lOMoARcPSD|48290280

FORTINET – NETWORK SECURITY ASSOCIATE AICTE

VIRTUAL INTERNSHIP
Computer Science (Jawaharlal Nehru Technological University-Gurajada)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by Hemanth Darling ([email protected])
 lOMoARcPSD|48290280

FORTINET – NETWORK SECURITY ASSOCIATE

An Summer Internship - Report Submitted in Partial Fulfilment of the

Requirements for the award of Degree of

Bachelor of Technology
In
Computer Science and Engineering

Submitted By

PYLA SAI DHANUSH

20KD1A05F1

Jan 2024 - March 2024

Department of Computer Science and Engineering

Lendi Institute of Engineering and Technology (A)

(Affiliated to Jawaharlal Nehru Technological University, GV)

Approved by AICTE, Accredited by NBA & NAAC with 'A' Grade

Vizianagaram-535005

2023 - 2024

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Lendi Institute of Engineering and Technology (A)

(Affiliated to Jawaharlal Nehru Technological University, GV)
Approved by AICTE, Accredited by NBA & NAAC with ‘A’
Grade Vizianagaram-535005

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

BONAFIDE CERTIFICATE
This is to certify that the Summer Internship entitled “FORTINET- NETWORK SECURITY
ASSOCIATE” is a bonafide record of the work done by PYLA SAI DHANUSH
(20KD1A05F1) under the supervision and guidance of Mr.P.Guru Charan , Assistant Professor,
Department Of Electronics & Communication Engineering in partial fulfillment of the
requirements for the award of the degree of Bachelor of Technology in Computer Science and
Engineering from Lendi Institute of Engineering and Technology (Affiliated to JNTUGV),
Jonnada, Vizianagaram for the year 2024.

Internal Examiner Head of the Department

External Examiner

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

CERTIFICATE

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

ACKNOWLEDGEMENT

With great solemnity and sincerity, we offer our profuse thanks to our management, for
providing all the resources to complete our project successfully. We express our deepest sense
of gratitude and pay our sincere thanks to our faculty coordinator who is
Mr.P.Guru Charan, Assistant Professor, Department of Electronics & Communication
Engineering , who evinced keen interest in our efforts and provided his valuable guidance
throughout our project work.

We thank our Internship coordinator Mr.D.Madhu Babu, Associate Professor who has
made her support available in a number of ways and helped us to complete our project work
in correct manner.

We thank our Dr. A. RAMA RAO, Head of the Department of Computer Science
& Engineering who helped us to complete our internship work in a truthful method.

We thank our gratitude to our principal Dr. V.V. RAMA REDDY, for his kind attention and
valuable guidance to us throughout this course in carrying out the internship.

We also thankful to All Staff Members of Department of Computer Science & Engineering,

for helping us to complete this internship work by giving valuable suggestions.

All of the above we great fully acknowledge and express our thanks to our parents who have
been instrumental for the success of this internship which play a vital role.

PYLA SAI DHANUSH

[20KD1A05F1]

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

DECLARATION

I hereby declare that the virtual internship work entitled “FORTINET – NETWORK
SECURITY ASSOCIATE ” submitted to the JNTU GV is a record of an original work done
by Faculty coordinator under the esteemed guidance o f Mr.P.Guru Charan, Assistant
Professor, Department Of Electronics & Communication Engineering, Lendi Institute of
Engineering & Technology. This internship work is submitted in the partial fulfillment of the
requirements for the award of the degree Bachelor of Technology in Computer Science &
Engineering. This entire internship is done with the best of our knowledge and is not submitted
to any university for the award of degree/diploma.

PYLA SAI DHANUSH

[20KD1A05F1]

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

VISION

To be a frontier in computing technologies to produce globally competent computer

science engineering graduates with moral values to build a vibrant society and nation.

MISSION

➢ Providing a strong theoretical and practical background in computer

science engineering with an emphasis on software development.

➢ Inculcating professional behavior, strong ethical values, innovative

research capabilities, and leadership abilities.

➢ Imparting the technical skills necessary for continued learning towards

their professional growth and contribution to society and rural
communities.

PROGRAM EDUCATIONAL OBJECTIVES (PEOs)

PEO-1: Graduates will have strong knowledge and skills to comprehend latest
tools and techniques of Computer Engineering so that they can analyze, design and
create computing products and solutions for real life problems.

PEO-2: Graduates shall have multidisciplinary approach, professional attitude and

ethics, communication and teamwork skills, and an ability to relate and solve social
issues through computer engineering.

PEO-3: Graduates will engage in life-long learning and professional development to

adapt to rapidly changing technology.

PROGRAM SPECIFIC OUTCOMES (PSOs)

PSO-1: Ability to grasp advanced programming techniques to solve contemporary

issues.

PSO-2: Have knowledge and expertise to analyze data and networks using latest
tools and technologies.
Downloaded by Hemanth Darling ([email protected])
 lOMoARcPSD|48290280

PSO-3: Qualify in national and international competitive examinations for successful

higher studies and employment.

PROGRAM OUTCOMES (POS)

PO-1 Engineering Knowledge: Apply the knowledge of mathematics, science,
engineering fundamentals, and an engineering specialization to the solution of complex
engineering problems.

PO-2 Problem Analysis: Identify, formulate, review research literature, and analyze
complex engineering problems reaching substantiated conclusions using first
principles of mathematics, natural sciences, and engineering sciences.

PO-3 Design/development of Solutions: Design solutions for complex engineering

problems and design system components or processes that meet the specified needs
with appropriate consideration for the public health and safety, and the cultural,
societal, and environmental considerations

PO-4 Conduct Investigations of Complex Problems: Use research-based knowledge

and research methods including design of experiments, analysis and interpretation of
data, and synthesis of the information to provide valid conclusions.

PO-5 Modern Tool Usage: Create, select, and apply appropriate techniques, resources,
and modern engineering and IT tools including prediction and modeling to complex
engineering activities with an understanding of the limitations.

PO-6 The Engineer and Society: Apply reasoning informed by the contextual
knowledge to assess societal, health, safety, legal and cultural issues and the
consequent responsibilities relevant to the professional engineering practice.

PO-7 Environment and Sustainability: Understand the impact of the professional

engineering solutions in societal and environmental contexts, and demonstrate the
knowledge of, and need for sustainable development.

PO-8 Ethics: Apply ethical principles and commit to professional ethics and
responsibilities and norms of the engineering practice.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

PO-9 Individual and Team Work: Function effectively as an individual, and as a

member or leader in diverse teams, and in multidisciplinary settings.

PO-10 Communication: Communicate effectively on complex engineering activities

with the engineering community and with society at large, such as, being able to
comprehend and write effective reports and design documentation, make effective
presentations, and give and receive clear instructions.

PO-11 Project Management and Finance: Demonstrate knowledge and understanding

of the engineering and management principles and apply these to one’s own work, as
a member and leader in a team, to manage projects and in multidisciplinary
environments.

PO-12 Life-Long Learning: Recognize the need for, and have the preparation and
ability to engage in independent and life-long learning in the broadest context of
technological change.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

ABSTRACT

This project report delves into the immersive experience gained during an internship at Fortinet as a
Network Security Associate. The internship provided an invaluable opportunity to delve into the
multifaceted realm of network security, exploring concepts ranging from threat detection and
mitigation to the deployment of robust security solutions. Throughout the internship, a hands-on
approach was adopted, allowing for practical application of theoretical knowledge in real-world
scenarios.

The report begins with an overview of Fortinet's role in the cybersecurity landscape, highlighting its
position as a leading provider of innovative security solutions. It then delves into the specific
responsibilities undertaken as a Network Security Associate, which encompassed tasks such as
configuring firewalls, conducting vulnerability assessments, and analyzing network traffic for
potential threats. Furthermore, the report elucidates the methodologies employed to address security
challenges, including the implementation of intrusion detection systems and the utilization of
advanced encryption protocols.

Additionally, the report reflects on the key learnings and insights gained throughout the internship,
emphasizing the importance of proactive security measures in safeguarding networks against
evolving threats. It concludes with a discussion on the significance of continuous learning and
adaptation in the field of cybersecurity, underscoring the need for dynamic strategies to mitigate
emerging risks effectively. Overall, the internship experience at Fortinet served as a catalyst for
personal and professional growth, providing a solid foundation for future endeavors in the realm of
network security.

Keywords:

Fortinet , Network Security , Threat Detection , Mitigation ,Firewall , Vulnerability

Outcomes:

Our Internship titled “FORTINET – NETWORK SECURITY ASSOCIATE” is mapped

with the following PO’s and PSO’s:

Program Outcomes : PO1, PO2, PO3, PO4, PO5, PO6, PO7, PO8, PO9,PO10, PO11,
PO12

Program Specific Outcomes : PSO1, PSO2

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

INDEX

S.NO TITLE PAGE NUMBER

1. Introduction 1

2. NSE-1 2-3
Functions & Tools 4-6
2.2 Lan Basic Modules 7-10
2.3 Lan Topologies 11-14
2.4 Ethernet Media Types 15-16
2.5 The Seven Layer Model 17-21

3. NSE-2 22-24
3.1 Cyber Security Overview 25-26
3.2 Principles of Information Security 27
3.3 Threat Landscape Overview 28-34
3.4 Threat Intelligence 35-37
3.5 Attack Frame Works 38-39
3.6 Social Engineering Module 40
3.7 Social Engineering Modules 41-44
3.8 Malware Module 45-46

4. NSE -3 47
4.1 Cryptography and PKI Module 48
4.2 Ciphers Lesson 49
4.3 Keys and Cryptographic Algorithms 50-51
4.4 Secure Network Module 52-53
4.5 Zero Trust Principles 54-55
4.6 Authentication and Access Control 56-57
Module
4.7 Single-Sign On 58-61

5. Challenges and problem solving 62-63

6. Learning and Insights 64
7. Internship Objectives 65
8. Impact on career goals 66
9. Conclusion 67

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

INTRODUCTION
The introduction section serves as the gateway to understanding the context and objectives of
the virtual internship within Fortinet’s NSE program. It is essential to provide a clear overview
of the program and the specific goals you set out to achieve during your internship.

Fortinet's Network Security Expert (NSE) program is a renowned initiative designed to equip
individuals with comprehensive knowledge and skills in network security. As a globally
recognized leader in cybersecurity solutions, Fortinet has created a structured program aimed
at preparing professionals to excel in the field of network security. The NSE program offers a
progressive certification path, with NSE 1 serving as the foundational level, followed by NSE
2 and NSE 3, which provide more advanced and specialized knowledge.

A Network Security Expert specializing in Fortinet solutions is a professional with in-depth

knowledge and experience in implementing, managing, and securing networks using Fortinet's
suite of products and services. These experts are skilled in configuring firewalls, intrusion
prevention systems, VPNs, and other security measures to safeguard networks against cyber
threats. They possess a strong understanding of Fortinet's security technologies and best
practices, ensuring robust protection for organizational infrastructures against
evolving cyber risks.

This is the entry-level certification. It covers the basics of network security and Fortinet's
product portfolio. NSE 1 provides an understanding of the cybersecurity landscape, the basics
of network security technologies, and an introduction to Fortinet's products and services.topics
like firewall technologies, security policies, and how to configure and manage Fortinet devices
effectively.

This certification focuses on specialized areas within the Fortinet ecosystem. NSE 3 provides
expertise in areas such as secure access, advanced threat protection, or other specific Fortinet
solutions. It's designed for those who need a more comprehensive understanding of specific
security concepts within Fortinet's offerings.

Each level of NSE certification provides progressively more detailed and advanced
knowledge, preparing individuals to effectively design, implement, and manage Fortinet's
security solutions in diverse network environments.

NSE 1 serves as the starting point for those new to network security or Fortinet's security
solutions. It lays the foundation for individuals seeking a career or professional development
in cybersecurity, offering a comprehensive overview of the cybersecurity landscape and
Fortinet's security technologies.
Downloaded by Hemanth Darling ([email protected])
 lOMoARcPSD|48290280

NSE-1
The Fortinet Network Security Expert Level 1 (NSE 1) certification is the foundational level
of training and education offered by Fortinet, providing fundamental knowledge about
cybersecurity and Fortinet's security products and services.

Here's a detailed breakdown of what NSE 1 encompasses:

Fortinet's Product Portfolio: The certification introduces learners to Fortinet's wide range of
products and solutions. It covers an overview of Fortinet's security fabric, including firewall
technologies, VPNs, intrusion prevention systems, and other security features available within
Fortinet's offerings.

Introduction to Cybersecurity: NSE 1 provides an introductory understanding of

cybersecurity, covering basic concepts, threats, and the importance of security in the digital
landscape. It aims to lay a solid groundwork by explaining the key aspects of cyber threats,
attack vectors, and essential security measures.

Security Fundamentals: Participants in NSE 1 gain insights into security policies, the basic
principles of firewall management, and the configuration of security devices. It covers the
basics of setting up security rules and policies to protect network infrastructures.

Training Material and Resources: Fortinet typically provides training materials, online
modules, and resources, including documentation, videos, and interactive courses to help
individuals prepare for and understand the concepts covered in NSE 1.

Foundational Knowledge: NSE 1 provides a fundamental understanding of cybersecurity,

covering essential concepts, threats, and the significance of security in the digital realm. It
serves as an entry point for individuals aiming to begin a career in network security or seeking
to understand the basics of cybersecurity principles.

Self-Paced Learning: NSE 1 typically allows individuals to progress through the materials at
their own pace, enabling a flexible learning experience to accommodate varying schedules and
learning speeds

Preparation for Advanced Certifications: NSE 1 acts as a stepping stone for individuals
looking to pursue further certifications within Fortinet's Network Security Expert program. It
lays the groundwork for more advanced levels by providing a solid understanding of
cybersecurity and Fortinet's products.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Structured Learning: NSE 1 typically follows a structured curriculum that introduces

learners to cybersecurity fundamentals, covering threats, vulnerabilities, and essential security
measures in a systematic manner.

Online Modules and Resources: Fortinet often provides online modules, training materials,
documentation, videos, and interactive resources to facilitate self-paced learning. These
materials enable individuals to understand the concepts covered in the certification.

The Fortinet NSE 1 certification is the entry point into the NSE program. It equips individuals with the
basics of cybersecurity threats and how Fortinet's solutions can address them.

Here's some additional information you might find helpful:

Target Audience: NSE 1 is ideal for anyone interested in cybersecurity, including beginners with no
prior knowledge, IT professionals looking to broaden their skillset, and even non-technical users who
want to understand cybersecurity risks.

 Content: The NSE 1 course covers topics like:

o Various cyber threats and vulnerabilities
o Network security concepts like firewalls and VPNs
o Fortinet's security solutions and their functionalities

 Benefits of NSE 1 Certification:

o Validates foundational cybersecurity knowledge
o Demonstrates understanding of Fortinet security products
o Serves as a stepping stone for further NSE certifications

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

FUNCTIONS AND TOOLS

Cybersecurity Introduction: NSE 1 serves as an entry point for individuals new to

cybersecurity, providing a foundational understanding of the threat landscape and the
importance of security measures in protecting networks and data.

Fortinet Product Familiarization: It introduces learners to Fortinet's range of security

products, giving an overview of firewalls, VPNs, intrusion prevention systems, and other
components within Fortinet's security ecosystem.

Basic Security Practices: NSE 1 covers essential security practices, including security
policies, fundamental firewall management, and device configuration, enabling participants to
understand how to establish security measures to protect network infrastructures.

Training Materials: These can consist of online modules, documents, videos, and interactive
content, which serve to educate individuals about cybersecurity basics and Fortinet's product
portfolio.

Documentation and Guides: Fortinet often provides comprehensive documentation and

guides about basic cybersecurity principles, threat landscapes, and an overview of their
security products.

Online Learning Platform: Participants might access Fortinet's learning platform, which
offers a structured curriculum to follow through the certification program. This platform may
include interactive resources to aid in understanding the foundational concepts of
cybersecurity and Fortinet products.

Simulations or Basic Configurations: While not extensively hands-on, some NSE 1

programs might include basic simulations or practical exercises to help learners understand
how security policies, firewall rules, or device configurations are applied.

The NSE 1 certification itself is primarily knowledge-based, focusing on theoretical understanding

cybersecurity functions and Fortinet products. However, some NSE 1 training programs might
incorporate simulations or practical exercises to enhance learning and retention.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

These simulations or exercises could involve:

 Configuration examples: Trainers might demonstrate basic firewall rule configurations or policy setup a
simulated platform to illustrate real-world application of the learned concepts.
 Matching exercises: Matching security threats with corresponding Fortinet security solutions can
reinforce understanding of how these products address specific cybersecurity challenges.

While these exercises won't be as in-depth as labs in higher-level NSE certifications, they can provide
valuable practical insights into how the theoretical knowledge translates into real-world security
configurations and decision-making.

Here are some additional points to consider:

 The inclusion of simulations or exercises can vary depending on the specific NSE 1 training program you
choose.
 If hands-on practice is a priority for you, look for NSE 1 programs that explicitly mention simulations or
practical exercises in their curriculum.
 Fortinet offers NSE certification practice tests that can help assess your knowledge without a fully hands-
on experience.

Functions Covered in NSE 1:

 Network Security Fundamentals: You'll learn about core network security concepts like:
o Access Control: Techniques to restrict access to network resources.
o Threat Detection and Prevention: Identifying and stopping cyber threats like malware and intrusions.
o Data Encryption: Securing data transmission and storage.
o VPN (Virtual Private Network): Creating secure encrypted tunnels for remote access.
o Firewalls: Filtering incoming and outgoing network traffic.
 Fortinet Security Products: The NSE 1 course introduces key Fortinet security products and their
functionalities, including:
o FortiGate: A next-generation firewall that provides threat protection, intrusion prevention, and application
control.
o FortiAnalyzer: A centralized management platform for analyzing security logs and events across your
network.

FortiClient: An endpoint security solution that protects user devices from malware and other threats.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Tools You'll Encounter:

 Fortinet Security Fabric: An integrated security architecture that unifies Fortinet security products for
holistic network protection.
 Command-Line Interface (CLI): The interface used to configure and manage Fortinet security devices.
 Fortinet Management Center: A web-based GUI for managing and monitoring Fortinet security
deployments.

The NSE 1 exam doesn't require in-depth knowledge of these tools, but it provides a basic understanding of
their functionalities and how they relate to the covered security functions.

Additional Information:
 While NSE 1 doesn't involve hands-on labs, some resources might provide basic configuration examples
using the CLI.
 Fortinet offers demos and trial versions of their security products, which can be helpful for visualizing
these tools in action.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

LAN Basics Module

A LAN is a local area network. A WLAN is a wireless local area network. A LAN uses
cabling connectivity between attached devices. A WLAN uses radio frequency connectivity
between devices. Both LANs and WLANs operate within a limited geographic area and allow
multiple users to have access to shared, high-bandwidth media. Both are controlled privately
under local administration and provide corporations with many benefits. A LAN is made up of
the following components. LANs provide full-time connectivity to local services and connect
physically adjacent devices like switches and APs. In a LAN, the attached devices can both
send and receive at the same time, in most implementations. WLANs also provide
connectivity to local services and allow access to those services through a device called an AP.
APs connect the radio frequency environment and the wired network environment. In a
WLAN, connected devices generally take turns sending and receiving, in most
implementations. A LAN that extends over several buildings at a single site is referred to as a
campus area network. Campus area networks allow network access, resource sharing, and
sharing of data storage across the entire site. They are usually locally managed, but may
outsource connectivity and management services. Here are some common examples. A WAN,
or wide area network, connects local networks and campus area networks to other networks
and can connect one city with other cities, across the globe. Common examples of WANs are
the internet and the telephone network. In most cases, service providers provide the
infrastructure for these connections. The service providers tend to be cable, cellular, and
telephone companies. The data rates available to customers are generally lower than inside a
corporate LAN. While a campus area network may span a city, an enterprise network may
include connections that span over a wider, even global, area. An enterprise network provides
the benefits of network access, resource sharing, and access to data storage for the entire
enterprise. Enterprise networks may provide security using tunneling and encryption for data
transfer. They may allow the adding of resources to existing network capacity, referred to as
scalability. An enterprise network can consist of any or all types of networks, including
personal area networks—PANs, local area networks—LANs, wireless local area networks—
WLANs, campus area networks—CANs, metropolitan area networks—MANs, storage area
networks—SANs, and wide area network—WANs connections. Most aspects of enterprise
networks are managed under a single administrative body with contractual services offered by
a service provider for MANs, WANs, and, occasionally, CANs Enterprise networks are large
corporate networks that belong to.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

You can now achieve these objectives. In wireless networks, full-duplex mode is not possible.
If two stations send data simultaneously, then the radio frequency (RF) signals interfere with
each other and the data is corrupted. In wireless networks, the CSMA/CA access method
specifies half duplex mode only. Half duplex means that a station can send or receive, but not
both at once. A station that has data to send must first listen to the medium (in this case, the
radio frequency) to determine whether another station, is already sending data. If so, the
station that needs to send data, the second station, must wait until the original station has
finished sending data. Often times, the transmitting station does not hear the transmission of
another station across the RF. This results in a collision and causes a delay. The CSMA/CA
protocol specifies: listen before talk. In the topology depicted on screen, a desktop station is
connected by a cable to switch. The switch is also connected to an AP (wireless LAN access
point), and a notebook is connected, by radio frequencies, to the same AP. Network Models
Lesson Welcome to the Network Models lesson. Click Next to get started. After completing
this lesson, you will be able to achieve these objectives. In a peer-to-peer model, all nodes in
the network communicate equally. No centralized server is implemented. It is an inexpensive
solution and appropriate for a network with 10 computers or less. In most cases, no backup
facility is available. It is the preferred solution for small office or home office environments
where there is no budget for a network administrator or high-performance servers.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Up until the early eighties, processing power and memory were expensive. Therefore, all
processing intelligence and application software capability was centered in a computer
referred to as a mainframe. Users accessed the applications and capabilities of the mainframe
through end devices that had little or no processing intelligence themselves. These were
referred to as "dumb terminals". Because all of the intelligence was in the mainframe, the
mainframe would sometimes become bogged down processing all of the transactions for all of
the terminals. Today, client-server architecture distributes intelligence. Intelligent personal
computers (clients) share processing of data for applications and databases running on a
server. Each user has the power of a computer on the desktop rather than sharing the power of
the mainframe with many other users. The data is centralized, but the computing power is
distributed. A server is a computer that runs service applications to which the users on the
network have access. This can include word processing, spreadsheet applications, email, or a
database. A server can also hold files for users, or have an optical drive attached to it, such as
a DVD-ROM for mass storage, or a laser printer, to which many users have access. In a
classical server farm, a server is a single piece of hardware dedicated to a single function.
Therefore, multiple pieces of hardware are required to perform several functions. One server
might be dedicated to directory and security services; a second server might be dedicated to
file storage; a third server might be dedicated to managing a database, email, or some other
functionality.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

As discussed previously, a server is a computer that runs software applications to which the
users on the network have access. This can include word processing, spreadsheet applications,
email, or a database. A server may also offer access to computing, processing, and networking
resources that are divided among different sets of services that are isolated from each other on
the server. This is a concept referred to as virtualization and improves efficient use of server
resources. All computers on the network run an operating system (OS). End-user computers
run operating systems appropriate to the tasks typically performed on end-user systems.
Servers have special OSs. The clients, or users on the network, usually run a computer
operating system, also just referred to as their OS. The OS moves information around in the
computer- from input device to memory to hard disk, and supports a wide variety of
applications ranging from photo processing, to word processing, email, web browsers, and
more. Here are some common examples of an OS. They also run a client portion of the
network operating system in order to communicate with servers and other components on the
network.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

LAN Topologies
The topology of a network refers to the way in which its components are connected. That is, it
refers to how the computers, printers, and other equipment are connected to the network. Two
different concepts of topology can be distinguished: logical topology and physical topology.
Logical topology refers to the path that signals take from source to destination. Physical
topology refers to the way in which devices are cabled. In this lesson, you will take a closer
look at two physical topologies:

LAN bus network topology was developed by Xerox Corp. and is the basis for how Ethernet
works. The bus topology is one of the simplest of the network topologies to use. Click Start to
begin. That’s it. All devices receive the signal and all devices share the same physical
bandwidth. Click Next to continue. Bus networks work best with a small number of devices. If
more than a few dozen computers are added to a network bus, performance problems will
likely result. A major disadvantage of a physical bus topology is that if a single station fails, it
may take down the rest of the network. In addition, if the backbone cable fails, the entire
network fails. In a physical star topology, all stations are connected to the LAN through a
central point, usually a device called a hub or a switch. A principal advantage of the star
topology, compared to a physical bus topology, is that if a single station fails, it does not
generally take down the rest of the network. It is also much easier to add a new station to the
network.

All that is required is to plug the new station in to an available port on the central device.
Multiple hubs or switches can be interconnected to form tree or hierarchical network
topologies. Star topologies are most often implemented with low-cost UTP cabling. Hubs are
no longer seen in industrial and corporate networks, though some hubs may still be in use in
small office or home office environments. For the most part, switches have replaced hubs as
the central point of star topologies. You've completed the lesson. You can now achieve these
objectives. An access method is the term given to the set of rules by which networks arbitrate
which station is allowed to transmit to the medium at any given time. In this way, the LAN
protocol prevents data transmissions from crashing into each other on the network. If such a
thing occurs, it is called a collision. Networks need access methods for the same reason streets
need traffic lights-to prevent vehicles from hitting each other. Think of an access method as a
form of traffic regulation. The network cable is the street. Traffic laws (or the access method)
regulate the use of the street (or cable), determining who can drive (or send data), where, and

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

when.

Although many LAN standards exist, two major ones are most often used today: Ethernet
implemented on fullduplex physical connections has taken the place of CSMA/CD and
CSMA/CA is most commonly implemented on WLANs. A switch is a network device that
permits LAN devices to connect and communicate using full-duplex connections. The most
common access method in use today is Ethernet full duplex in a dedicated switched
environment. A dedicated switched environment means that a single station is attached to each
switch port. In this case, because there are four wires inside the LAN cable, two wires can be
used to transmit and two wires can be used to receive simultaneously.

1. Dominance of Ethernet and Full Duplex: Ethernet, particularly in full-duplex mode, has become the
dominant standard for wired LAN communication. It surpasses older methods like CSMA/CD (Carrier
Sense Multiple Access with Collision Detection) used in shared media like coaxial cables.

2. Switches and Full Duplex Connections: Switches are intelligent networking devices that create
dedicated connections between devices on a LAN. Unlike hubs that share bandwidth, switches enable full-
duplex communication, where data can be transmitted and received simultaneously.

3. Dedicated Switched Environments: In a dedicated switched environment, each device has its own
dedicated port on the switch. This eliminates the need for collision detection protocols like CSMA/CD, as
there's no competition for bandwidth on a shared medium.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

4. Four-Wire Advantage: Standard Ethernet cables have four wires. In full-duplex mode, two wires are
used for transmitting data and two for receiving simultaneously, maximizing the efficiency of the
connection.

Understanding Your Wired Network: Ethernet, Full-Duplex, and Switches

The backbone of modern Local Area Networks (LANs) relies on a powerful combination: Ethernet, full-
duplex communication, and switches. This trio works together to provide efficient and reliable data
transfer within your network. Here's a detailed breakdown:

Ethernet: The King of Wired Networks

Ethernet is the dominant standard for wired LAN communication. Unlike older methods that shared
bandwidth and relied on collision detection, Ethernet offers a dedicated connection for each device. This
translates to faster and more reliable data transfer. Imagine a highway with dedicated lanes for each
direction; that's the efficiency Ethernet brings.

Full-Duplex Communication: Sending and Receiving Simultaneously

Ethernet shines even brighter when operating in full-duplex mode. This allows data to be transmitted and
received simultaneously on separate channels. Think of it like a two-way conversation where both parties
can speak at the same time without interrupting each other. This is a significant improvement over half-
duplex communication, which takes turns sending and receiving data, leading to delays.

Switches: The Intelligent Traffic Directors

Switches are network devices that make full-duplex communication in Ethernet possible. Unlike hubs,
which simply broadcast data to all connected devices, switches act like intelligent traffic directors. They
learn the MAC addresses (unique hardware addresses) of connected devices and direct data packets only
to their intended recipient. This eliminates unnecessary traffic and ensures efficient data flow.

Dedicated Switched Environments: Unlocking Full Potential

A dedicated switched environment is the ideal setup for maximizing the benefits of Ethernet and full-
duplex communication. In this scenario, each device has its own dedicated port on the switch. This
avoids any competition for bandwidth, as seen in shared media environments. With dedicated ports,
switches can truly leverage the full potential of full-duplex mode, resulting in smooth and uninterrupted
data transfer.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

The Four-Wire Advantage

Standard Ethernet cables have four wires. In full-duplex mode, these wires are cleverly utilized: two
wires handle data transmission, while the other two manage data reception. This separation allows for
simultaneous sending and receiving, optimizing the cable's capabilities.

Benefits of this Powerful Trio:

 Faster Speeds: Full-duplex communication significantly increases data transfer speed compared to older
methods.
 Reduced Latency: Simultaneous sending and receiving minimizes delays, leading to a more responsive
network.
 Improved Reliability: Dedicated connections and intelligent switching minimize data collisions and
errors.
 Efficient Bandwidth Utilization: Switches eliminate unnecessary traffic broadcast, making better use of
available bandwidth.

The combination of Ethernet, full-duplex communication, and switches forms the foundation of a robust
and efficient wired LAN. Understanding these core elements helps you appreciate the technology that
keeps your devices connected and information flowing smoothly within your network.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Ethernet Media Types

Ethernet is one of the most widely used networking protocols in the world. The Ethernet
protocol specifies an access method for governing access to a shared network environment. It
offers a format for the transmission of data across the shared network and specifications for
cabling to connect devices to the network. For Ethernet, the digital information or data to be
transmitted on the network is sent in a structured format called a frame. This frame is like an
envelope of additional information put around the actual data. When a letter is sent through the
postal system, it is first placed inside an envelope. Specific address information must be on the
envelope so that the postal service can deliver it to the right person. Like the envelope, frames
also contain address information; both the address of where it is to go and the address of
where it came from, so the network can deliver the information to the right station.

There are certain rules that define how frames are structured and handled, just like there are
rules that must be followed when sending letters through the postal system. These network
rules are referred to as network protocols. Network protocols specify how large or small
frames can be, what information can be contained in the frame, and so on. Frames can vary in
size. In a shared network environment, rules facilitate communication between hosts. A
network technology specifies rules for each of the following. Ethernet is one of the most
common network technologies today. Ethernet, as a LAN technology, includes data
transmission speeds between 10 megabits per second and 400 gigabits per second. All the
devices on the network share this bandwidth. This is known as shared media. Ethernet can use
a logical bus topology, in which all of the end devices connect to the same physical network
and take turns transmitting, or it can be implemented on full duplex connections.

In today’s Ethernet networks, full duplex is the access method that is usually used in cabled
environments. Ethernet also allows for a variety of physical topologies, as well as many
different types of cabling. Ethernet supports the following cable types. A common trend in
wiring Ethernet networks was to use shielded twisted-pair (UTP) cable. 1000BASE-T, which
uses UTP cable, has been a popular implementation for Ethernet. "T" stands for twisted pair.
This type of cabling has eight wires, two of which are twisted around each other in pairs to
reduce electromagnetic interference (EMI).

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

It is based on the IEEE 802.3 standard. 1000BASE-T supports a data rate of 1000 Mbps using
baseband transmission. BASE stands for baseband and means that there is one channel on the
wire, contrasted with broadband transmission, which has multiple channels on the same wire.
The cable uses RJ-45 connectors, and the network interface card has an RJ-45 socket built in.
The introduction of Fast Ethernet, running at 100 Mbps, required different specifications.

The 100BASE-X standard provides cabling specifications for supporting the 100 Mbps data
rate in different areas of a network. It is also an older specification that is now used only to
connect end devices to the network. High-capacity networks require even higher transfer rates
than the 100 Mbps offered by the Fast Ethernet standard. The Gigabit Ethernet standard was
originally developed for up to 10 Mbps, but it now runs at up to 400 Gbps. Gigabit Ethernet
links are often used from the access layer to the backbone or core network. Also, most server
platforms have Gigabit Ethernet interface cards that provide high-speed access. The standards
for Gigabit Ethernet are IEEE 802.3x and 802.3z. Most of Gigabit Ethernet protocols are
adapted from fiber channel.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

The Seven Layer Model

Prior to standardization of the network industry, many systems had their own method of
communication. Networking standards had to be developed and the ISO introduced the OSI
model, commonly known as the Seven Layer model. The Seven Layer model offers many
benefits. Here are a few. The Seven Layer model is a conceptual model used to describe
standards of communication functions within a networking system. The upper three layers, the
application layers, focus on the programmatic functions of network systems. The lower four
layers, the data flow layers, focus on the networking or data flow of networks systems. The
transport layer, or Layer 4, is the primary interface between the programmer and the
networker. Here are the upper layers of the Seven Layer model.

Here are the data flow layers of the Seven Layer model. Host-to-host communication, often
referred to as peer-to-peer communication, sends data from a host to the corresponding layer
on another host or horizontal communication. Because connectivity occurs at the physical
layer, the data must be programmatically moved down the stack layers, sent across the
physical layer, and sent up the stack layers on the receiving device.

This is called vertical communication, and is often referred to as encapsulation down the
layers and decapsulation up the layers or stack. The upper layer, or Applications layers, of the
Seven Layer model, generate data. The generated data is handed down to the Transport layer,
where it is divided and encapsulated into segments. Segments are passed down to the Network
layer, where they are encapsulated into packets that are addressed with the logical address of
the destination. Packets are then passed down to the Data Link layer, where they are
encapsulated in frames that are addressed with the physical address of the next device in the
network path. Finally, the frames are converted to bits, which are most commonly represented
as either ones or zeroes, and sent across the media. On the receiving device, the opposite
occurs.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

.The Layers of OSI model :-

Application layer The OSI model Layers 5 through 7 map to a single TCP/IP Application
layer. This Application layer is often referred to as Layers 5 through 7.

Transport layer The OSI model Layer 4 maps to the TCP/IP Transport layer, which is often
referred to as Layer 4.

Internet layer The OSI model Layer 3, or the Network layer, maps to the TCP/IP Internet
layer. This is why the world wide web is called the "internet", because it operates at the
Internet layer in the TCP/IP model. Note that the Internet layer and its addressing is often
referred to as Layer 3 IP addressing, in order to differentiate it from Layer 2 MAC addressing.

Network layer The OSI model Layers 1 and 2 map to a single TCP/IP Network Access layer
or Link layer. Click Next to continue. As the data moves down the stack, encapsulation
occurs, and each layer defines a PDU. The application data produced by the upper layers can
be very large, so the Transport layer often needs to break up the data into smaller segments, so
that it will fit into individual packets. The Transport layer then prepends a transport header,
which includes an application or port number. When the segment is passed down to the
Network layer, the packet header is prepended with the logical address of the destination. The
packet is sent down the Data Link layer. The Data Link layer might prepend an LLC header to
provide for acknowledged delivery of the frame, if needed, but will prepend a MAC header
and an FCS trailer to the frame. The frame is sent over the media as bits. Click each button to
explore an example of data encapsulation.

After completing this lesson, you will be able to achieve these objectives. The Physical and
Data Link layers are very dependent on each other. In fact, in the TCP/IP Model, these two
layers are combined into a single link layer, also called the Network Access layer. Data Link
Layer At the Data Link layer, data is formatted into a frame. The frame will include a
destination address, a channel number, or circuit number, to direct the traffic to the target
device. Depending on the standard defining the frame structure, the frame may also include
the source address. The service access point or type code will indicate the service or type of
network packet being carried inside the frame. Each data link standard may include network
topology information, whether connectionless or connection oriented. Connection-oriented
network topologies may utilize frame sequencing and flow control.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Physical Layer The Physical layer defines physical media properties, such as media type,
connector type, and signaling type. The media types include, but are not limited to, copper,
single-mode or multi-mode fiber, and wireless—both radio and microwave. The connector
types depend on the media types, and can include RJ45 connectors on UTP copper, or various
fiber pair connectors. Signaling type will define the frequencies, clocking, modulations,
voltages, and distances of the connection. Here are just a few of the Data Link and Physical
standards. It is important to note that while many standards are distinctly separated between
the two layers, Ethernet II, as a standard, defines both the Data Link and Physical layers. LAN
media may use the LLC to refer to the upper layer and network layer packet types.

1. Data Framing:

Imagine a delivery truck carrying various packages. The data link layer takes packets of data from the
network layer and breaks them down into smaller manageable units called frames. Each frame includes
additional information like:

 Source and destination MAC addresses: These unique addresses identify the sender and intended
receiver of the frame, similar to a package having a sender and recipient address.
 Data Type: This specifies the type of data contained in the frame, like email, video, or web browsing
information.
 Error Detection: The data link layer adds error-checking bits to the frame. These bits allow the receiving
device to detect any errors that might have occurred during transmission.


2. Media Access Control (MAC):

In a shared network environment (like a busy street), multiple devices might try to transmit data
simultaneously, leading to collisions. The data link layer utilizes MAC addresses to manage this. Each
network device has a unique MAC address assigned by the manufacturer, similar to a license plate on a
car. The data link layer uses MAC addresses for:

 Identifying Devices: It recognizes devices on the network and ensures frames are delivered to the correct
recipient.
 Controlling Access: It employs protocols like Carrier Sense Multiple Access with Collision Detection
(CSMA/CD) to avoid collisions. CSMA/CD makes devices listen for ongoing transmissions before
sending their own data, preventing data corruption.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

3. Error Detection and Correction (Optional):

While some data link layer protocols only perform error detection, others might also handle basic error
correction. They can identify errors using the error-checking bits added to the frames and potentially
retransmit corrupted data.

4. Flow Control:

Imagine a busy restaurant with an overwhelmed waiter. The data link layer implements flow control
mechanisms to prevent data overload on the receiving device. It regulates the data transmission rate to
ensure the receiver can process the incoming frames efficiently.

In essence, the data link layer acts as a reliable data delivery service provider within a network
segment. It ensures data gets packaged correctly, reaches the intended recipient, and arrives free of
errors. By performing these crucial functions, the data link layer lays the groundwork for smooth
communication across networks.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Unveiling the Nuances of the OSI Model

While understanding the functionalities of each layer in the OSI model is essential, here's some extra
information to broaden your knowledge:

Benefits of the OSI Model:

 Standardization: The OSI model provides a common language for network communication, enabling
diverse systems from different vendors to interoperate seamlessly.
 Troubleshooting: By isolating issues to specific layers, the OSI model simplifies network
troubleshooting. You can pinpoint problems arising from the physical connection (Layer 1) or issues
related to routing (Layer 3).
Education and Reference: The OSI model serves as a foundational framework for network engineers
and anyone interested in understanding network communication.

Real-World Application: Not a Rigid Hierarchy

It's important to remember that the OSI model is a conceptual framework, not a rigid hierarchy. In real-
world implementations, some functions might be combined or occur across multiple layers. For example,
some network devices might perform encryption (Layer 6) and transmission (Layer 1) within a single
hardware component.

Beyond OSI: Alternative Models

While the OSI model remains a cornerstone, other models exist like the TCP/IP model with a different
layer structure. The TCP/IP model focuses on practical implementation details rather than theoretical
separation of functionalities.

Criticisms and Limitations:

The OSI model has received some criticism for being overly theoretical and not always reflecting the
exact functionalities within specific protocols. Additionally, the model predates the widespread adoption
of wireless communication and may not fully address all modern network challenges.

The OSI Model's Enduring Value:

Despite its limitations, the OSI model remains a valuable tool for understanding the fundamental
principles of network communication. It provides a structured approach for learning about network
protocols and troubleshooting network issues.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

NSE-2
NSE-2 serves as the next level in Fortinet's certification track, focusing on enhancing the
understanding of Fortinet's security products and their application in real-world scenarios. It
typically follows the foundational learning acquired in NSE-1, offering a more detailed and
advanced view of Fortinet's offerings.

Firewalls:

Firewalls act as a barrier between a trusted internal network and untrusted external networks,
such as the internet. They examine incoming and outgoing traffic and apply access control
policies to allow or block traffic based on predefined rules. There are different types of
firewalls, including stateful firewalls, proxy firewalls, and application-layer firewalls, each
offering varying levels of security and control.

Intrusion Detection and Prevention Systems (IDS/IPS):

IDS monitors network traffic for signs of suspicious or malicious activity, such as unusual
traffic patterns or known attack signatures .IPS goes a step further by actively blocking or
preventing suspicious activities when detected. Both IDS and IPS are critical for identifying
and responding to potential network threats.

Access Control:

Access control mechanisms determine who can access what resources on the network.
Authentication verifies the identity of users, while authorization specifies what actions or
resources they are allowed to access. Access control lists (ACLs) and role-based access
control (RBAC) are common methods for managing access.

Encryption:

Data encryption involves converting data into a secure, unreadable format using encryption
algorithms. Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encrypt data during
transmission, while disk encryption secures data at rest. End-to-end encryption ensures that
data remains confidential throughout its journey, even if intercepted.

Virtual Private Networks (VPNs):

VPNs create secure, encrypted tunnels for remote users or branch offices to access the

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

corporate network over the internet. Common VPN protocols include IPsec (Internet Protocol
Security) and SSL VPNs. VPNs protect data from eavesdropping and provide secure remote .

Network Segmentation:-

Segmenting a network involves dividing it into separate zones or subnetworks with specific
access controls. This restricts lateral movement of attackers and limits the impact of security
breaches, should they occur.

Security Policies and Procedures:

Security policies outline the organization's approach to network security, including acceptable
use, password policies, and incident response procedures. Procedures provide detailed steps
for implementing and enforcing security policies.

Security Awareness and Training:

Educating employees and users about security best practices is crucial for preventing human
error and social engineering attacks. Training helps users recognize phishing attempts, use
strong passwords, and follow security policies.

Vulnerability Management:

Vulnerability assessments involve scanning for known security vulnerabilities in network

devices and applications. Patch management ensures that security patches are applied to
address vulnerabilities in a timely manner.

Incident Response:

Incident response plans detail the steps to take when a security incident occurs, including how
to contain, mitigate, and recover from the incident. This process helps minimize damage and
maintain business continuity.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Security Technologies:

Security technologies include antivirus software to detect and remove malware, intrusion
detection and prevention systems (IDS/IPS), network monitoring tools, and advanced threat
detection solutions.

Regulatory Compliance:

Many industries have specific regulatory requirements related to network security, such as the
Health Insurance Portability and Accountability Act (HIPAA) in healthcare or the General
Data Protection Regulation (GDPR) in Europe. Compliance with these regulations involves
implementing specific security measures and reporting requirements.

Security Technologies:

Security technologies include antivirus software to detect and remove malware, intrusion
detection and prevention systems (IDS/IPS), network monitoring tools, and advanced threat
detection solutions.

Regulatory Compliance:

Many industries have specific regulatory requirements related to network security, such as the
Health Insurance Portability and Accountability Act (HIPAA) in healthcare or the General
Data Protection Regulation (GDPR) in Europe. Compliance with these regulations involves
implementing specific security measures and reporting requirements.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Cybersecurity Overview

Cybersecurity is the collective methods, technologies, and processes that protect computer
systems, networks, and the information they contain. Note that cybersecurity is more than
technology. In addition to technology, it is also the correct actions and behaviors of people
that keep computer systems safe. By the end of this module, you will be equipped with some
of the fundamental conceptual knowledge of IT security. You will learn about the principles of
information security that give direction to IT security professionals in their day-to-day
activities. And you will have greater insight into the process of identifying what information
needs protection and how much protection it requires. You will learn about the first-line of
defense against cyberattacks. In addition, you will become familiar with some of the essential
information security terms.

These topics include some of the critical knowledge that all cybersecurity professionals are
expected to know, and upon which more specific technological information will be built.
Proceed to the first lesson to get started. After completing this lesson, you will be able to
achieve these objectives: l Describe the terms cybersecurity, information security, and
information systems security. l Explain how IT security determines what information needs
protecting. l Explain the first line of defense against cyberattacks. What is cybersecurity?
Cybersecurity is the practice of protecting computer networks, devices, and information from
damage, loss or unauthorized access. It is important to note that cybersecurity protects digital
information from cyberthreats.

The protection of information means the preservation of confidentiality, integrity, and

availability of information in the cyberspace. Cybersecurity professionals act to protect
servers, endpoints, databases, and networks by finding security gaps and misconfigurations
that create vulnerabilities. Cybersecurity can be divided into five categories: critical
infrastructure security, application security, network security, cloud security, and the Internet
of Things (IoT) security. Note that other organizations may categorize the types of
cybersecurity differently or label them differently. In addition to these five categories there are
the people and processes that use technology to defend computer systems, networks, and the
information therein. These different categories reflect the extent that computer technologies
have transformed the world.

From online management of gas pipelines or electrical grids to applications that allow you to
buy and sell goods online to collaborating with work colleagues irrespective of geography to
renting data storage in the cloud to tracking printer toner and maintenance, all of these
technologies have transformed how people live and how they do business.
Downloaded by Hemanth Darling ([email protected])
 lOMoARcPSD|48290280

The digital transformation has realized enormous efficiencies, expanded unheard of

conveniences, supplied omnipresent access to information, and exponentially increased
productivity, which has grown wealth and improved the quality of life. For example, people
living in remote areas of the world can access medical experts using computer technologies.
Personal medical information can be collected locally and transferred to medical experts to
assist in diagnosis and remedies. Without securing computer networks and the links that
connect them, all of these advances are at risk. Information security, also known as InfoSec, is
the practice of protecting information. InfoSec includes the tools and processes used for
preventing, detecting, and remediating attacks and threats to sensitive information, both digital
and physical. InfoSec also includes documenting the processes, threats, and systems that affect
the security of information.

Some information is labelled as unprotected, meaning that no controls are necessary, while
some information is labelled as protected, meaning that some level of protection and control is
required. Depending on the protected information’s criticality, it could be labelled
confidential, secret, or top secret. Each successive protected level requires more rigorous
control and safeguards. Information systems security is a part of InfoSec. It is defined as the
protection of information systems against unauthorized access, modification, destruction, or
the denial of access to authorized users. Information systems include the devices, computer
networks, and physical locations that store or transmit sensitive information.

The form of the information can be digital or physical. Given what you now know about the
terms discussed in this lesson, you can conclude that information systems security is a subset
of InfoSec and cybersecurity is a subset of information systems security. Given the importance
of protecting this cyber infrastructure, which is vital to the continued prosperity and quality of
life to much of the world, certain precautions can be taken. It starts with people and education.
Numerous studies have identified human error as the leading cause of network and computer
breaches.

This situation can be addressed by educating people at work and at home to think before
clicking and to help them identify phishing attacks and other common attack methods by bad
actors. Another first line of defense, both at work and at home is to prepare for disaster and
plan for recovery. If you do regular backups of your data and these are kept safely offline, then
should your data be deleted or corrupted by malware, or encrypted by ransomware, you can
restore your data with the least amount of data loss and interruption.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

Principles of Information Security

After completing this lesson, you will be able to achieve these objectives: l List the principles
of information security. l Describe the terms authentication, authorization, and accounting.
There is a triad of principles that constitutes the objectives of information security. These
principles are confidentiality, integrity, and availability which form the letters C-I-A. Private
information must remain confidential.

You need to know who is trying to access the information and whether or not they are
authorized to access it. You must also have assurance that the information is authentic, in
other words has integrity. The information must be protected from an unauthorized change,
and if it is altered then you must be alerted to this fact. Last, authorized parties must have
access to the information. Technologies, policies, and processes must be in place to ensure
reliable availability. Together, these three principles constitute the CIA triad.

Conversely, Infosec works to prevent the disclosure and alteration of information. In addition,
it strives to ensure that authorized parties are not denied information. These characteristics,
known as the DAD triad, are the opposite of the CIA triad. Disclosure exposes confidential
data to unauthorized parties. The alteration of data, or the inability to test for alteration, makes
the data untrustworthy Denial of information prevents legitimate and authorized agents from
accessing data. An effective security solution, such as a network firewall, will help neutralize
the DAD triad.

Authorization is the process of controlling access to resources. During authorization, a user

can be granted privileges to access certain areas of a network or system. The areas and sets of
permissions granted a user are stored in a database along with the user’s identity. The user’s
privileges can be changed by an administrator.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

24

Threat Landscape Overview

What is a threat landscape? A threat landscape is the collection of threats in a given context or
domain and includes information about the perpetrators of the threats: the bad actors. In the
context of cybersecurity, the threat landscape includes all known and possible threats to
computer networks. The introduction of new technologies and methods ensures a dynamic
landscape where evolving new threats arise on an ongoing basis. Understanding the nature of
the threats posed to your network arms you with the knowledge to counter and defeat attacks
against computer systems.

The lessons in this Threat Landscape module provide an essential understanding of the
following fundamentals necessary to achieve your goals. You will be able to: Identify the
different types of bad actors and hackers by their motivations and tactics. Different types of
bad actors are more likely to attack certain verticals or types of businesses. For example,
hospitals are big targets of cyber criminals who want to ransom valuable medical information
to enrich themselves. A nation’s department of defense is more likely to be attacked by other
nation state threat actors, who are more interested in stealing state secrets than extracting
money from their victims.

Therefore, by knowing your enemy you are better equipped to counter their attacks. You will
be able to: Describe attack vectors, cybersecurity threats, and the categories that cyberthreats
fit into. Understanding the classification of threats gives you insight into how attacks can be
carried out. Again, this can help you to identify weaknesses in your environment and take
precautions to reduce the attack surface. You will be able to: Define threat intelligence and
explain how it is processed. For information to be threat intelligence, it must be relevant,
actionable, and contextual. If it is not all of these things, then it is not threat intelligence.

However, this is also very situational, so what is intelligence for one organization may not be
intelligence for another. You will be able to: Describe different attack frameworks, such as the
Cyber Kill Chain and MITRE ATT&CK. Attack frameworks give you a glimpse into the
anatomy of a cyberattack. Understanding the chain of actions in an attack enables you to
anticipate your enemy’s actions and counter them. Also, frameworks like MITRE ATT&CK
are rich in information and threat intelligence that you need to be an effective IT security
professional.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

24

Click Next to get started. After completing this lesson, you will be able to achieve these
objectives: l Describe the different types of bad actors and their motivations. l Describe the
different categories of hackers. What is a bad actor? Bad actors, also known as threat actors,
are persons who try to steal, sabotage, or stop you from using computer systems or accessing
information that you are authorized to use and that is stored on or in transit between
computing devices.

There can be a myriad of motivations for their criminal behavior, and these different
motivations not only influence their attack methods but provide insight into their character and
beliefs. Bad actors can be grouped into types based on their character, motivations, and the
common attack methods that they use. It’s important to note that bad actors are NOT a
homogeneous group. While there are various types of bad actors who have different
motivations that help explain their activities, you should not view a bad actor as a mysterious
hooded character who works in a dark basement, in another country, or in another city.

The types of bad actors are explorer, hacktivist, cyberterrorist, cybercriminal, and
cyberwarrior. The explorer is perhaps the least nefarious of all the bad actor types. Notoriety is
the biggest motivator within this group. The explorer is curious about the kinds of weaknesses
that exist on computer networks and strives to find and exploit them.

They do not intend to inflict serious damage, but they might change a page on a website to
embarrass someone or do something to advertise to the world how clever they are. One
method used by explorers and other bad actor types is called phishing. Essentially, they trick
people into giving up personal information. An example of phishing is an email from a
seemingly legitimate source to a broad group of people.

The ingredients of a successful phishing attack are, one, to gain the trust of the recipient or at
least to appear innocuous, and two, to manufacture an emergency to force the recipient to act.
There are variants of phishing that can be deployed as well. Spear phishing also uses email,
but the email is directed at a specific person or group.

The explorer also might choose to call or text you, better known as smishing and vishing.
While not using email, the same ingredients are required for the scheme to be successful.
Phishing and its variants, however, are not exclusive to the explorer, and other bad actor types
might use them for their own purposes. Click the icons and buttons for more information.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

24

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

24

A phishing email might state that some business demands the recipient’s immediate attention
and a link to the organization’s site is provided for their convenience. The link, however, does
not direct their browser to the legitimate site but rather takes them to a look-a-like rogue site.
The rogue site provides the login page and the victim dutifully types their username and
password. When the victim clicks submit the rogue site returns a message that their password
was incorrect. A link is provided to the legitimate login page, the victim tries again, and this
time logs in successfully.

Because people often type their passwords quickly and sometimes make mistakes, the victim
may not be alerted to the fact that something fishy has transpired. But meanwhile, the bad
actor has the victim’s username and password and can now log in as them. Unlike the self-
interested explorer, hacktivists are fervent believers in an external cause. They are motivated
by ideology or are animated by an emotive force. The hacktivists’ idealism drives them to act
collectively in common cause against an enemy. While hacktivists may collectively crusade
against a specific corporation, or go after political or social organizations that they feel did
something bad, their extremism demands anonymity and online groups, by nature, are
fragmented. A common strategy of hacktivists is to build a botnet in secret.

To make a botnet, the hacktivist sets up a command-and-control (C&C) server that is

accessible on the internet. This is a central coordination point for all the botnet nodes. Next,
they craft malware that, once installed on some unsuspecting computers, waits patiently for
instructions from the C&C server. The C&C server instructs thousands of botnet nodes to send
messages to the targeted server, which becomes overwhelmed by requests and stops
responding. This is called a distributed denial-of-service (DDoS) attack. Hacktivists lack the
computer resources to make a successful DDoS attack, so they must gain control of thousands
of other people's computers. The cyberterrorist has more in common with the hacktivist than
the explorer. Their motivation is also driven by ideology, but their violence is directed more
broadly against a society.

While hacktivists are content with punishing their enemies, cyber terrorists strive to intimidate
and destabilize a society by destroying or disrupting computer or communication networks.
They like to target online infrastructure, such as nuclear power plants, natural gas pipelines,
and electrical power grids. This type of online infrastructure is called operational technology.
Like hacktivists, and unless they are sponsored by a nation state, they lack the resources to
inflict catastrophic destruction and must beg, borrow, and steal technology to mount effective
attacks. Unlike hacktivists, cyberterrorists operate more like a cohesive virtual army. They
have structure and direction.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

24

They can deploy tactics such as DDoS to attack targets, but a favorite method is spear
phishing. Once they have identified a person with extensive network privileges, they target
them with a carefully planned social engineering campaign. The motivation of a cybercriminal
is more self-centered: They want money plain and simple. They achieve this goal by a
combination of phishing, theft of identities or credit cards, which they use or sell on the black
market, or ransomware.

Ransomware is a type of malware that blocks access to computer information or systems until
a ransom is paid. Sometimes there can be multiple motivations for a group, or two or more bad
actor types. For example, it would not be unusual for cybercriminals and cyberterrorists or
cyberwarriors to collaborate on an attack or to exist within the same group. In the example of
the 2021 cyberattack against Colonial Pipeline, the criminal organization’s host country is
suspected to have abetted or approved of the attack.

Cyberwarriors are motivated by the national interests of their home country. Whether
cyberwarriors are good, bad or neutral depends on which nation-state they fight for. Their
methods are vast and sometimes secret, and their missions include espionage, extortion, and
embarrassment on the one hand, to using targeted cyberweapons to disrupt, damage, or destroy
critical infrastructure on the other. They like to leverage unpatched vulnerabilities in common
operating systems and applications. These are known as zero-day exploits—presumably
because when the exploit is launched, the vendor has zero days to fix the problem.
Cyberwarriors do intensive research on these common operating systems and applications,
finding weaknesses, bugs, and other behaviors that they can use to attack the enemy’s
computersystems.

The weaknesses must remain a secret until they can be used because once they are known the
vendor will issue a patch immediately. Just as there are different types of bad actors, there are
different categories of hackers, each identified by a symbolic color. The main categories are:
white hat, black hat, grey hat, and blue hat. A white hat is an ethical hacker who, with proper
authorization, probes the network to identify vulnerabilities. In contrast, a black hat is a hacker
who attacks a network for profit or to cause harm. A grey hat is a hacker who attacks a
network, contradicting lawful and ethical behavior, but who does not have the same malicious
intent as a black hat hacker.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

24

This category most closely aligns with the explorer bad actor. A blue hat hacker is a variant of
a white hat. This category of hacker refers to outside computer security consulting firms that
are employed for penetration testing of a system prior to its launch and with the intent to
detect and close vulnerabilities.

After completing this lesson, you will be able to achieve these objectives: l Describe
cybersecurity threats and list examples. l List the main cyberthreat categories. l Describe the
attack vectors profiled. What is a cybersecurity threat? A cybersecurity threat is an action
exploiting a vulnerability that results in harm to a network or computer system. Bad actors are
the instigators of cybersecurity threats. They exploit different attack vectors to achieve their
goals. Broadly speaking, an attack vector is a method used by a bad actor to illegally access or
inhibit a network, system, or facility.

You can deduce that cybersecurity threats are a subset of attack vectors. What is meant by
method? Specifically, the method is how a vulnerability is exploited. There are three
components that comprise an attack vector: (1) the vulnerability, (2) the mechanism or object
that exploits the vulnerability, and (3) the pathway to the vulnerability. Here are a couple of
examples. Diego receives an email from a colleague asking him to review an attached
document. He saves the document to his hard drive and opens it. Unbeknownst to Diego, the
sender was not really his colleague and the document installed malware onto his computer. In
this example, the vulnerability is the user, the mechanism is the malware and the socially
engineered message that convinced him to download the document, and the pathway is the
email. In another example, an authorized person is entering a server room, which is a restricted
zone.

He notices a technician laden with boxes and computer equipment loitering outside. She
explains that she needs to upgrade some equipment but forgot her access pass. Although, the
authorized person doesn’t recognize her, she sounds convincing and he wants to be helpful, so
he opens the door and she passes through. While in the server room she discretely connects a
USB device to one of the servers that installs malware. In this example, the vulnerability was
the authorized person and an unprotected server.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

24

The pathway was the door into the server room and the USB device that released the malware.
As you see from these two examples, attack vectors can be divided into electronic social
engineering, physical social engineering, and technical, which includes vulnerabilities such as
computer misconfiguration. You may have noticed in this last scenario that there were
multiple attack vectors. The bad actor first needed to access the facility before she acquired
access to the server room, and the server infection was merely the first stage in a chain of
events that may include reconnaissance and the exfiltration of data.

The preparation of an attack campaign is sometimes referred to as an attack path. An attack

path is the chain of events that occurs when attack vectors are exploited. Cybersecurity threats
can be divided into four categories: social engineering, malicious software (known as
malware), unauthorized access to physical places or computer systems, and system design
failure. Social engineering is the act of using psychological manipulation to trick people into
taking some action that is contrary to their best interests, such as disclosing confidential
information. The ingredients of a successful social engineering attack usually involve gaining
the trust of the victim and then compelling them to act. Malware is software that is designed to
disrupt, damage, or gain unauthorized access to a computer system.

Unauthorized physical access could be a bad actor following an authorized person through a
door after they have swiped their badge. This is known as tailgating. Unauthorized digital
access could be a bad actor looking over someone’s shoulder as they type their credentials.
System design failure is a security flaw in a computer system or application that the bad actor
exploits to gain access to a computer system. There are many examples of cyberattacks that
fall into one or more of these categories. Attack vectors can be categorized in several ways
and are often combined with other vectors to achieve the desired result. For example, a
distributed denial-of-service (DDoS) attack involves a command and control (C&C) server
signaling to thousands of infected computers to send requests to a targeted server at the same
time.

However, before a DDoS attack can be invoked, the bad actor must first infect thousands of
computers. How do they do that? One common method is phishing. The bad actor can send a
phishing email to millions of unsuspecting users, and some of those users will click on the link
provided that will install malware on their computers. Other forms of phishing, such as whale
phishing or spear phishing, may not be suitable for setting up a DDoS botnet, or farm of
infected computers, but they would be suitable for installing Trojan horse malware or
ransomware on a specific individual’s computer. Whale phishing is a phishing attack aimed at
a high-value target, such as a CEO or CFO of an organization.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

25

These individuals are targets because they have access privileges to servers and databases,
which the bad actor wants access to. The email is carefully crafted to be plausible and
personalized to ensure the target is not alerted to the scam. Within the email could be an
attached document or a link. Once opened, the document appears entirely harmless, but behind
the scenes malware is installed on the target’s computer. This is known as a Trojan horse
attack. From there, the malware can leverage the individual’s network privileges to access and
infect other computers. The initial targeted computer is merely the access point to the network
in a multi-staged attack.

As you can see, some attack vectors, such as phishing, are used to exploit a weakness to gain a
foothold in a computer system, while other attack vectors, such as DDoS, ransomware, and
Trojan horse, are used during the post-exploit stage. The exploited weakness can be human,
computer technology, or a combination of the two. In the case of phishing, the weakness is
human nature. It is a default trait of human nature to trust, especially if a request seemingly
comes from an official source or if you know the person or thing who is making the request.
An example of exploiting computer technology during the pre-exploit stage is the birthday
attack.

This attack exploits a weakness in some hashing algorithms, which are often used to protect
passwords. Last, a brute force attack is typically a method to steal someone’s credentials. It
involves simply trying every possible combination until the bad actor guesses correctly, but
success relies on the targeted individual using a weak password. This type of attack is pre-
exploit and relies on human fallibility. If you were a network administrator, you could
neutralize this attack by implementing a strong password policy. As this suggests, there are
many counteractions that you can take against the listed attack vectors. Throughout this
course, you will be introduced to more attack vectors deployed by bad actors and the measures
used to counter them.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

25

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

25

Threat Intelligence

According to Gartner, threat intelligence is evidence-based knowledge, including context,

mechanisms, indicators, implications and actionable advice, about an existing or emerging
menace or hazard to assets that can be used to inform decisions regarding the subject's
response to that menace or hazard. This definition tells you that threat intelligence possesses
three requisite characteristics. Threat intelligence is Information that is relevant, actionable,
and contextual. Threat intelligence must be relevant to your organization. For example, if you
receive information that there is a new computer virus that exploits a vulnerability in macOS,
but your organization does not use Apple products, then this information is not relevant to
your organization.

While it would be relevant to an organization that uses Apple products, it does not qualify as
threat intelligence for your organization. Threat intelligence must be actionable, meaning that
the intelligence provides sufficient information for you to take steps to protect your
organization. For example, if you learned that the bad actor group Dynamite Panda had just
launched a new campaign of attacks against medical facilities, this alone does not provide you
with enough information to act upon. Threat intelligence must be contextual, meaning that
there is enough information to enable an intelligence analyst to assess the threat.

The macOS vulnerability mentioned earlier is a good example. While a vulnerability in

macOS could be a cause for concern, if your organization is properly managing and scanning
its network assets, the security team should be able to quickly determine whether there are any
macOS devices anywhere on the network. If none exist, then there is most likely no threat to
the organization from the vulnerability. It is that additional context—knowledge network
assets—that can turn information into threat intelligence. The Dynamite Panda story example
can also support this point. The information that this bad actor group exclusively targets
specific US verticals becomes threat intelligence because it helps you to assess the threat to
your own organization. When viewed or considered on their own, many pieces of information
do not amount to threat intelligence.

Externally, threat intelligence can come from a variety of sources and the information is often
free. Some external sources of threat intelligence are government sites, such as the Department
of Homeland Security, the FBI, and the National Institute of Standards and Technology
(NIST) in the United States. These sites generally do not provide specific intelligence about
individual malware, but they do offer useful advice about how to protect yourself from attacks,
such as ransomware, and timely information about trending scams and attack methods.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

25

Intelligence can come from private sources, such as the SANS Institute and FortiGuard, the
Fortinet research and threat intelligence service. Some FortiGuard services are offered by
subscription, but much of the threat intelligence found on the FortiGuard website is available
for free. It describes how individual malware variants work and uses a severity rating system
to rank the danger that these variants pose. Organizations can use this information to prioritize
resources to counter the most dangerous threats. There is also the Common Vulnerability
Scoring System (CVSS). CVSS is a free and open industry standard used to assess computer
system vulnerabilities. A CVSS assessment produces a numeric score to rate severity.

The score, which rates the vulnerability from zero to ten—ten being the most severe—is
computed using different sets of metrics. The metrics include factors, such as how exploitable
the vulnerability is, how the vulnerability impacts systems, and how effective mitigation
efforts are against new exploits as the campaign progresses. For a more detailed description of
these metrics, search for common vulnerability scoring system in
nvd.nist.gov/vulnmetrics/cvss. CVSS is an example of open-source intelligence (OSINT). If
you search the internet for OSINT, you will discover many other sources of free threat
intelligence. Another invaluable public source for cyberthreat intelligence is MITRE
ATT&CK. MITRE ATT&CK freely shares a knowledge base of adversary tactics and
techniques. Finally, there are verticals that share threat intelligence. For example, banks in
Brazil share their threat intelligence with each other. There are also other threat intelligence
services and tools, including open-source intelligence, like Maltego and the MISP project.
There are also some recognized standards that help to share and describe cyberthreats in a
language that is understood by the cyber intelligence community. One standard is called
structured threat information expression (STIX). Another is called trusted automated exchange
of indicator information (TAXII). STIX is defined as a collaborative, community-driven effort
to define and develop a structured language to represent cyberthreat information.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

30

It provides information about bad actors, incidents that have occurred, indicators of
compromise (IoC), and the tactics and exploits used to carry out attacks. STIX also
recommends actions to mitigate the incidents that it reports. TAXII is an application protocol
for exchanging cyber threat intelligence (CTI) over HTTPS. It defines a RESTful API and a
set of requirements for TAXII clients and servers. By using standardized services, messages,
and message exchanges, TAXII eliminates the need for customized point-to-point exchange
implementations and facilitates the sharing of vital CTI. As the diagram shows, an
organization that is a TAXII client can request information and publish new threat intelligence
to a TAXII server, which then can be shared with other subscribers.

Click the underlined term for more information. While knowing where to collect threat
intelligence is a good first step, knowing how to use the threat intelligence is arguably more
important, because inert information is worthless. There is a process that you can follow to
convert mass data into purposive threat intelligence that can be acted upon. First, identify the
primary threats to your network; that is, those threats that are the most vital to stop. Because
there is an inexhaustible volume of cyberthreats, it is impossible to stop them all, and to
attempt to do so would dangerously disperse and diminish cyber defenses.

Websites such as CVSS and FortiGuard will help you answer this question, because they
provide intelligence about the most current threats with their severity ratings. But relevant
threats may also be determined by your organization’s vertical or business. For example, if
you are protecting a hospital from cyberattacks, then ransomware is likely high on the list of
attack methods employed by threat actors. On the other hand, if you are defending the
Department of Defense, then attacks involving exfiltration are more likely. Second, assemble
threat information from your internal and external sources. Third, process this information.
This might involve focusing on information that is most relevant to the primary threats that
you identified in the first step. Processing will also likely entail defining baselines of normalcy
in network activities.

The purpose of this is to help you recognize abnormal network activities. By separating the
noise from the signal–eliminating the inconsequential data–you are better able to focus on and
process the relevant information. Fourth, analyze the information and look for indicators of
compromise (IoC). Fifth, disseminate your analysis, along with any new information, to
friends and partners. This effort is facilitated by STIX and TAXII. And sixth, implement
lessons learned during the process.

20KD1A05F1
Downloaded by Hemanth Darling ([email protected])
 lOMoARcPSD|48290280

30

Attack Frameworks
To better understand and defend against cyberattacks, it is helpful to examine the various
frameworks that have been developed to classify and analyze them. These frameworks provide
a structure for identifying the different stages of attack, discerning the different tactics used
during those stages, analyzing their impact, and developing strategies for prevention and
response. Attack frameworks were developed in response to cyberattacks that were more
sophisticated and protracted than in the past. These types of attacks, which can involve
extended periods of surveillance and planning before methodically attacking a targeted
computer network, are often referred to as advanced persistent threats (APTs). While attack
frameworks embody extensive knowledge about attackers’ tactics and techniques, they are
more than a knowledge base. Rather, you should view attack frameworks as a toolbox for
cybersecurity professionals to enhance an organization’s security posture. Lockheed Martin’s
Cyber Kill Chain and MITRE ATT&CK are only two of several cyberattack frameworks in
the industry.

You are likely to use at least one of these frameworks during a career in cybersecurity. One of
the most widely used frameworks for analyzing cyberattacks is the Cyber Kill Chain,
developed by Lockheed Martin in 2011. The Cyber Kill Chain is a seven-step model that
describes the stages of a cyberattack, from the initial reconnaissance and weaponization of the
attack method to the final exploitation and exfiltration of data. The first step in the Cyber Kill
Chain is reconnaissance, in which the attacker gathers information about the target and its
vulnerabilities.

This may involve using tools such as search engines, social media, and other open sources to
gather intelligence about the target organization and its systems. The second step is
weaponization, in which the attacker creates a payload or exploit that can be delivered to the
target. This may involve creating malware or other malicious code, such as a virus or Trojan
horse, and packaging it in a way that is difficult to detect. For example, this could be an
innocuous-looking but infected Microsoft Word document that is intended to be delivered by
way of a phishing email.

The third step is delivery, in which the attacker delivers the payload to the target. This may
involve sending an email with a malicious attachment, or exploiting a vulnerability in a
website to inject the payload into the target's system. The fourth step is exploitation, in which
the attacker uses the payload to gain access to the target's systems or data.

20KD1A05F1
Downloaded by Hemanth Darling ([email protected])
 lOMoARcPSD|48290280

31

The sixth step is command and control, in which the attacker establishes a means of
communication with the compromised systems. This may involve setting up a command-and-
control server or using other methods to communicate with the compromised systems
remotely. The final step in the Cyber Kill Chain is exfiltration, in which the attacker extracts
the data or other assets that were the goal of the attack. This may involve copying sensitive
data to a remote location or using the compromised systems to launch further attacks on other
targets. Lockheed Martin’s Kill Chain has done much to advance the understanding of the
incremental stages of a cyberattack.

However, it makes some assumptions that reduce its effectiveness. One major disadvantage of
the Cyber Kill Chain is that it assumes that the origin of an attack is external to the network.
Also, the kill chain methodology aims to reinforce traditional defense methods. Other
cyberattack frameworks arose, in part, because of limitations in the Cyber Kill Chain. In 2013,
the MITRE Corporation published the adversarial tactics, techniques, and common knowledge
or MITRE ATT&CK guideline. The guideline classified and described cyberattacks and
intrusions. So, like the Cyber Kill Chain, it will help you to understand the attacker’s
methodology, but MITRE is more than that.

It is a constantly evolving resource that provides a common language and approach for
understanding and mitigating cyberattacks. The matrix is organized into a series of
"techniques" that describe specific tactics and methods used by attackers to compromise
systems and steal or manipulate information. These techniques are grouped into categories
based on the type of attack or activity being performed, such as "Initial Access", "Execution",
and "Defense Evasion”. One of the key benefits of the MITRE ATT&CK matrix is that it
provides a common language and framework for discussing and analyzing cyber threats. This
allows organizations to communicate and coordinate their efforts to prevent and respond to
attacks more effectively.

The matrix also helps organizations to identify and prioritize the most critical threats and
vulnerabilities by mapping them to the appropriate techniques and categories. The matrix is
also a valuable resource for security professionals because it provides a comprehensive
overview of the tactics, techniques, and procedures (TTPs) used by attackers. This allows
security teams to better understand the methods and motivations of attackers, and to design
and implement countermeasures to prevent or mitigate attacks more effectively.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

32

Social Engineering Module

All social engineering attacks are designed to benefit the attacker. Most successful social
engineering attacks are detrimental to their victims. Social engineering attacks can result in a
loss of confidential data, blackmail or embezzlement, disruption or damage to a network, the
denial of network services, the alignment of the target’s opinion with the attacker’s as a result
of manipulation, or some combination of all of these outcomes.

There are many different methods—physical and digital—of social engineering attack. Some
examples of those methods include, a bad actor convincing a target to allow them access to a
restricted area, or an email sent to a target convincing them to click a provided link. In both
examples, manipulation is the means used to get the desired action from the targeted
individual.

Social engineering works because people are vulnerable to manipulation. How do you protect
yourself from such attacks? By being educated about and more alert to social engineering
techniques, you will be less likely to fall victim to this type of attack. The lessons in the
Social Engineering module provide an essential understanding of the fundamentals necessary
to achieve your goals. You will be able to: Describe the different methods of social
engineering. You have already seen two examples, but there are many more methods and
techniques used by bad actors to achieve their goals.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

33

Social Engineering Techniques

. According to one source, social engineering remains a leading cause of network breaches.
Social engineering refers to a wide range of attacks that leverage human emotions to
manipulate a target. The attack may incite the target to action or inaction.

Ultimately, social engineering aims to steer the target in a direction prescribed by the
orchestrator and often to the detriment of the target. Examples of social engineering goals
include disclosing confidential information, transferring money, and influencing a person or
persons to think in a certain way. Two important characteristics of social engineering are: l
One, the aim is to achieve an outcome desirable to the orchestrator, and l Two, the method is
emotional manipulation. To spot a social engineering attack, look for the following signs: l An
emotional plea that leverages fear, curiosity, excitement, anger, sadness, or guilt l A sense of
urgency around the request, and l An attempt to establish trust with the recipient Take caution
when you receive a message that has any of these attributes.

Don’t allow a bad actor to pull your strings. The bad actor has devised a play and he intends
you to play the tragic role. Don’t do it! Click the icon for more information. Perhaps the most
famous social engineering bad actor is Frank Abagnale. His criminal life was depicted in the
movie Catch Me If You Can and in an autobiography by the same name.

The book and movie reveal how Abagnale successfully impersonated a doctor, lawyer, and
airplane pilot to gain people’s trust and take advantage of them. In 2011, an attacker
compromised the network of a well-respected security company by sending phishing emails to
groups of employees, using a method known as spear phishing. The emails had an Excel
spreadsheet attached. The spreadsheet had malicious code embedded in it, which exploited a
vulnerability in Adobe Flash to install a backdoor into the host computer.

Unfortunately, at least one employee opened the attachment. It only takes one. As you can see
from these two examples, there are many methods or attack vectors that a bad actor can use to
execute a social engineering attack. A social engineering bad actor can speak to the human
target directly, like Frank Abagnale, or communicate through email, or through some other
method.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

34

In this module you will learn the different methods of a social engineering attack. You are
already familiar with the term phishing, and you likely have experience with phishing emails.
Hopefully you were not a victim of one. The two important characteristics of phishing are that
it exploits email as the attack vector and that it targets anyone with an email address. The
attack is indiscriminate, insofar as who receives the email. Phishing is simply malicious spam
that is sent to as many people as possible with the hope that at least one will be taken in.
However, phishing can also have a categorial meaning—it can be used to refer to all electronic
social engineering attacks, such as spear phishing, whaling, smishing, and vishing. There are
many variants of phishing, some of which could be a part of a sophisticated campaign and
may demand research and reconnaissance on the part of the attacker.

Spear phishing and whaling fit into this category. Both spear phishing and whaling can be
described as a social engineering attack that uses email to target a specific individual or group
with the intent of stealing confidential information or profiting in some way. Like phishing,
spear phishing and whaling use email as the attack vector, but with specific targets in mind.
Click the icons to review the different descriptions of phishing types. What, then, is the
difference between spear phishing and whaling? In a spear phishing attack, the bad actor
targets an individual or category of individuals with lower profiles, such as the employees at
that security company. In a whaling attack, the bad actor targets high-ranking individuals
within an organization.

When creating a whaling email, the attacker often does research on their target so that they can
personalize the email in order to gain their target’s trust. The extra work very often pays off
because executives and board members can be just as susceptible to an email attack as those
who work for them. One of the most successful whaling attacks, and indeed one of the most
successful social engineering attacks of all time, was conducted against a Belgian bank. The
CEO of the bank didn’t even know he had been compromised until after a routine internal
audit disclosed that the attackers escaped with over 70 million euros.

The attackers have never been caught or brought to justice. Since the introduction of email as
a ubiquitous means of communication, other methods have become popular, such as instant
messaging, live chat, and SMS or text messaging. These methods can also act as threat vectors
for a social engineering attack in the same way that email is used. A phishing-type attack that
uses these media is known as smishing. Its name is derived from combining SMS with
phishing. In 2020, a group of hackers took control of 130 accounts on a well-known social
media platform, including those belonging to several celebrities. They downloaded users’ data,
accessed direct messaging, and made tweets requesting donations to a Bitcoin wallet. Within
minutes, the bad actors had grossed $110,000 through 320 transactions.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

35

While the method used to take control of these accounts remains unknown, it is speculated that
employees of the media platform were tricked into revealing account credentials, which
allowed access to these accounts.

There are measures that you can take to protect your organization’s assets from internal
threats. First, identify your organization’s critical assets, both logical and physical. These
include networks, systems, confidential data, facilities, and people. Rank and prioritize each
asset and identify the current state of each asset’s protection. By prioritizing the assets, you
can focus on securing the most important assets first. Tools like machine learning (ML)
applications can help analyze the data stream and prioritize the most relevant alerts.

The forensics and analytics tools, such as user and event behavior analytics (UEBA) to help
detect, analyze, and alert the security team to any potential insider threats. User and device
behavior analytics can establish a baseline for normal data access activity, while database
activity monitoring can help identify policy violations. Deploy tools that monitor user activity
as well as aggregate and correlate activity information from multiple sources.

Deception software, such as FortiDeceptor by Fortinet, establishes traps to attract malicious

insiders and tracks their actions to better understand their intentions. The information gathered
by a honeypot solution can be shared with other intelligence to improve detection and to
mitigate attacks and breaches.

Define, document, and disseminate the organization’s security policies. Then, provide training to those
who work for your organization, and follow up with testing to ensure comprehension. This prevents
ambiguity and establishes a foundation for enforcement. They should recognize their responsibility to
comply and respect the organization’s security policies. Increasingly, the internet has become a platform
for bad actors to stage large-scale fraud, scams, or malevolent influence to sway people to a particular
point of view. The methods used to achieve the sordid goals of fraud and scams often involve social
engineering techniques, such as phishing, coupled with malware. In this lesson, you will also learn about
influence campaigns, which is a social media technique to spread ideas and manipulate others.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

36

What is cyber fraud? Cyber fraud is a social engineering technique, malware, or other type of
deception that is used to defraud or take advantage of a person or organization for financial or
personal gain. What are cyber scams? Cyber scams are a type of fraud, but they are generally
classified as petty or not as serious as cyber fraud. This is not to suggest that cyber scams are
trivial, however. According to the FBI, elderly Americans lose more than three billion dollars
annually to various types of scams. Senior citizens are often targeted because they are more
trusting than younger adults and they have a lifetime of savings to prey upon.

This is the strength of influence campaigns. With little cost and effort, the bad actor can
manipulate the opinions of hundreds of thousands of people. The nature of social media allows
the bad actor to operate secretly and without fear of being identified as the source of the
attack. Publicly attacking an adversary is likely to result in undesirable consequences, but
secretly turning public opinion against them is harder to prove and harder to retaliate against.
Consider this scenario. Two restaurant owners are bitter rivals.

Restaurant owner A uses anonymous social media accounts to spread disinformation about
restaurant owner B. Restaurant owner A claims that restaurant owner B refused to hire an
individual based on that individual’s race. Others jump onto social media, demand retribution,
and boycott the restaurant. If restaurant owner B accuses their rival of circulating lies, this
could easily backfire and further provoke the virtue-signaling mob. Regardless of what
restaurant owner B does—remains silent, denies the accusation, or accuses their rival of foul
play—it’s a losing proposition. On the other hand, if someone openly makes a false claim or
accusation, then the victim can take legal recourse, putting the reputation of the accuser at
stake.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

37

Malware Module
What is malware? The term malware is short for malicious software that disrupts, damages, or
gains unauthorized access to a computer. Bad actors design malware to perform various tasks,
such as modifying the behavior of a program, spying on people using the infected
computer,exfiltrating data, encrypting important information and then demanding a ransom, or
denying users access to a system. The purpose of each type of malware depends on the
objectives of bad actors. And, an attack campaign may use multiple types of malware that are
designed to complete specific tasks at each stage of the attack. Understanding the different
types of malware, their characteristics, and their uses, will help you to prepare for cyberattacks
against your computer and network.

The lessons in this module provide an essential understanding of the following fundamentals
necessary to achieve your goals. Categorize and describe the different types of malware in the
threat landscape, such as viruses, worms, and ransomware. One important feature of a virus is
that it is not self-activated; in other words, it requires a user to invoke it. In contrast, a worm
self-activates and does not need a user to invoke it on the targeted computer. Ransomware
denies users access to information, usually by encrypting it. In contrast, spyware reports user
behavior to an external party. Each malware type has different traits and purposes. You will
also be able to: Describe what an attack vector is, and how it is composed of three essential
parts: a mechanism, a pathway, and a vulnerability.

Wherever there’s a pathway to a vulnerability, you can be certain that a bad actor will develop
a mechanism to exploit it. Bad actors attempt to manipulate users using various social
engineering methods, or exploit weaknesses or misconfigurations on devices. Becoming
knowledgeable about how attacks are staged and how malware works will help you to defend
yourself from becoming a victim of a cyberattack.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

38

While malware is malicious software that disrupts, damages, or gains unauthorized access to a
computer system, a computer virus is malware with additional traits. Norton.com defines a
computer virus as “…a type of malicious code or program written to alter the way a computer
operates and that is designed to spread from one computer to another. A virus operates by
inserting or attaching itself to a legitimate program or document that supports macros to
execute its code. In the process, a virus has the potential to cause unexpected or damaging
effects, such as harming the system software by corrupting or destroying data.” Computer
viruses have several defining traits that you should be aware of. First, computer viruses must
be invoked by a user, second, they insert themselves in or attach themselves to legitimate
applications, and third, they are designed to spread the infection to other applications and
computers on the network. Knowing these will help you to distinguish between malware that
is a virus and malware that is not. Many types of viruses possess these traits yet do very
different things. The following is a list of some common virus types: A resident virus
propagates itself by infecting applications as they are opened by a user. A non-resident virus
infects executable files when applications are not running. A multipartite virus uses multiple
methods to infect and spread across computers. It typically remains in the computer’s memory
to infect the hard disk, then spreads and infects more drives by altering the content of
applications. A direct action virus accesses a computer’s main memory and infects all
applications, files, and folders located in the autoexec.bat path or the autostart registry path,
before deleting itself. This virus typically alters the performance of a system and can destroy
all data on the computer’s hard disk and any USB device attached to it. A browser hijacker
manually changes the settings of web browsers, such as replacing the homepage, editing the
new tab page, and changing the default search engine. Technically, it is not a virus because it
cannot infect files, but it can be hugely damaging to computer users, who often will not be
able to restore their homepage or search engine. It can also contain adware that causes
unwanted pop-up windows and ads. Overwrite viruses are extremely dangerous. They can
delete and replace data with their own file content or code. Once files are infected, they cannot
be replaced, and the virus can affect Windows, DOS, Linux, and macOS systems. The only
way this virus can be removed is by deleting all the files it infected. A web scripting virus
attacks web browser security, enabling a hacker to inject malicious code into web pages, or
client-side scripting. Client-side scripting simply means running scripts, such as JavaScript, on
the client device, usually within a browser. This allows cybercriminals to attack major
websites, such as social networking sites, email providers, and any site that enables user input
or reviews. Attackers can use the virus to send spam, commit fraudulent activity, and damage
server files.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

39

NSE-3

Anomaly detection:

In NSE-3 It can be difficult to identify anomalies in your network without a baseline

understanding of how that network should be operating. Network anomaly detection engines
(ADE) allow you to analyze your network so that when breaches occur, you’ll be alerted to
them quickly enough to be able to respond.

Application security:

For many attackers, applications are a defensive vulnerability that can be exploited.
Application security helps establish security parameters for any applications that may be
relevant to your network security.

Data loss prevention (DLP):

Often, the weakest link in network security is the human element. DLP technologies and
policies help protect staff and other users from misusing and possibly compromising sensitive
data or allowing said data out of the network.

Email security:

As with DLP, email security is focused on shoring up human-related security weaknesses. Via
phishing strategies (which are often very complex and convincing), attackers persuade email
recipients to share sensitive information via desktop or mobile device, or inadvertently
download malware into the targeted network. Email security helps identify dangerous emails
and can also be used to block attacks and prevent the sharing of vital data.

ENDPOINT SECURITY:

The business world is becoming increasingly bring your own device (BYOD), to the point
where the distinction between personal and business computer devices is almost nonexistent.
Unfortunately, sometimes personal devices become targets when users rely on them to access
business networks. Endpoint security adds a layer of defense between remote devices and
business networks.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

31

Cryptography and PKI Module

This module will give you a good foundation in cryptography and PKI. Cryptography is the
study of writing or solving codes. This straightforward definition belies the complexity of
cryptography and the challenges of implementing it on a computer network. Public key
infrastructure (PKI) is the name of that implementation. Simply speaking, PKI is an
infrastructure composed of hardware, software, policies, and procedures that facilitates the
management of public digital keys and makes cryptography over a network and the Internet,
possible. If you have ever connected to a secure website using a web browser to bank or to
make a purchase, you have used cryptography.

Cryptography is ubiquitous in the modern landscape of communications and commerce. It is

also simple to use. Yet, the technology, hardware, and software that make network
cryptography possible is anything but simple. Although network cryptography is complex, it
has been made simple to use for you and me. This module explores the world of cryptography,
including the various technologies, concepts, and components that permit its implementation
on a computer network. Like your experience connecting to a secure website, this module
endeavors to make the complexity of cryptography simple.

Cryptographic technology allows you to encrypt data and sign data digitally. Encryption is the
process of converting plaintext to crypto text, in other words making something that was
readable, unreadable. A digital signature also uses cryptography to produce a unique value that
can be tied to a person. In most jurisdictions, a digital signature is legally equivalent to a hand-
written signature. Encryption and using a digital signature satisfy a number of objectives. For
example, encryption ensures that information remains private and confidential. A digital
signature guarantees the integrity and authenticity of the data. It can be used to identify or
authenticate an entity. It can also ensure non-repudiation.

Non-repudiation has legal implications and means that the signee cannot deny having signed
the information. If the information is a legal contract, the signee is bound to the contract
because of their digital signature. By satisfying these four terms—confidentiality, data
integrity, authentication, and non-repudiation—cryptography has facilitated the rise of e-
commerce and secure communications. In this module you will learn about ciphers, digital
keys and certificates, cryptographic algorithms, hashing functions, the digital signature and
encryption processes, and PKI. After you complete this module, you will have a stronger grasp
how these technologies work and you will have keener insight about how they have made
ecommerce and secure communications possible.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

31

Ciphers Lesson
A cipher is a secret or disguised way of writing a code. In the digital world of computers,
cryptographic algorithms are used as ciphers along with digital keys to convert plain text to
ciphertext and back again. This process is known as encryption and decryption. Algorithms
are usually public information and keys are usually secrets, but not always. Secrets must be
safe- guarded. Click on the underlined word for more information. Ciphers have been used
since before the computer age. The simplest type of cipher is the substitution cipher. Julius
Caesar used this method when encrypting messages. During the encryption process, the letters
of a plain text message are replaced by other letters.

Think of the Western 26-letter alphabet. If you shifted the letters by three, the message "hail
Caesar" would become "kdlo fdhvdu", which is the cipher text. In order for the recipient of the
message to decrypt the ciphertext, they would need to know the number of lettershifts and
shift in the opposite direction. Thus, when shifting three letters to the left, a "K" becomes an
"H", a "D" becomes an "A", and so on. The number of letter-shifts is the shared secret or key,
and the method is the cipher algorithm. The transposition cipher is about rearranging letters,
and is more complicated than the substitution cipher.

There can be any number of rows, but in this example there are three. The plain text message
is written in a zigzag form, resembling a rail fence. When enciphering the plain text, the letters
are taken row by row. The message "He had a bad day. What a day Dad had." would be
enciphered to what you see on the screen. The receiver of the ciphertext would have to know
the number of rows. This information is the shared secret or key. Click the button to see an
example with four rows. The next cipher type, named the one-time pad, introduces
randomness to the substitution method. Whereas the substitution cipher uses one shift-letter
value for the entire message, the key pad cipher uses a different value for each letter in the
message.

Imagine the sender has a twenty-six sided die and they roll this die for each letter of the
message. If the message began as "Hi Bob" and the first five rolls were 10, 4, 3, 11, and 18,
then the message would be converted to "RMEZT". This cipher type has a powerful feature.
The randomness of the die ensures that there are no repetitive patterns, and that there is an
equal chance of converting a plain text letter to any one of the twenty-six letters of the
alphabet.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

31

Keys and Cryptographic Algorithms Lesson

What is a digital key? With respect to encryption, keys can be used to encipher the flow of
information between two devices, bulk stationary data, or a small piece of data, such as
another digital key or a hash output value. Depending on the task that the key is performing,
its lifetime could be years or a few seconds. For example, a key used to sign certificates might
be valid for ten or more years, but a key used to encrypt a session between two devices is only
used for of that session. Keys are usually kept private or secret, but they also can be public.
Public keys are often written to digital certificates. Click the underlined term for more
information. Public keys are often 1024 bits, 2048 bits, or larger.

Because of their relatively large size, public keys are often used to encrypt small pieces of
data, like another key or a hash of data. To encrypt large amounts of data would take too long.
Smaller keys, in the 128-bit to 256-bit range, are used to encrypt bulk data. So, the type or size
of the key that is used is determined by the type of cryptographic operation being performed.
If you are encrypting a key to safely transfer it to another entity, then use a larger key. If you
are encrypting a stream of data where performance is critical, use a smaller key. While this
rule of thumb is applied for performance reasons, there are also security issues to consider.
The length of the key impacts its strength, but length is not the only factor to consider when
calculating key strength.

The complexity of the key is also an important factor. Consider a password that is ten
characters long, but all ten characters are digits. A ten-digit password has ten billion possible
permutations. In contrast, an eight-character password that combines digits plus upper and
lower letters has over two hundred and eighteen trillion permutations. Although two characters
less in length, the latter password is much stronger than the former.

Key stretching is a method used to strengthen keys or passwords that are either too short or
predictable. The process involves feeding the key or password into a hashing algorithm to
produce an enhanced key or password. Examples of stretching algorithms are password-based
key derivation function two (PBKDF2) and BCRYPT1. BCRYPT is the default algorithm
used for key stretching in OpenBSD and various Linux distributions. When BCRYPT is used,
a key or password is hashed multiple times before a 128-bit salt is added. Then, the combined
value

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

31

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

41

A symmetric algorithm is a cipher used to encrypt and decrypt data using the same key.
Examples of symmetric algorithms are: With the exception of RC4, which is a stream cipher,
the rest are block ciphers. Click each algorithm type to learn more. The main advantage of
symmetric cryptography is that it can encrypt and decrypt data more quickly than asymmetric
cryptography. This is because symmetric keys are shorter than asymmetric keys, and
symmetric cryptography uses the same key to encrypt and decrypt. Symmetric cryptography
works in a way that is similar to a combination lock. Imagine that Frank, Javier, and Nora all
work at the same facility and all need a key to access a secure room. They work different
shifts, and the employer does not allow the key to leave the building.

The employer secures the key in a lock box with a combination code. Frank, Joe, and Nora all
need the combination code to access the key and to secure the key. However, this similarity to
a combination lock exposes one disadvantage of symmetric cryptography. Because you use
the same key to encrypt the plaintext as you use to decrypt the cyphertext, the key must remain
a secret to protect the data.

An asymmetric algorithm is a cipher used for cryptographic operations using a pair of

mathematically related keys. They can do all, or some, of these operations: A key exchange
operation enables two parties to safely exchange a secret, or key, over a public channel, such
as the internet. Asymmetric algorithms and cryptography are also known as public-key
algorithms and cryptography.

During the encryption process, the sender's crypto application converts the plaintext data to
ciphertext using the recipient's asymmetric public key and an asymmetric cipher. During the
decryption process, the recipient's crypto application converts the ciphertext to plaintext using
their private decryption key and the same asymmetric cipher that the sender used. The main
disadvantage of symmetric encryption is securely delivering the key to the recipient, while the
main disadvantage of asymmetric encryption is its slowness.

When symmetric and asymmetric cryptography are combined, the disadvantages of both are
remedied. Symmetric encryption secures bulk data to ensure good performance, while the
symmetric key—a small piece of data—is encrypted by the recipient's public asymmetric key.
Thus, the question "How do we securely send the key to the receiving party?" is answered. In
a scenario where the processes are combined, Alice sends an encrypted message to Bob. In the
first step of encryption, Alice's crypto application generates a one-time symmetric key and,
together with a symmetric algorithm, encrypts the message.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

41

Secure Network Module

Network security is composed of configurations and rules that are implemented on devices
and systems in the network. These rules ensure the integrity, privacy, and usefulness of the
network, and cover both the hardware and software that make the network run. Security
measures can be applied to individual devices or groups of components with the same level of
vulnerability. In the meantime, network threats are evolving while the attack surface is
growing.

So, keeping it secure is a challenge that requires the knowledge of the concepts, models, and
elements around secure networks. The lessons in this Secure Network module provide an
essential understanding of the following fundamentals necessary to achieve your goals. You
will be able to: l Compare two main secure network models, such as secure perimeter and zero
trust, and identify the benefits of each one. The approach with the secure perimeter model is
simple. Anyone inside the perimeter is trusted, and anyone outside isn't.

With the zero-trust model, every user and device within a network is untrusted by default.
Zero trust doesn't grant explicit and full access to anyone. The Secure Perimeter model
performs a verification at initial access using predefined rules and common policies, unlike the
zero-trust model, which continuously verifies with various fine-grained rules and adaptive
policies. This micro segmentation uses the principle of least privilege access, and minimizes
the attack surface and prevents the chances for lateral movements, unlike the secure perimeter
model. You will be able to: l Identify how different network deployments, such as SD-WAN
and SASE, secure and manage WAN network traffic.

Using SD-WAN creates a logical network over the physical network, where security is
available but not included by default. Secure Access Service Edge (SASE) is cloud- based and
globally distributed through an as-a-service deployment, and security is built in. SASE
connects endpoints to the edge and sends traffic through globally distributed points of
presence, while SDWAN connects branch offices to networks and follows the organization's
configured policies to route traffic.

A secure perimeter is a form of protection that consists of devices or techniques added to the
edge of a managed network. Taking into consideration different LANs, which interconnect to
create a WAN, the trusted zone for a company is the IT managed portion of devices and
applications.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

41

. A remote office device can also be part of a secure perimeter if it connects to the trusted zone
using a secure remote access. Everything inside the managed network is protected, like a
castle surrounded by a moat. Everything outside the secure perimeter is considered untrusted.
Specific devices and applications that create the secure perimeter protect the trusted zone. This
is like guards near the drawbridge of a moat who check and evaluate the traffic.

The secure perimeter has specific authentication and authorization applications that protects
and provides confidentiality while filtering traffic to the trusted zone. The secure perimeter
can filter traffic at different OSI layers. At the data link layer, a secure perimeter device can
perform Media Access Control (MAC) filtering. For example, the IT manager can create an
access control list (ACL), a defined list of devices with known addresses in the trusted
network. Therefore, the secure perimeter allows only corresponding devices with known MAC
addresses to pass through the network.

Click the highlighted icons for more information. At the transport layer, a secure perimeter
device can perform packet filtering. Packet filtering allows or denies packets based on a
configured set of rules. Packet filtering can be stateless, where each packet is checked based
on its IP addresses, source and destination ports, and protocol. In contrast, packet filtering can
also be stateful, where the security device keeps track of the 5-tuple check and the TCP/IP
connection state. Therefore, the return traffic is validated only if it matches corresponding
incoming traffic.

Secure perimeters face some challenges, especially with the emerging trend of remote
working. Along with the introduction of bring your own devices (BYOD), the Internet of
Things (IoT) and the cloud working model, IT departments have a harder time dynamically
updating the security perimeter. It is from these drawbacks that the zero trust principle, which
is built upon the evolution of the secure perimeter, is widely used to ensure greater trust.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

41

Zero Trust Principles Lesson

The concept behind the zero-trust security model is that trust must be explicitly derived from a
mix of identity based and context-based aspects. Zero trust is not a single product or service
that you can buy. Rather, it is a security concept or strategy that has three core principles. One,
never trust a user or device. Always authenticate a user or device to determine their identity,
and verify what resources the user or device is authorized to access. Two, implement least
privilege. This means that users and devices are granted access to only those resources that
they need to complete their jobs or functions.

Three, assume that the network is already breached. Take precautions, such as reducing the
attack surface. Click the underlined terms for more information. Perimeter networks are
closed, self-contained units with firewalls that act like drawbridges. Most endpoints and
servers exist within the network perimeter. Virtual private network (VPN) provide secure
connections for remote users and between local area networks. Users provide credentials,
usually a user name and password, to authenticate to the network. The network assigns roles to
the authenticated users to control access to network resources.

However, if a user's credentials become compromised or if a user's device becomes infected,

then malware can move laterally across the network infecting other devices and perhaps
exfiltrating valuable information. This type of cyberattack is equivalent to the myth of the
Trojan horse. In the myth, a large wooden horse—the Trojan horse—was rolled into the
fortified city of Troy. Unbeknownst to the people of Troy, many Greek soldiers were
concealed inside the Trojan horse. After the Trojan horse was safely inside the fortified city,
the hidden warriors, disembarked and ransacked the city.

Once the Trojan horse was inside the fortified city, there was no way to prevent the attack.
The business transformation is forcing networks to decentralize so that some network
components remain onpremises, some are located in a private cloud, and others in the public
cloud. This transformation, plus the advent of BYOD, the internet of things (IoT), and an
expanding remote workforce, has drastically enlarged the attack surface and provided many
more attack vectors.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

41

There are a number of things you can do to fulfill the "never trust" principle. One is to demand
the identity of users and devices on an ongoing basis. The identification process can be
strengthened using MFA. Restrictions to access the network and resources can also be context
based, meaning that they are based on the time and date of the request, the geographical
location of the device asking for access, and the security posture of the device. There are a
number of tools that you can deploy to implement the "principle of least privilege."

These are deploying a privileged access management (PAM) system, defining the protect
surface, and applying the Kipling method. Click on the different tabs for more information.
One action that you can take in anticipation of an inevitable network breach is to prepare
contingencies for the worst situations. Following this process provides you with the
opportunity to make various plans that can be invoked immediately after a breach. Another
precaution that you can take is to segment the network into smaller sections to restrict the
lateral movement of contagions. Zero trust access (ZTA) is a secure access method that
supports zero trust security. ZTA uses role-based access control. Once a user is identified, they
can be assigned a role that determines what resources they have access to.

Examples of roles are: employee, guest, contractor, and so on. A user can be assigned more
than one role. For example, they could be assigned the employee role and the account manager
role. Endpoint software agents that support the zero trust model can supply the network with
valuable information about the device, such as the operating system, patch level, installed
software on the device, and so on. This information can be used to assess the level of risk the
device might pose to the network. Network access control (NAC) identifies devices on the
network, giving IT security greater visibility and control.

ZTNA is technology that establishes a secure session automatically between the end entity and
the network regardless of location, while ensuring granular control over access to applications,
and enforcing the precept of zero trust. Unlike the previous network methodology that
includes a perimeter network, there is a no trust zone in the zero trust model. Trust must be
proven through MFA and risk is judged through a context-based assessment. Least privilege
access ensures tighter restrictions to access resources by users, devices, and applications. By
doing a thorough review of the assets you need to protect, and by asking what, why, when,
where, and how, you reduce the attack surface and better protect the network. By preparing for
a worst- case scenario, you are better prepared when a breach does occur.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

41

Authentication and Access Control Module

Secure authentication and being confident that you can reliably and correctly identify a user
and device is the first step in enforcing robust access control. Authentication can be split into
two parts. The first is identification. The object reveals its identity. When a person logs in to
the network, they are likely prompted for a username. The system trusts that this is their
identity even without proof. The second part of authentication is verification. The object must
prove that they are who they claim to be. For example, after a person enters their username,
the system might prompt them to enter a password. Authorization based on identity determines
what resources the user can read, modify, or delete. Correctly identifying users and computers
allows security systems to implement access control and authorization methods. There are
many ways to authenticate users and implement access control methods, which you will learn
about in this module. After completing the lessons in this module, you will be able to: l List
different types of authentication methods. l Explain how single sign-on can simplify
authentication and authorization. l Describe the different types of access control methods. l
Explain how to configure users and groups to allow secure access. l Describe the best way to
use access control policies to secure resources. l Use a network access control device to secure
different types of assets.

Authentication Methods
An entity, such as a person, application, or device, can prove its identity to computer systems
in a number of ways. The most common authentication factors are: l Inherence l Possession l
Knowledge, and l Behavior Other factors can affect the authentication process, but do not verify
the identity of an entity. These factors are contextual, meaning that the authentication process
changes depending on the status of the entity that is trying to authenticate. If the
authenticatingentity attempts to log in from an unusual location, then the risk is greater, and
the authenticator may demand a more rigorous authentication process or deny the login
attempt. Another example of a content-based factor is the entity's behavior. If the entity's
behavior is unusual, then the risk is higher and the authenticator may request further proof of
identity. Knowledge- based authentication is the most common method. You authenticate by
divulging something that only you and the authenticator know. An example of this method is
questions and answers, or Q and A. During registration with an authenticator, you provided
answers to several questions, such as: what is your favorite movie or who is your favorite
author.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

42

Other examples are a password or personal identification number (PIN). If you have ever used
a bank machine, you most likely had to provide your bank card and a PIN to authenticate.
Possession-based authentication is authentication using something you have that no one else
has. Logic dictates that if you can prove you possess an item that only you should have, then
you must be who you say you are. The same logic applies to digital signatures. If you sign an
object with a private key that only you have access to, then it must be you who is attempting to
authenticate. Another example is machine or device-based authentication, which is usually
coupled with another authentication method, such as a password or PIN. By registering your
device with an authenticator, and because only you use this device, the authenticator has a
higher level of trust in your identity.

Other forms of possession-based authentication include hardware or software tokens and SMS
messaging. These methods use a one-time password (OTP). A hardware token is a dedicated
device that generates an OTP using a secret key and algorithm. Because the authenticator
shares the same secret key and uses the same algorithm as the token, it generates the same
one-time code. The codes change either each time the user presses the button on the token or
after a predefined time interval. These tokens are known as event-based and time based tokens
respectively.

A software token works in a similar way, but it is software installed on a device, such as a
mobile phone. Two leading algorithms used by OTP are HMAC-based one-time password
(HOTP) and time-based one-time password (TOTP). The TOTP method combines the current
time with a secret key and uses this combination as the input value for a hash function. The
software token uses the hash output value to generate the OTP. Last, the authenticator can
send a one-time code using SMS messaging to a person's mobile device. You might say that
this is something you get rather than something you have. These examples show that a person
can authenticate using a supported device that is known to the authenticator. Inherence-based
authentication uses a unique physical trait that the person authenticating possesses.

A person has many physical traits that are unique, but some common ones used for
authentication are fingerprints, retinas, irises, facial patterns, and hand measurements. The two
most common types of biometric data found in ePassports and used to authenticate passport
holders are fingerprints and retinas. DNA can also be a definitive identification method, but
inherence- base authentication does not typically use it to authenticate a person on a computer
system. All of these types are examples of static or passive biometric authentication.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

42

Single-Sign On
Implementing a network authentication schema is like working a balance sheet. You need to
strike a balance between the two opposite sides of the ledger—security and productivity.
Elevating security at the cost of productivity can frustrate end users, entice them to take
shortcuts, and reduce their effectiveness. Favoring productivity at the expense of security
could make your network vulnerable to bad actors. Single sign-on, or SSO, strikes the right
balance between these two sides of the ledger. True SSO is an authentication process whereby
a user authenticates once and can access multiple resources across many systems and possibly
domains. In other words, instead of having to authenticate on each system before accessing the
resources on those systems, one authentication suffices.

This is achieved when the system, from which the user has already authenticated, passes an
authentication token seamlessly to other applications or sites. An authentication token could
be a cookie, but only if the sites share a common parent domain. As you will learn, there are
other types of authentication tokens that allow you to traverse domains. Similar to SSO is
same sign-on. In same sign-on, an entity uses their credentials housed in a directory server to
access applications. Typically, lightweight directory access protocol (LDAP)-compliant
directory servers are used for these purposes. Although the entity uses the same credentials
stored in the LDAP directory, they still would have to authenticate to each application.

Implementing SSO is common in enterprises where a user accesses multiple resources across
the network. But SSO is also prevalent in the cloud traversing multiple domains and separate
autonomous networks. If you have ever registered on a site, such as Spotify, you may have
been given the option of leveraging existing user credentials on a different site. In the example
of Spotify, the choices are Facebook, Apple, and Google. Thus, if you already have credentials
on any one of these sites, you could use those to authenticate on Spotify. This arrangement is
only possible because of trust existing between Spotify and the other three businesses. In this
example, Antonio has credentials on the Google site. It is providing the identity of the user for
authentication purposes.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

42

This type of arrangement between IdPs and SPs is common on the internet today. The
popularity of SSO arose because it removes the necessity of having to remember credentials
for each of the dozens of sites you visit. Not only is it convenient for the end user, but it
reduces credential redundancy for organizations and the administrative overhead of protecting
and maintaining databases of credentials. Particularly within organizations, SSO makes
compliance and reporting easier for MIS through a centralized database. A principal
disadvantage of SSO is that if credentials became compromised then the bad actor potentially
has access to all of the user's resources. However, single sign-on is not restricted to single-
factor authentication. You can implement MFA to strengthen authentication while leveraging
SSO to enhance productivity and ease-of-use. First, the user connects to the SP, which could
be a website or application. Second, the SP redirects the user to the IdP login page.

Third, the user provides their credentials and authenticates on the IdP. Fourth, the IdP
generates an authentication token. The token is a package of information providing facts about
the user's authentication plus other optional content. The user is sent back to the original site,
and the embedded token acts as proof that they have been authenticated. SSO is a concept that
requires a protocol for it to be implemented. There are numerous SSO protocols, such as
OAuth and Security Assertion Markup Language (SAML). Each of the protocols handles the
details of the SSO process slightly differently while remaining true to the SSO concept.
SAML version 2 is an open standard for exchanging authentication and authorization data
between parties, in particular between the IdP and SP. SAML is based on the Extensible
Markup Language (XML). SAML inserts statements within the XML-based messages. The
statements are called security assertions, and there are several types.

An authentication assertion indicates how the entity authenticated and includes the date and
time of authentication. For example, the assertion might identify that Omar authenticated
using his email address and password. An attribute assertion provides additional information
about the entity. For example, it might state that Omar is a gold card member. And
authorization assertions identify what the entity is entitled to do. Many of these assertions are
optional and leave room for different implementations. For example, the IdP may be restricted
to authentication only, leaving the SP to determine the entity's entitlements.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

42

Authentication Framework, Protocols, and Tools Lesson

An authentication framework is the basic schema or plan for how entities will prove their
identities within a system. It includes the methods, forms, protocols, and other tools used to
authenticate persons, devices, and applications on a network. This lesson will discuss some of
the common means of assembling these elements to construct a workable authentication
framework. Click each segment of the authentication framework for more information. There
are several protocols commonly used for clients authenticating on networks.

The next several slides explain these authentication protocols. Remote authentication dial-in
user service (RADIUS) is a client-server authentication, authorization, and accounting (AAA)
protocol and software that enables remote access servers to communicate with a central server
to authenticate dial-in users and authorize their access to the requested system or service. The
important word here is central, because it means that most or all of a network's remote
authentication requirements can be met with one server as opposed to having to maintain
multiple credentials across numerous servers.

This simplifies administration for both the administrator and the end user. RADIUS can also
enable the 802.1x framework, which uniquely encrypts user sessions.

Data packets are used to exchange data between computing devices in a packet-switched
network. They are formatted units of data consisting of control information and user data, also
known as a payload. The following is the exchange of packets between the RADIUS client
and the RADIUS server. The packets between the user, or supplicant, and the RADIUS client
are not shown in this simplified diagram. During RADIUS authentication, the user submits a
request to access a server or network along with their credentials. The RADIUS client, which
could be a firewall such as FortiGate, forwards the access-request packet to the RADIUS
authentication server.

The RADIUS server replies with one of three possible packets. One possibility is that the
server returns an access-reject packet because the credentials were incorrect. The second
possibility is that the server replies with an access-accept packet. And the last possibility is
that the server sends to the RADIUS client an access-challenge packet. This last option occurs
only if two-factor authentication has been configured, and it would prompt the user for their
second credentials. As a part of an authentication framework your organization needs a place
to store credentials. If you use a RADIUS server, then you have several options. User
credentials can be stored in the RADIUS server's database.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

42

Or your organization may have user information already populated in another server, in which
case it may make more sense to leverage this existing source of credentials. Depending on the
vendor, RADIUS servers typically support several authentication protocols and server types,
such as structured query language (SQL) and lightweight directory access protocol (LDAP). It
is not uncommon for a RADIUS server to leverage an LDAP-compliant directory, such as
Microsoft Active Directory (AD), for authentication and authorization purposes. LDAP is an
open, vendor-neutral, industry-standard application protocol for accessing directory services
over an IP network. It is an industry-standard communication protocol for directory servers.

Last, TACACS+ is a remote AAA protocol that allows a remote access server to communicate
with an authentication server in order to validate user access. In this sense, TACACS+ is
similar to RADIUS. However, there are differences. TACACS+ encrypts all AAA protocols
while RADIUS encrypts passwords only. Also, TACACS+ relies on TCP as a network
transport protocol, while RADIUS uses UDP. Authentication methods define the manner in
which authentication takes place. They could also be described as protocols that set the rules
for interaction and verification, which endpoints or systems use to communicate.

The password authentication protocol (PAP) is used to authenticate PPP sessions. The point-
to-point protocol (PPP) refers to a suite of computer communication protocols that provide a
standard way to transport multiprotocol data over point-to-point links. PPP provides services
at Layer 2—the data link layer of the OSI model—that establishes a foundation upon which
network layer protocols can operate. PAP uses a two-way handshake process to authenticate a
client using these steps: One, the client sends the username and password to the server. It does
this through an authentication-request packet.

Two, the server verifies the username and password. If the credentials are correct, then the
server sends an authentication-ack response packet to the client and a PPP session is
established between the client and the server. While the information can pass through an
encrypted tunnel to enhance security, the static username and password information is subject
to numerous attacks through password guessing and snooping. The challenge handshake
authentication protocol (CHAP) is also used to authenticate PPP sessions but uses a three-way
handshake. It creates a unique challenge phrase for each authentication session by generating a
random string. The random string is combined with a hash result of the device hostnames.
This ensures dynamic authentication information for each session and avoids static
information.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

52

CHALLENGES AND PROBLEM SOLVING

Throughout the virtual internship within Fortinet's Network Security Associate (NSE)
program, I encountered several challenges and issues related to network security
configurations, incident responses, and various technical aspects. Here, I describe some of the
challenges I faced and how I addressed them:

Challenge 1: Complex Firewall Rule Configuration

Issue::Configuring complex firewall rules to allow specific traffic while blocking
unauthorized access can be challenging, especially when dealing with multiple interfaces and
complex network topologies.

Solution:To address this challenge, I broke down the firewall rule configuration into
smaller, more manageable tasks. I carefully reviewed the network architecture and security
policies, seeking guidance from mentors when needed. I also tested the rules incrementally to
ensure they functioned as intended.

Challenge 2: Intrusion Detection False Positives

Issue:The intrusion detection system (IPS) occasionally generated false positive alerts,
flagging legitimate traffic as suspicious.

Solution:To mitigate false positives, I fine-tuned the IPS policies by refining signature rules
and adjusting sensitivity levels. I worked closely with mentors to identify and disable overly
aggressive signatures, ensuring that the IPS provided accurate threat detection while
minimizing false alarms.

Challenge 3: Security Incident Response

Issue:Responding to security incidents, such as malware infections, required a rapid and

effective approach to minimize damage and prevent further compromise.

Solution:I developed an incident response plan that included immediate isolation of affected
devices, identification of the malware's source, and a thorough analysis of the incident's scope.
Regular backups and recovery plans were also in place. Clear communication with team
members and supervisors was crucial to ensure coordinated and effective incident response.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

52

Challenge 5: Log Analysis and Incident Investigation

Issue:Analyzing a large volume of log data to identify security incidents and threats required
effective log management and analysis.

Solution:I addressed this challenge by utilizing FortiAnalyzer, which provided centralized log
management and analysis capabilities. By creating custom log views and filters, I could focus
on specific log entries related to security incidents. This streamlined the investigation process
and improved incident detection and response.

Challenge 6: Communication and Collaboration

Issue: Effective communication and collaboration with team members and mentors were vital,
but challenges such as time zone differences and varying expertise levels could impact the
quality of collaboration.

Solution:To overcome these challenges, I proactively scheduled regular meetings and

maintained clear and concise communication. I also documented my progress and findings to
ensure that team members and mentors could access the information they needed to provide
guidance and support

These challenges served as valuable learning opportunities and allowed me to develop

problem-solving skills critical to the field of network security. In each case, a systematic and
well-structured approach, along with guidance from mentors and colleagues, proved
instrumental in overcoming obstacles and achieving successful outcomes. The experience
reinforced the importance of adaptability and continuous learning in the ever-evolving field
of network security.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

52

LEARNING AND INSIGHTS

The virtual internship within Fortinet's Network Security Associate (NSE) program was a
transformative experience that provided a wealth of valuable lessons and insights. It
significantly enhanced my understanding of network security and cybersecurity as a whole.
Here are some of the key learnings and insights gained during the internship.

Holistic Security Approach:I learned the importance of adopting a holistic approach to

network security. Fortinet's Security Fabric concept illustrated how different security
components work together to create a unified and coordinated defense. This approach
emphasized the interconnected nature of security solutions and how they should complement
each other.

Real-World Application:The internship allowed me to apply the theoretical knowledge

gained from the NSE program to real-world scenarios. It was a pivotal experience that bridged
the gap between theory and practice, reinforcing the practical aspects of network security.

Adaptability: The ever-evolving threat landscape necessitates continuous adaptation and

learning. I gained an appreciation for the dynamic nature of network security and the
importance of staying up-to-date with emerging threats and security solutions.

Problem-Solving Skills: Facing security challenges and incidents provided a platform to

develop strong problem-solving skills. These challenges demanded creative thinking and
quick responses to mitigate security risks effectively.

Effective Documentation:Documentation proved to be an essential aspect of maintaining

and sharing knowledge. I learned how to create clear and comprehensive documentation of
configurations, incident responses, and best practices. This documentation served as a valuable
resource for reference and knowledge sharing.

Incident Response:The internship honed my incident response capabilities. I learned that

a well-structured incident response plan, rapid isolation of affected devices, and meticulous
investigation are vital in minimizing the impact of security incidents.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

52

INTERNSHIP OBJECTIVES
The virtual internship within Fortinet's Network Security Associate (NSE) program was
undertaken with clear and specific objectives in mind. These objectives were designed to
guide and measure the success of the internship experience. The overarching goals and
learning outcomes included:

Hands-On Experience with Fortinet Products : Gain practical, hands-on experience with a
variety of Fortinet products, with a specific focus on FortiGate firewalls, FortiManager, and
other relevant security solutions. This experience was aimed at developing proficiency in
configuring, managing, and troubleshooting these products.

Technical Skill Development: Enhance technical skills in network security and Fortinet
product usage. This included learning how to configure security policies, security profiles,
VPNs, and other essential security features. Develop expertise in the use of Fortinet tools to
protect networks effectively.

Real-World Application of Network Security Concepts:Apply theoretical knowledge

acquired through the NSE program to real-world scenarios. This included understanding how
security policies and protocols are implemented and adapted to address security challenges in
practical environments.

Problem-Solving and Troubleshooting: Hone problem-solving and troubleshooting skills by

encountering and addressing real security challenges. Learn to identify and mitigate security
threats, respond to incidents, and maintain network integrity.

Deep Understanding of Fortinet's Security Fabric: Develop a profound understanding of

Fortinet's Security Fabric concept, including how different Fortinet products and services
integrate to provide comprehensive network protection. Gain insights into the benefits and
practical applications of a holistic security framework.

Security Best Practices: Learn and implement security best practices, including proper
configuration, compliance, and adherence to industry standards. Understand how to create and
enforce security policies that align with an organization's security goals.

Practical Insight into Threat Landscape: Gain practical insights into the current threat
landscape by actively monitoring, analyzing, and responding to security events and incidents.
Develop a sense of threat intelligence and proactive threat mitigation.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

52

IMPACT ON CAREER GOALS

The virtual internship within Fortinet's Network Security Associate (NSE) program has had a
profound influence on my career aspirations and goals in the field of network security. It
provided insights and experiences that have significantly shaped my career trajectory. Here's
how the internship impacted my career goals:

Clarity of Direction:The internship provided a real-world view of the network security field.
It solidified my interest in pursuing a career dedicated to network security. The hands-on
experiences and practical knowledge gained during the internship clarified my career
direction.

Enhanced Skill Set:The technical skills acquired during the internship, such as firewall
configuration, VPN setup, and security policy management, have expanded my skill set
significantly. These skills are directly applicable to positions in network security and
cybersecurity.

Practical Application:The internship reinforced the practical application of network security

concepts learned in the NSE program. This experience showcased how theory translates into
real solutions and strategies, making the knowledge gained more tangible.

Problem-Solving Aptitude: Dealing with security incidents and challenges during the
internship honed my problem-solving skills. It instilled in me the ability to approach complex
issues methodically and find effective solutions.

Cybersecurity Awareness: The internship heightened my awareness of the dynamic and

evolving threat landscape. Understanding the tactics and strategies employed by cybercriminals
is essential for any career in cybersecurity.

Desire for Continuous Learning: The ever-changing nature of network security underscored
the importance of continuous learning and adaptability. I am now more committed to staying
up-to-date with emerging threats and security solutions throughout my career.

Networking Opportunities: The internship provided opportunities to collaborate with

professionals in the network security field. Building a network of mentors and colleagues is
essential for career growth, and the internship contributed to expanding my professional
network.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

53

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

53

CONCLUSION
The virtual internship within Fortinet's Network Security Associate (NSE) program
has been an enriching and transformative experience. This internship, nestled within
the broader NSE program, provided a valuable opportunity to bridge the gap
between theoretical knowledge and practical application of network security
concepts. The significance of this internship can be summarized as follows:

Practical Skill Development: The internship allowed for the acquisition of hands-
on experience in configuring, managing, and troubleshooting Fortinet's network
security solutions, including FortiGate firewalls and security profiles. This practical
skill development was a cornerstone of the internship.

Real-World Application: The internship emphasized the real-world application of

network security principles, enabling the translation of theoretical knowledge into
tangible security solutions. It reinforced the importance of applying best practices in
security configurations.

Problem-Solving and Incident Response: Dealing with security challenges and

incidents sharpened problem-solving skills and instilled a proactive approach to
incident response. It showcased the dynamic and evolving nature of the threat
landscape.4. *Networking and Collaboration:* The internship provided
opportunities for collaboration with experienced professionals in the field of
network security. Building a network of mentors and colleagues is essential for
future career growth.

Enhanced Skill Set: The technical skills gained during the internship, from firewall
configuration to VPN setup, have significantly expanded the skill set, making me
more employable in the field of network security.

Clear Career Direction: The experience clarified my career direction, solidifying

my commitment to a career in network security and cybersecurity. It has provided a
strong foundation for future career growth.

Downloaded by Hemanth Darling ([email protected])

 lOMoARcPSD|48290280

53

Downloaded by Hemanth Darling ([email protected])