R.M.K.

COLLEGE OF ENGINEERING
AND TECHNOLOGY
R.S.M. NAGAR, PUDUVOYAL - 601206
(AN AUTONOMOUS INSTITUTION)

Department of Computer Science and Engineering (Cyber Security)

Internship report
A report submitted in partial fulfilment of the requirements for the Award of Degree of

Bachelor of Engineering

In

Computer Science and Engineering (Cyber Security)

By

KALAIYARASAN G 111622108063
COURSE: INTERNSHIP

COURSE CODE: 22CS512

OCTOBER 2024

1
 R.M.K. COLLEGE OF ENGINEERING AND
TECHNOLOGY
R.S.M. NAGAR, PUDUVOYAL - 601206
(AN AUTONOMOUS INSTITUTION)

Department of Computer Science and Engineering (Cyber Security)

BONAFIDE CERTIFICATE

This is to certify that the internship report submitted by KALAIYARASAN G (111622108063) is a

bonafide record of the internship undertaken by him/her in CYBER SECURITY, from 20/06/2024
to 05/07/2024. This internship has been completed in partial fulfillment of the requirements for the
award of the degree of Bachelor of Engineering in Computer Science and Engineering (Cyber
Security) at R.M.K. College of Engineering and Technology during the academic year 2024-2025.

Mentor Internship Coordinator Head of the

Department
ii
iii

Acknowledgement
First I would like to thank Thiru.R.S.Munirathinam, our beloved Chairman
and Thiru.R.M.Kishore, our Vice Chairman, Dr.N.Suresh Kumar Principal,
Dr. K. Sivaram, Dean Academics and Dr. K. Ramar Dean Research for the
facilities provided to accomplish this internship.

I would like to thank my Head of the Department Dr.S.M Udhaya

Sankar for his constructive criticism throughout my internship.

I would like to thank Dr.Dharini N Year coordinator and Internship

coordinator and Mr. Senthil Kumar Mentor, Department of Computer Science and
Engineering(Cyber Security) for their support and advices to get and complete
internship in the mentioned organization .

I am immensely grateful to KAASHIV INFOTECH for providing me with the

invaluable opportunity to complete my internship within the organization.

I would like to extend my heartfelt thanks to VENKATESAN PRABU J,

Executive Director, and all the team members at KAASHIV INFOTECH for their
patience, support, and the collaborative environment they fostered. Your openness
and encouragement created a truly enjoyable and enriching experience.

It is with great pleasure and deep gratitude that I acknowledge the help and
guidance of everyone who contributed to my journey at KAASHIV INFOTECH.

KALAIYARASAN G

(111622108063)
iv

R.M.K. COLLEGE OF ENGINEERING AND

TECHNOLOGY
(An Autonomous Institution)
RSM Nagar, Puduvoyal– 601206, Gummidipoondi (T.K), Thiruvallur (D.T), Tamil Nadu
Approved by AICTE, New Delhi/ Affiliated to Anna University, Chennai
Accredited by NBA (All Eligible Courses) / NAAC with “A” GRADE
An ISO 21001:2018 Certified Institution

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

(CYBER SECURITY)

Vision
To excel and take the lead in Cyber Security education, profession and research globally with a
commitment to effectively address societal needs
Mission

✤ To collaborate with innovators to provide real-world, standards - based cybersecurity

capabilities that address business needs.
✤ To prepare the professionals in both academic and industrial settings capable of solving real
world cybersecurity threats.

✤ To inculcate the students in designing and developing various projects in different areas of
cybersecurity, by providing a distinguished and high-quality education.

Program Educational Objectives

Graduates of Computer Science and Engineering Program (Cyber Security) will be able to:
PEO 1 : Acquire the knowledge, skills and the attitude necessary for the analysis of Cyber
Security.

PEO 2 : Apply the cutting-edge latest technology within a professional, legal and ethical frame
work and will operate effectively in a multidisciplinary stream.
PEO 3 : Practice continued, self-learning to keep their knowledge and skills up to date and
remain abreast of the latest developments in Cyber Security.

Program Specific Outcomes

Graduates of Computer Science and Engineering (Cyber Security) Program will be able :
PSO 1 : To understand, analyze, design, and develop computing solutions by applying
algorithms, web design, database management, networking & cyber security.
 PSO 2 : To develop cyber security skills including network defense, ethical hacking, penetration
testing, application security and cryptography to provide real time solutions.

PSO 3 : To apply standard tools, practices and strategies in cyber security for successful career
and entrepreneurship.

v
 TABLE OF CONTENTS

DESCRIPTION
Table of content vi
List of Figures vii
List of Table viii
List of Abbreviations ix

PAGE NO.
Chapter COMPANY PROFILE
1:
1.1 About the company 11
1.2 Organization structure 11
1.3 Services offered by the Company 12
1.4 Working process of the company 12
1.5 My Internship Department /Section 13

Chapter INTERNSHIP DETAILS

2:
2.1 Overview of the work 13
2.2 Week 1 (Date: 02/06/2024 to 08/06/2024) 14
2.3 Week 2 (Date: 09/06/2024 to 15/06/2024) 18
2.4 Week 3: Denial of Service (DoS) Attack (Days 11–15) 21

Chapter MODULE DEVELOPED

3:
3.1 Details 24
3.2 Cybersecurity Awareness and Practices Module 24
3.3 Outcomes 27

Chapter CONCLUSION
4:
4.1 Summary of Learning and Skills Acquired 27
4.2 Reflection on Personal Growth 28
4.3 Value of the Internship Experience 29
 4.4 Future Goals and Applications 29

vi
 LIST OF FIGURES
TITLE PAGE
igure No.
NUMBER

igure 1 Circuit Switching 15

igure 2 Packet Switching 16
igure 3 Phishing Attack Execution 19
igure 4 Preparation and Environment Setup 22
igure 5 How the DoS Attack Works and Execution 23

vii
 LIST OF TABLES

Table No. TITLE PAGE

NUMBE
R

Table 1 differences between Circuit Switching and Packet 17

Switching.

Table 2 Types of Hackers 26

viii
 LIST OF ABBREVIATIONS
Abbreviati Full Form
n
PN Virtual Private Network
QL Structured Query Language
TTPS HyperText Transfer Protocol Secure
DS Intrusion Detection System
PS Intrusion Prevention System
SH Secure Shell
NS Domain Name System
HCP Dynamic Host Configuration Protocol
MAC Media Access Control

ix
x
CHAPTER 1
1.1 ABOUT THE COMPANY

Kaashiv InfoTech is redefining its philosophy and business values while maintaining
a strong belief in the synergy between people and technology, driven by a passionate
team. The company combines best practices and expertise from industry leaders to
provide specialized Knowledge Services across various sectors, enabling clients to
enhance their in-house competencies. Kaashiv InfoTech prioritizes building strategic
partnerships over merely providing solutions, focusing on quality and processes. This
approach has established a loyal client base, reinforcing the company's commitment
to delivering innovative solutions that yield real business benefits, encapsulating the
idea of "Knowledge Meets Business."

1.2 ORGANIZATION STRUCTURE

Kaashiv Infotech is structured with multiple tiers to support its operational and
administrative functions efficiently. Key divisions include:

 Internship Program Coordination: Focuses on designing and managing

internship programs, ensuring they align with industry expectations and
offer valuable experiential learning.
 Mentorship and Support Division: Establishes mentorship connections
between interns and seasoned professionals, providing guidance and
support throughout the internship.
 Skills Enhancement and Training Division: Conducts workshops and
training aimed at both technical and soft skill improvement, helping
interns build essential competencies.
 IT and Infrastructure Operations: Manages the organization’s
technological infrastructure, ensuring a secure and effective environment
for smooth operations.

The IT and Infrastructure Operations division is vital to maintaining

technological systems that support internship activities and facilitate
organization-wide communication.

11
1.3 SERVICES OFFERED BY THE COMPANY

Kaashiv Infotech offers various services tailored to engineering students and

professionals, including:
 Diverse Internship Programs: The core offering includes a range of
internships that provide hands-on exposure in engineering disciplines,
improving interns' practical abilities and employability.
 Mentorship and Career Guidance: Interns benefit from dedicated
mentorship by industry experts, deepening their field knowledge and
aiding their career development.
 Skill Development Sessions: Workshops cover essential technical skills,
like coding and cybersecurity, as well as soft skills, such as effective
communication and teamwork, ensuring comprehensive development.
 Professional Networking Opportunities: Interns access a broad
professional network through events, seminars, and partnerships, helping
them establish valuable industry connections.

1.4 WORKING PROCESS OF THE COMPANY

Kaashiv Infotech’s workflow promotes efficiency and provides a streamlined

experience for interns. Key stages include:

1. Program Creation: Internship programs are designed based on current

industry demands and trends to ensure relevancy and impact.
2. Intern Selection: A selective recruitment process identifies motivated
candidates who will benefit most from the programs.
3. Orientation and Integration: New interns participate in an onboarding
process introducing them to the organization, its culture, and available
resources.
4. Project Engagement: Interns work on real-world projects, applying
academic knowledge practically while receiving ongoing mentor support.
5. Progress Feedback: Regular reviews and feedback sessions monitor
interns' growth, offering pathways for improvement and skill refinement.

12
1.5 MY INTERNSHIP DEPARTMENT / SECTION

During my internship at Kaashiv Infotech, I was placed in the Cybersecurity

Division, where I gained comprehensive experience across several critical areas,
including both defensive and offensive security. My responsibilities and learning
included:

 Network Security and Threat Detection: I assisted in implementing security

measures to safeguard the organization’s network, which included configuring
firewalls, monitoring network traffic, and identifying potential vulnerabilities.
 System Administration and Hardening: In this role, I managed the
installation and configuration of essential security tools and worked on system
hardening techniques to minimize exposure to threats.
 Data Protection and Recovery: I supported data protection initiatives,
including regular backups and data recovery strategies, to ensure the integrity
of sensitive information in case of attacks.
 Offensive Security and Attack Simulations: I participated in simulated
attacks, such as penetration tests, to identify and exploit potential
vulnerabilities within the organization’s infrastructure. These simulations
helped in understanding system weaknesses from an attacker’s perspective.
 Social Engineering and Phishing Exercises: I was involved in creating and
conducting controlled social engineering attacks, including phishing
simulations, to test employee awareness and response to common
cybersecurity threats.
 Collaborative Security Projects: Working alongside experienced
professionals on team projects allowed me to contribute to various stages of
security operations and leverage offensive techniques to bolster defensive
strategies.

Through this internship, I developed hands-on skills in both defensive and offensive
security, enhancing my capabilities in network protection, threat detection, and
vulnerability exploitation. This experience has greatly expanded my technical skill set
and prepared me for future challenges in cybersecurity.

13
CHAPTER 2
2.1 Overview of the Work

The internship at Kaashiv InfoTech provided a comprehensive and immersive

experience over Two weeks, primarily focused on cybersecurity and IT infrastructure.
Throughout this period, I worked on various cybersecurity principles, network
security practices, offensive security techniques, and system administration tasks. The
internship was systematically organized, with each week dedicated to a specific area
of cybersecurity and IT, allowing me to gain hands-on skills and practical knowledge
across multiple domains. Below is a week-by-week breakdown of my experience,
outlining the competencies and insights gained during my internship

2.2 Week 1 Networking Basics (Days 1–5)

Day 1: Introduction to Computer Networks

 Computer Network: Started with the concept of computer networks as

systems that connect multiple computers (hosts) to enable communication and
resource sharing.
 Primary Objectives:
o Improved Connectivity: Learned how networks make it easier for users
to access shared resources.
o Enhanced Communication: Studied how networks allow data
exchange between hosts, facilitating collaboration.
o Resource Sharing: Explored how devices like printers, files, and
internet connections can be shared over a network.
o Social/Professional Interaction: Discussed how networks enable social
and professional interactions, particularly through digital platforms.

Key Takeaway: Understanding the fundamental purpose and objectives of computer

networks provides a foundation for exploring more complex networking topics.

Day 2: Types of Computer Networks

 Local Area Network (LAN):

o Scope: Covers a small geographic area, such as a room, building, or
campus.

14
 o Applications: Ideal for organizations, schools, or universities that need
high-speed connectivity within close proximity.
o Advantages: LANs offer high-speed data transfer, making them
effective for local resource sharing.
 Wide Area Network (WAN):
o Scope: Connects geographically dispersed locations, spanning cities,
countries, or even continents.
o Applications: Used by organizations with multiple office locations
needing connectivity over long distances.
o Advantages & Drawbacks: WANs support extensive communication
but often come with higher latency and increased costs.

Key Takeaway: LAN and WAN each serve distinct networking needs; LANs are
high-speed for local use, while WANs offer extensive reach with some trade-offs.

Day 3: Data Communication Methods

 Circuit Switching:

Figure 1

o Mechanism: Establishes a dedicated communication path between two

stations before data transfer begins.
o Characteristics: Each physical link has a dedicated channel for that
specific connection.
o Steps in Circuit Switching:
1. Connection Establishment: Setting up the path before any data is
transferred.
2. Data Transfer: Data flows at high speed across the established
path.
3. Connection Termination: Disconnects after data transfer, freeing
up network resources.
o Drawbacks:

15
  Dedicated Channel Capacity: Inefficient for bursty data traffic,
as the channel remains allocated even when no data is transmitted.
 Initial Delay: Takes time to establish the initial connection path.

 Packet Switching:

Figure 2

o Mechanism: Divides data into packets, allowing resources to be shared

across multiple connections.
o Store-and-Forward: Each node receives, stores, and forwards packets
based on routing tables.
o Advantages:

 Efficient Link Utilization: Shared links mean high utilization,

especially with bursty traffic.
 Ideal for Computer-Generated Traffic: Suited for traffic that
occurs in bursts.
16
  Support for Prioritization: Packets can be assigned different
priorities to ensure critical data is transmitted first.

Key Takeaway: Circuit switching is ideal for continuous data flows, whereas packet
switching offers flexibility and efficiency for intermittent data.

Day 4: Packet Transmission Techniques

 Virtual Circuit Approach:

o Similarities to Circuit Switching: Establishes a predefined route before
data transfer, ensuring all packets follow the same path.
o Mechanism: Each packet carries a virtual circuit number, with routers
maintaining tables for packet forwarding.
o Analogy: Comparable to a phone call setup, where a reserved path is
used but without dedicating resources permanently.
 Datagram Approach:
o Mechanism: Each packet is sent independently without a pre-
established route, allowing for dynamic routing.
o Usage: Commonly used for internet traffic, where packets can follow
different paths to reach the destination.

Key Takeaway: The Virtual Circuit approach provides reliability, while the
Datagram approach allows flexibility, both useful in different networking scenarios.

Day 5: Summary and Comparison

 Summary Table: Consolidated the differences between Circuit Switching and

Packet Switching.

Aspect Circuit Switching Packet Switching

Path Dedicated and fixed Dynamic and shared
Usage Ideal for continuous traffic Ideal for bursty data traffic
Establishment
Yes, requires connection setup None, routed individually
Delay
Inefficient for non-continuous Efficient due to shared
Resource Utilization
data usage

17
 Table 1

 Review and Practical Application: Discussed scenarios where each method is

most applicable, reinforcing the concepts through practical examples.

Key Takeaway: Circuit and Packet Switching methods each have unique strengths,
with packet switching being more efficient for modern, bursty data traffic, while
circuit switching remains useful for dedicated connections, like voice calls.

2.3 Week 2: Social Engineering Attack (Days 6–10)

Day 6: Executive Summary and Objectives

 Objective: The primary goal was to assess the organization’s vulnerabilities to

social engineering (SE) attacks by evaluating employees' awareness of SE
tactics and the effectiveness of existing security policies.
 Scope: The assessment included testing various SE methods (phishing,
pretexting, and baiting) to identify weaknesses in the organization's human and
procedural defenses against social engineering.

Key Takeaway: Social engineering targets human vulnerabilities within an

organization, and this initial day provided a strategic understanding of why it’s
essential to test employee awareness and response.

Day 7: Methodology and Reconnaissance Phase

 Reconnaissance: Conducted online research and analyzed public information

on social media platforms to identify potential SE targets.
o Actions Taken:
 Employee Profiles: Studied LinkedIn profiles to collect
information on employee roles, responsibilities, and team
dynamics.
 Email Patterns: Identified common email formats to add
credibility to phishing attempts.

18
  Website Analysis: Reviewed the company website to familiarize
with internal terminology, recent news, and active projects.
o Outcome: Created detailed attack scenarios based on gathered data,
making the planned SE attempts more convincing and tailored to
specific employees.

Key Takeaway: The reconnaissance phase highlighted how publicly available

information can be exploited to create realistic and effective SE attacks.

Day 8: Attack Execution – Phishing and Pretexting Techniques

Figure 3

 Technique 1: Phishing Emails

o Scenario: Crafted phishing emails mimicking the IT department,
prompting employees to reset passwords due to “suspicious login
attempts.”
o Content: Emails included a link to a cloned company login page
designed to capture credentials.

19
 o Real-World Example: Recalled a 2016 incident where employees of a
tech firm received similar phishing emails from a fake internal address,
leading to a data breach.
 Technique 2: Pretexting via Phone Calls
o Scenario: Called employees, impersonating a new hire seeking help
with network access and software policies.
o Goal: Collected information on internal systems and software usage.
o Outcome: Some employees disclosed software details and network login
hints.
o Example: A similar pretexting approach targeted a financial institution,
where attackers, posing as IT personnel, gathered internal login
information from employees.

Key Takeaway: Both phishing and pretexting exploited trust in familiar

organizational roles, demonstrating how SE attackers can manipulate employees into
divulging sensitive data.

Day 9: Attack Execution – Baiting and Results Analysis

 Technique 3: Baiting (USB Drop)

o Scenario: Planted USB drives labeled “Confidential - Employee Bonus
Information” in shared office spaces to entice employees.
o Goal: The USBs contained scripts to capture login credentials upon
insertion.
o Outcome: Three employees plugged in the USB drives, activating the
scripts.
o Real-World Example: This technique mirrors a penetration test where
USBs were left in parking lots, leading curious employees to connect
them, unwittingly launching malware.
 Results Analysis: Evaluated the effectiveness of each SE method based on the
employees' responses and types of compromised information.
o Attack Summary:
 Phishing: 10 attempts, 60% success rate, yielding usernames and
passwords.
 Pretexting: 8 attempts, 50% success rate, gathering network and
software information.
 Baiting: 5 USB drops, 60% success rate, capturing login
credentials.

20
Key Takeaway: The results emphasized that employees lacked awareness regarding
phishing and pretexting indicators and were susceptible to curiosity-driven attacks
like baiting.

Day 10: Analysis, Observations, and Recommendations

 Analysis and Observations:

o Employee Vulnerability: Many employees failed to recognize phishing
indicators, especially when emails appeared to come from internal IT.
o Verification Protocols: Minimal verification for phone inquiries
contributed to successful pretexting attempts.
o Baiting Curiosity: Employees showed a tendency to connect
unauthorized USB devices, underscoring a need for policy enforcement.
 Recommendations:
o Security Awareness Training: Conduct regular training sessions to
help employees recognize phishing, pretexting, and baiting attempts.
o Enhanced Verification Protocols: Implement multi-factor
authentication and require verification protocols for sensitive inquiries.
o Strict USB Device Policy: Establish a policy against unauthorized USB
device usage and promote the use of approved devices only.

Key Takeaway: Implementing regular awareness training and stricter security

policies can substantially reduce the organization’s risk of social engineering attacks.

2.4 Week 3: Denial of Service (DoS) Attack (Days 11–15)

Day 11: Executive Summary and Objectives

 Objective: The primary aim was to evaluate the target system’s ability to
withstand high traffic and malicious connection attempts associated with a
Denial of Service (DoS) attack. This assessment focused on identifying any
system vulnerabilities that would disrupt legitimate user access.

21
  Tool Used: Selected the hammer tool (from GitHub, created by cyweb) for
this DoS simulation due to its simplicity and effectiveness in generating high
volumes of HTTP requests.
 Scope: The DoS simulation aimed to mimic high-traffic scenarios to assess the
system’s resilience and help identify security measures for improvement.

Key Takeaway: Understanding the objectives and scope of DoS attacks is essential
for evaluating system performance under stress and ensuring preparedness for high-
traffic situations.

Day 12: Methodology and Tool Selection

 DoS Attack Overview: Reviewed how a DoS attack works by flooding a

target server with excessive requests, which overwhelm resources and prevent
legitimate users from accessing the service. Unlike other attack types, a DoS
attack doesn’t exploit code vulnerabilities but relies on resource exhaustion.
 Tool Selection: The hammer tool was chosen for this simulation due to its
straightforward setup and ability to generate a high volume of HTTP requests,
effectively testing the server’s response under load.
 Target Criteria: Defined the ideal response, which was for the server to
handle legitimate traffic without any performance degradation, even during
high-load conditions.

Key Takeaway: This methodology emphasizes how DoS attacks target network
availability and the importance of choosing appropriate tools to measure system
limits.

Day 13: Preparation and Environment Setup

22
 Figure 4

 Environment Setup: Cloned the hammer repository from GitHub, installed,

and configured it on a Linux machine.
 Installation Steps:
1. Clone the Repository:

git clone https://github.com/cyweb/hammer.git

2. Navigate to Directory:

cd hammer
3. Run the Script:

python3 hammer.py -s <testphp.vulnweb.com> -p 80

-t 135
 Here, -s specifies the target IP, -p defines the port (80 for
HTTP), and -t sets the number of threads, which simulates
simultaneous requests.

Key Takeaway: This day focused on configuring the attack environment correctly,
which is critical for a successful DoS simulation and accurate results.

Day 14: How the DoS Attack Works and Execution

23
 Figure 5

 Mechanism of Operation:
o The hammer tool generates a large volume of HTTP requests to the
target server. By increasing the number of concurrent requests, it
consumes the server’s resources, slowing response times or causing the
server to crash.
o The tool operates at the HTTP layer, so no high-level privileges are
needed, making it accessible and practical for testing.
o Traffic Volume: The number of requests (threads) can be configured,
allowing the attack intensity to be customized.
 Example: Discussed a real-world incident from October 2016, where a series
of DoS attacks on the Dyn DNS service disrupted major websites (e.g.,
Twitter, Reddit, GitHub) by overwhelming DNS resources.
 Execution Steps:

1. Define the Target: Specified the server’s IP and port.

2. Launch the Attack: Initiated the hammer tool to generate a high volume
of requests.
3. Monitor Impact: Observed server response times and logs to assess the
attack's effect.

Key Takeaway: This day highlighted the actual execution of a DoS attack,
emphasizing how an overload of requests affects server performance and availability.

Day 15: Results, Analysis, and Recommendations

 Attack Results:
o Metrics:
 Attack Duration: 15 minutes.
 Request Rate: ~500 requests/second.
 Target Status: Significant slowdown and eventual timeout.
 System Logs: Recorded HTTP 503 errors, indicating service
unavailability.
 Analysis of Attack Impact:
o Server Response Degradation: The server’s response slowed under the
load, showing the absence of rate-limiting measures.
o Resource Exhaustion: High memory and CPU usage impacted other
services on the server.

24
 o Log Analysis: HTTP 503 errors signaled that the server was unable to
process legitimate user requests due to resource exhaustion.
 Recommendations:
o Rate Limiting: Implement measures to limit the number of requests per
user, reducing the likelihood of resource overload.
o Traffic Filtering: Utilize a Web Application Firewall (WAF) to filter
and block suspicious traffic patterns.
o Load Balancing: Distribute incoming traffic across multiple servers,
allowing the system to handle high loads more effectively.
o Enhanced Monitoring: Deploy monitoring tools to detect and
automatically respond to unusual traffic spikes.

Conclusion: The DoS simulation revealed that the target system struggled to handle
excessive traffic, demonstrating its vulnerability to service disruptions. By
implementing the recommended measures, the organization can better protect itself
from DoS and Distributed DoS (DDoS) attacks, ensuring continuous availability and
resilience.

CHAPTER 3
3.1 DETAILS
During my internship at Kaashiv Infotech, I engaged in a series of cybersecurity-
focused modules designed to enhance my knowledge and practical skills. Each
module was structured to bridge theoretical concepts with real-world applications,
enabling me to gain hands-on experience in implementing security measures within
an organizational setting. The key modules I developed or contributed to are
described below:

3.2 CYBERSECURITY AWARENESS AND PRACTICES MODULE

Objective: To build a solid foundation in cybersecurity principles and best practices,
tailored for employees to strengthen organizational security posture and awareness.
Key Components Covered:
1. Introduction to Cybersecurity Concepts

25
 o Overview of Cyber Threats: Explored a range of cyber threats,
including malware, phishing, ransomware, and insider threats, with a
focus on their impact on organizational security.

o Types of Hackers and Their Intentions:

Type of
Intentions Common Tools/Techniques
Hacker
White Hat Security improvement, Penetration testing tools,
Hacker compliance ethical hacking
Black Hat Data theft, financial Malware, phishing attacks,
Hacker gain keyloggers
Gray Hat Vulnerability scanners,
Skill testing, curiosity
Hacker hacking scripts
Publicly available hacking
Script Kiddie Vandalism, reputation
tools
DDoS attacks, website
Hacktivist Political activism
defacements

Table 2

o Cybersecurity Importance: Discussed the crucial role of cybersecurity

in minimizing risks and protecting business operations.

2. Cyber Hygiene Practices

o Password Security: Emphasized creating strong passwords, avoiding
reuse, and the benefits of using password managers for managing
credentials securely.
o Phishing Awareness: Trained in identifying phishing attempts,
examining suspicious emails, and understanding reporting protocols for
potential phishing attacks.

3. Data Protection and Privacy

o Data Classification: Reviewed data types based on sensitivity, learning
to handle sensitive information following security protocols.

26
 o Privacy Policies and Regulations: Examined company policies on data
privacy and discussed regulatory requirements, including GDPR and
CCPA compliance.

4. Secure Use of Technology

o Device Security Measures: Discussed securing both personal and
organizational devices, including setting up device-specific security
measures for laptops, mobile devices, and desktops.
o Software Update Policies: Highlighted the importance of timely
software and application updates as a measure against known
vulnerabilities.

5. Incident Response and Reporting

o Incident Reporting Protocols: Understood the structured steps for
reporting security incidents and the significance of prompt reporting to
minimize impact.
o Response Roles and Responsibilities: Reviewed the incident response
plan, identifying individual and team responsibilities during an incident.

6. Employee Awareness and Training Initiatives

o Developing Awareness Campaigns: Assisted in crafting materials and
campaigns to educate employees on cybersecurity fundamentals and safe
online practices.
o Interactive Training Workshops: Participated in workshops that
included role-play and simulations to reinforce cybersecurity knowledge
and promote an engaging learning experience.

3.3 OUTCOMES AND SKILLS GAINED:

This module provided me with essential cybersecurity insights, which enabled me to
actively contribute toward promoting a security-focused culture within the
organization. I developed strong skills in identifying cyber threats, educating team
members on security practices, and emphasizing proactive steps to safeguard
organizational resources.

27
CHAPTER 4
My two-week internship with Kaashiv Infotech was an invaluable experience,
providing me with comprehensive insights into IT infrastructure, cybersecurity, and
practical IT management within a dynamic tech environment. The structured, hands-
on approach of this internship allowed me to engage with real-world IT challenges
and solutions, and to apply my theoretical knowledge in a practical, collaborative
setting. Through exposure to various aspects of cybersecurity, system administration,
and IT project management, I gained practical experience that significantly enhanced
my technical skills and prepared me for future roles in the technology field.

4.1 SUMMARY OF LEARNING AND SKILLS ACQUIRED

Throughout my two-week internship at Kaashiv Infotech, I engaged in a series of

structured modules that encompassed a broad spectrum of IT and cybersecurity tasks,
each contributing to a well-rounded skill set applicable in modern technology
environments. The key areas covered included:

 Network Security and Infrastructure: Gained hands-on experience in

configuring firewalls, managing network access, and setting up network
security protocols, enhancing my ability to protect digital infrastructure from
potential threats.
 Cybersecurity Awareness and Practices: Developed and contributed to
cybersecurity awareness modules, focusing on topics such as password
management, phishing awareness, and secure device usage. This experience
helped me understand the importance of cybersecurity hygiene and the impact
of training employees to recognize and respond to potential threats.
 System Administration and User Management: Worked on system
administration tasks including the installation and configuration of software,
user access management, and system security protocols, all of which are
critical for maintaining a secure and efficient operational environment.
 Data Protection and Privacy: Implemented data backup and recovery
strategies and worked with data classification and privacy protocols, deepening
my understanding of data protection policies and regulatory compliance in
cybersecurity.
 Incident Response and Reporting: Participated in creating and implementing
28
 incident response plans, learning to respond to and report security incidents
effectively. This provided insight into the protocols for managing security
breaches and emphasized the importance of rapid and efficient response in
maintaining organizational resilience.
 Enterprise Security Architecture: Examined secure enterprise architecture
design, including cloud virtualization and securing wireless networks, which
equipped me with knowledge of safeguarding complex IT environments.
 Ethical Hacking and Vulnerability Testing: Explored ethical hacking
techniques and participated in vulnerability assessments, developing
foundational skills in identifying and addressing security weaknesses within
systems and applications.

Each of these areas contributed to my professional growth, equipping me with

versatile skills in cybersecurity and IT management, while fostering a deep
understanding of how security practices are applied in real-world scenarios.

4.2 REFLECTION ON PERSONAL GROWTH

My internship at Kaashiv Infotech significantly contributed to my personal growth

by enhancing my problem-solving skills and adaptability in a dynamic IT
environment. Engaging in hands-on projects sharpened my ability to tackle real-
world challenges efficiently, while collaborating with team members improved my
communication skills. The responsibilities I assumed not only bolstered my
confidence in cybersecurity and IT management but also solidified my foundation for
future roles in this rapidly evolving field.

4.3 VALUE OF THE INTERNSHIP EXPERIENCE

The practical exposure to cutting-edge technologies and hands-on projects at

Kaashiv Infotech has equipped me with a strong foundation for a career in
cybersecurity and IT management. Collaborating with industry experts allowed me to
gain valuable insights into best practices, particularly in cybersecurity awareness and
ethical hacking. This experience has sparked a deep interest in IT infrastructure and
security, motivating me to pursue further opportunities in these fields. I am grateful
for the mentorship I received, which has prepared me for advanced roles in
cybersecurity and IT management.

4.4 FUTURE GOALS AND APPLICATIONS

29
The knowledge and skills I acquired during my internship at Kaashiv Infotech have
motivated me to pursue further education and certifications in cybersecurity, network
management, and ethical hacking. I plan to apply these competencies in future
projects and roles, focusing on enhancing my expertise as an IT professional. This
experience has clarified my career aspirations, and I am dedicated to advancing my
proficiency in cybersecurity practices and IT infrastructure management to contribute
effectively to the field.

30