarize any client or
Communication and stakeholder communication
01/02/2024 Reporting during the week.

27
ACTIVITY LOG FOR THE FIFTH WEEK: (02/02/2024 – 07/02/2024)
Day Brief description of the Learning Outcome
& daily activity
Date
Day-1 Summarize the final steps in
Final Model model development, including
02/02/2024 Development any additional optimizations or
adjustments made based on
feedback and validation
results.
Day-2 Present the final evaluation
Model Evaluation metrics for the model.
03/02/2024
Day-3 Outline the plan for deploying
Model Deployment Plan the model into a production
04/02/2024 environment.
Day-4 Confirm that all project
Documentation documentation is up-to-date,
05/02/2024 Finalization including the data dictionary.
Day-5 Summarize any presentations
Client or Stakeholder or demonstrations made to
06/02/2024 Presentation clients or stakeholders during
the week.
Day-6 Share insights gained from the
Lessons Learned project, including challenges
07/02/2024 faced and lessons learned.

28
ACTIVITY LOG FOR THE SIXTH WEEK: (08/01/2024 – 13/02/2024)
Day Brief description of the Learning Outcome
& daily activity
Date
Day-1 Summarize the steps taken to
deploy the model into a
Model Deployment
08/02/2024 production environment.

Day-2 Outline the monitoring plan for

the deployed model.
Post-Deployment
09/02/2024 Monitoring
Day-3 Confirm that all project
Documentation documentation is finalized and
10/02/2024 Finalization comprehensive.
Day-4 Summarize any additional
Client or Stakeholder communications with clients or
11/02/2024 Communication stakeholders.
Day-5 Discuss any remaining tasks or
loose ends that need to be
Project Wrap-Up
12/02/2024 addressed before officially
concluding the project
Day-6 Summarize any team meetings
Meetings and or discussions held during the
13/02/2024 Communication week.

29
ACTIVITY LOG FOR THE SEVENTH WEEK: (14/02/2024 – 19/02/2024)
Day Brief description of the Learning Outcome
& daily activity
Date
Day-1 Summarize the analysis of the
model's performance in the
Post-Deployment Analysis
14/02/2024 production environment.

Day-2 If applicable, discuss any user

feedback received afterthe model's
User Feedback and
15/02/2024 Iteration deployment.

Day-3 Conduct a final review of all

project documentation.
Documentation Review
16/02/2024
Day-4 Provide a final evaluation of the
project's success againstthe initial
Project Evaluation
17/02/2024 goals and objectives.
Day-5 If relevant, document any
knowledge transfer activities to
Knowledge Transfer
18/02/2024 ensure that team members.
Day-6
Outline the plan for archiving
project documentation for future
19/02/2024 Documentation Archive
reference.

30
ACTIVITY LOG FOR THE EIGHT WEEK: (20/02/2024 – 25/02/2024)

Day Brief description of the Learning Outcome

& daily activity
Date
Day-1 Summarize ongoing analysesof the
model's performance in the
Post-Implementation
20/02/2024 production environment.
Analysis

Day-2 If applicable, discuss any

User Feedback and
additional user feedback received
Improvements
21/02/2024 and the iterations.
Day-3 If applicable, confirm the
Knowledge Transfer completion of any knowledge
22/02/2024 Completion transfer activities.
Day-4 Revisit the project's initialgoals and
objectives.
Project Evaluation
23/02/2024
Day-5 If applicable, confirm that allproject
deliverables or responsibilities have
24/02/2024 Final Handover been successfully handed over to
the relevant parties.
Day-6 Express final gratitude to theteam
Acknowledgments and members andstakeholders for their
25/02/2024 Celebrations contributions.

31
ACTIVITY LOG FOR THE NINETH WEEK: (26/02/2024 – 02/03/2024)

Day Brief description of the Learning Outcome

& daily activity
Date
Day-1 Summarize ongoing monitoring
Continued Monitoring and and analysis of the model's
26/02/2024 Analysis performance in the production
environment.
Day-2 If applicable, discuss any final user
User Feedback and Final feedback received and the last
27/02/2024 Iterations iterations.
Day-3 If applicable, confirm that
Knowledge Transfer knowledge transfer activities are
28/02/2024 Confirmation completed.
Day-4 Revisit the project's initialgoals and
objectives.
Final Project Evaluation
29/02/2024
Day-5 Summarize any final team meetings
or discussions heldduring the week.
Meetings and
01/03/2024
Communication
Day-6 Ensure that project documentation is
properly archived for future
2/03/2024 Documentation Archive reference.

32
 ACTIVITY LOG FOR THE TENTH WEEK: (03/03/2024 – 08/03/2024)

Day Brief description of the daily Learning Outcome

& activity
Date
Day-1 Zscaler processes over 500 billion
Daily Transaction Data transactions daily, which helps feed
03/03/2024 into its AI systems to enhance security
protocols, predict breaches, and
recommend policies
Day-2 The platform monitors threats in real-
Daily Threat Detection time, inspecting all traffic, including
04/03/2024 SSL/TLS-encrypted traffic, which
helps stop potential cyberattacks
before they reach users or applications
Day-3 Zscaler continuously releases updates
Updates from Security Cloud on new threat patterns and their
05/03/2024 response capabilities. Recently, the
platform is integrating more AI-based
features for improved detection of
sophisticated attacks
Day-4 Their analytics collect signals on app
User Experience & Operational performance, threats, and user
06/03/2024 Metrics behavior, all of which are processed
daily
Day-5 • Vulnerability Scanners
Cyber security Weapons • Penetration Testing
07/03/2024 • Packet Analyzers.
Day-6 This culminating activity includes
Packet Tracer-Skills Integration many of the skills that you have
08/03/2024 Challenge. acquired during this course.

33
 WEEKLY REPORT

WEEK–1 (From Dt:-09-01-2024 To Dt:14-01-2024)

Objective: To describe the weekly performances in the virtual Internship.

Description: In my first week, I learned about a World of Experts and Criminals

Detailed Report:
• Ability to collect user data contributed by the ourselves

• How to became cyber security specialists to help defeat the cyber criminals that threaten the cyber
world Threats are particularly dangerous to certain industries and the records they must
maintain.
• Greater attention to detection and isolation of cyber-attacks, cyber criminals must be more careful
Security provisioning, operate, collect and analyses etc.,
• Inspired and motivated by cyber security professionals.

34
 WEEK–2 (From Dt:15-01-2024 To Dt:21-01-2024)

Objective: Objective of the Activity Done: Project Setup, Data Cleaning and Preprocessing, Data
Analysis (EDA), Model Selection
Detailed Report:

• Describe the steps taken to set up the project environment, including tools, libraries, and data
sources.
• Summarize the data collected for the project.

• Provide details on the data cleaning and preprocessing steps undertaken.

• Summarize the keyinsights gained from the initial EDA. Includevisualizations and trends

identified in the data.

35
 WEEK–3 (From Dt:21/01/2024 to Dt:26/01/2024)

Objective of the Activity Done: Data Refinement, Feature Engineering, Model Development,
Validation Strategy
Detailed Report:

• Detail any further steps taken in data cleaning and preprocessing. Address specific
challenges encountered and describe the decisions made.
• Outline any feature engineering performed during Week 2 and the rationalebehind those
choices.
• Summarize progress in model development. Include insights gained, initialmodel
training results, and any adjustments made.
Describe the chosen validation strategy and anyinsights gained from validation results.

36
 WEEK–4 (From Dt:27/01/2024 to Dt:01/02/2024)

Objective of the Activity Done: Model Tuning and Optimization, Validation Results,
Feedback Incorporation, Model Interpretability

Detailed Report:

• Summarize the final steps in model development, including any additionaloptimizations or

adjustments made based on feedback and validation results.
• Present the final evaluation metrics for the model. Discuss how well the modelperforms against
the project objectives and success criteria.
• Outline the plan for deploying the model into a production environment.Include
considerations for scalability, monitoring, and maintenance.

37
 WEEK–5 (From Dt:02/02/2024 to Dt:07/02/2024)

Objective of the Activity Done: Final Model Development, Model Evaluation, Model
Deployment Plan, Documentation Finalization.

Detailed Report:

• Summarize the final steps in model development, including any additionaloptimizations or

adjustments made based on feedback and validation results.
• Present the final evaluation metrics for the model. Discuss how well the modelperforms against
the project objectives and success criteria.

• Outline the plan for deploying the model into a production environment.Include
considerations for scalability, monitoring, and maintenance.

38
 WEEK–6 (From Dt:08/02/2024 to Dt:13/02/2024)

Objective of the Activity Done: Model Deployment, Post-Deployment Monitoring,

Documentation Finalization, Client or Stakeholder Communication
Detailed Report:

• Summarize the steps taken to deploythe model into a production environment.

• Outline the monitoring plan for the deployed model.

• Confirm that all project documentation is finalized and comprehensive. Ensurethat it includes
deployment instructions, model monitoring procedures, and any other relevant details.

• Summarize any additional communications with clients or stakeholders Discuss any feedback
received and actions taken.

39
 WEEK–7(FromDt:14/02/2024 to Dt:19/02/2024)

Objective of the Activity Done: Post-Deployment Analysis,User Feedback and Iteration,

Documentation Review, Project Evaluation

Detailed Report:

• Summarize the analysis of the model's performance in the productionenvironment.

• If applicable, discuss any user feedback received after the model's deployment.Detail any iterations
or improvements made based on this feedback.
• Conduct a final review of all project documentation.

• Provide a final evaluation of the project's success against the initial goals andobjectives. Discuss
any key insights, achievements, or areas for improvement.

40
 WEEK–8(FromDt:20/02/2024 to Dt:25/02/2024)

Objective of the Activity Done: Continued Monitoring and Analysis,User Feedback and Final
Iterations, Knowledge Transfer Confirmation, Final ProjectEvaluation.

Detailed Report:
• Summarize ongoing monitoring and analysis of the model's performance in theproduction
environment.
• If applicable, discuss any final user feedback received and the last iterations orimprovements
made to the model or system.
• If applicable, confirm that knowledge transfer activities are completed.

• Revisit the project's initial goals and objectives. Provide a final evaluation ofthe project's overall
success and discuss any lessons learned.

41
 WEEK–09(FromDt:26/02/2024 to Dt:02/03/2024)

Objective of the Activity Done: Post-Implementation Analysis, User Feedback an

Improvements, Knowledge Transfer Completion, Project Evaluation

Detailed Report:

• Summarize ongoing analyses of the model's performance in the production environment.

Discuss any optimizations or adjustments made based on continued monitoring.
• If applicable, discuss any additional user feedback received and the iterations or improvements
made to the model or system.
• If applicable, confirm the completion of any knowledge transfer activities Ensure that team
members
• Revisit the project's initial goals and objectives. Provide a final evaluation of

• the project's overall success and discuss any valuable insights gained.

42
 WEEK–10(FromDt:03/03/2024 to Dt:08/03/2024)

Objective of the Activity Done: Post-Implementation Analysis, User Feedback an

Improvements, Knowledge Transfer Completion, Project Evaluation

Detailed Report:

• Summarize ongoing analyses of the model's performance in the production environment. Discuss
any optimizations or adjustments made based on continued monitoring.
• If applicable, discuss any additional user feedback received and the iterations or improvements
made to the model or system.
• If applicable, confirm the completion of any knowledge transfer activities Ensure that team
members
• Revisit the project's initial goals and objectives. Provide a final evaluation of

• the project's overall success and discuss any valuable insights gained.

43
 CHAPTER 5: OUTCOMES DESCRIPTION

Technical Skills:
Programming Languages:
Python: Widely used for data manipulation, analysis, and machine learning. Libraries likeNumPy,
Pandas, and sickie - learn are commonly employed.

R: Used for statistical modeling and analysis. Popular in academia and certain industries.

Data Manipulation and Analysis:

Pandas: A Python library for data manipulation and analysis.
NumPy: Fundamental package for scientific computing in Python, providing support for large,multi-
dimensional arrays and matrices.

Data Visualization:
Matplotlib: A 2D plotting library for Python.
Seaborn: Built on top of Matplotlib, Seaborn provides a high-level interface for drawingattractive
and informative statistical graphics.
Platy: An interactive graphing library for Python.

Machine Learning:
Sickie-learn: A machine learning library for classical algorithms and tools for data mining anddata
analysis.
Tensor Flow and Porch: Deep learning frameworks widely used for neural networkdevelopment.
Statistical Analysis:
Statistics: A solid understanding of statistical concepts is crucial for hypothesis testing,confidence
intervals, and data interpretation.

Big Data Technologies:

Hadoop: An open-source framework for distributed storage and processing of large data sets.Spark:
A fast and general-purpose cluster-computing framework for big data processing.

Database Management:
SQL: Proficiency in querying relational databases using SQL is essential.
NoSQL databases: Understanding and working with non-relational databases like MongoDBor
Cassandra.

44
Business Skills:
Domain Knowledge:
Industry Understanding: Familiarity with the specific industry or domain the organization operates
in is crucial for interpreting data in a meaningful business context.

Communication Skills:
Data Storytelling: The ability to convey complex findings in a clear and compellingmanner to non-
technical stakeholders.
Visualization Communication: Effectively using visualizations to convey insights toboth technical
and non-technical audiences.

Problem-Solving:
Critical Thinking: The capacity to approach problems with a logical and analyticalmindset.
Decision-Making: Contributing to decision-making processes by providing data-driveninsights.

Collaboration:
Interdisciplinary Collaboration: Working effectively with professionals from diverse fields,
including business analysts, executives, and IT teams.
Teamwork: Collaborating with cross-functional teams to achieve common goals.

Business Strategy Alignment:

Understanding Business Objectives: Aligning data science projects withbroader organizational
goals and strategies.

Return on Investment (ROI) Analysis: Assessing the potential impact and value ofdata science
initiatives.

Project Management:
Project Planning: Effectively planning and organizing data science projects.

Time Management: Meeting deadlines and managing time efficiently.

45
 CHAPTER 7: CONCLUSION

Zero Trust Cloud Security is a modern security framework that ensures secure access to cloud
environments by eliminating the notion of inherent trust within a network. Unlike traditional
security models that rely on a strong perimeter, Zero Trust treats all users, devices, and applications
as potential threats, requiring verification and continuous monitoring at every access point.
Key Components of Zero Trust Cloud Security:
Continuous Verification ("Never Trust, Always Verify"): Every request to access data or
resources must be verified, regardless of whether it originates from inside or outside the network.
This includes robust identity verification through multi-factor authentication (MFA), device
health checks, and user context analysis.
1. Least Privilege Access: Users are granted the minimal level of access necessary to perform their
tasks. This principle ensures that even if a user or device is compromised, they cannot access more
than what is required, reducing the potential impact of an attack.
2. Micro-Segmentation: Instead of securing the entire cloud network with a single perimeter,
micro-segmentation breaks the network into smaller zones, each with its own access policies. This
prevents lateral movement within the cloud, containing threats to one part of the network if an attack
occurs.
3. Endpoint Security and Device Trust: In a Zero Trust model, every device accessing the cloud
is treated as untrusted until proven otherwise. Endpoint detection and response (EDR) tools,
alongside device health checks, ensure that only secure and compliant devices can connect to the
network.
4. Real-Time Monitoring and Analytics: Zero Trust requires ongoing monitoring of network
traffic, user behavior, and system logs. Anomalous activity, such as unusual login attempts or
unauthorized access requests, can be flagged and responded to in real time, ensuring threats are
quickly addressed.
5. Encryption and Secure Access: Data is encrypted both in transit and at rest to protect it from
unauthorized access or exposure during transmission across cloud environments. All
communications are secured through encryption protocols like TLS and VPNs for remote access.
6. Assume Breach Mentality: Zero Trust operates with the mindset that breaches are inevitable.
This means preparing for the worst-case scenario and focusing on minimizing the impact of any
compromise. Regularly auditing systems, improving detection capabilities, and having an incident
response plan in place are critical to reducing breach effects.

46
Challenges:
Complex Implementation: Transitioning from a traditional security model to a Zero Trust
architecture requires significant planning, resource investment, and a clear strategy for integrating
existing infrastructure.
Continuous Management: Zero Trust is not a "set it and forget it" solution. It demands ongoing
monitoring, updates, and adjustments to policies as users and devices change.
Initial Costs: Adopting a Zero Trust approach can involve substantial upfront costs related to
upgrading systems, purchasing new security tools, and training personnel.

Benefits of Zero Trust Cloud Security:

Enhanced Protection: By verifying every access request and limiting permissions, Zero Trust
significantly reduces the risk of data breaches, insider threats, and unauthorized access.
Improved Scalability: As organizations adopt hybrid or multi-cloud environments, Zero Trust's
scalable architecture can protect assets across on-premises and cloud systems without relying on a
single perimeter.
Compliance: Zero Trust frameworks align well with regulatory requirements such as GDPR,
HIPAA, and PCI-DSS, providing enhanced data protection and privacy controls.
Resilience Against Evolving Threats: Zero Trust is designed to address the challenges of modern
cybersecurity, where attackers continuously innovate and adapt.

47
Student Self Evaluation for the Summer Internship

Student Name : YERVA VENKATA ASHOK REDDY

Registration No : 218X1A1266
Period of Internship : From: 09/01/2024 to 19/03/2024
Date of Evaluation :
Name of the Person in charge : Mr. KOPPISETTY R.M.C. SEKHAR M. Tech., (Ph.D.,)
Address With Mobile Number : Guntur,9390642805

Please rate your performance in the following areas:

Rating Scale: 1 is the lowest and 5 is the highest value

1) Oral Communication 1 2 3 4 5

2) Written Communication 1 2 3 4 5

3) Initiative 1 2 3 4 5

4) Interaction with staff 1 2 3 4 5

5) Attitude 1 2 3 4 5

6) Dependability 1 2 3 4 5

7) Ability to learn 1 2 3 4 5

8) Planning and organization 1 2 3 4 5

9) Professionalism 1 2 3 4 5
10) Creativity 1 2 3 4 5

11) Quality of work 1 2 3 4 5

12) Productivity 1 2 3 4 5

13) Progress of learning 1 2 3 4 5

14) Adaptability to the organization’s culture/policies 1 2 3 4 5

15) OVERALLPERFORMANCE 1 2 3 4 5

Date: Students Sign

Evaluation By the Person in Charge

Student Name: YERVA VENKATA ASHOK REDDY Registration No: 218X1A1266

Term of Internship: 10Weeks from: 09/01/2024 to 08/03/2024

Date of Evaluation :

Organization Name & Address : EDUSKILLS

Name of The Person In Charge : Mr. KOPPISETTY R. M. C. SEKHAR M. Tech., (Ph.D.,)

Please rate the student’s performance in the following areas:

Please note that your evaluation shall be done independent of the student’s self-evaluation

Rating Scale: 1 is lowest and 5 is highest rank

1) Oral Communication 1 2 3 4 5

2) Written Communication 1 2 3 4 5

3) Initiative 1 2 3 4 5

4) Interaction with staff 1 2 3 4 5

5) Attitude 1 2 3 4 5

6) Dependability 1 2 3 4 5

7) Ability to learn 1 2 3 4 5

8) Planning and organization 1 2 3 4 5

9) Professionalism 1 2 3 4 5
10) Creativity 1 2 3 4 5

11) Quality of work 1 2 3 4 5

12) Productivity 1 2 3 4 5

13) Progress of learning 1 2 3 4 5

14) Adaptability to the organization’s culture/policies 1 2 3 4 5

15) OVERALLPERFORMANCE 1 2 3 4 5

Signature of the Supervisor