INTERNSHIP TRAINING REPORT ON

ANTIVIRUS AND NGAV

Submitted by

SURENTHAR M

(Reg. No: 20906)

In partial fulfillment for the award of the degree of

BACHELOR OF SCIENCE

IN

NETWORKING

Under the guidance of

Dr. V. Muthu Ganeshan MCA.,M,Phil.,Ph.D.,

DEPARTMENT OF NETWORKING

SUBBALAKSHMI LAKSHMIPATHY COLLEGE OF SCIENCE

(An Autonomous Institution)
(Affiliated to Madurai Kamaraj University & by NAAC with B+ Grade by NAAC)

T.V.R Nagar, Aruppukottai Road, Madurai – 625022

MAY - 2023
 SUBBALAKSHMI LAKSHMIPATHY COLLEGE OF SCIENCE
(An Autonomous Institution)

(Affiliated to Madurai Kamaraj University & Re-Accredited with B+ Grade by

NAAC) T.V.R Nagar, Aruppukottai Road, Madurai-625002.

BONAFIDE CERTIFICATE

Certify that this Internship Training report “ANTIVIRUS AND NGAV” in DIGITAL
TRACK SOLUTION is the bonafide work of SURENTHAR M (20906) who carried out
the Internship Training work under my guidance and supervision.

Submitted for the Viva – Voce held on ……………………………………………

Place:

Signature of Company Guide Signature of Internal Guide Signature of the HOD

Signature of the External Examiner Signature of the Controller of Examination

Signature of the Principal

DECLARATION

I hereby declare that this Internship Training work entitled “ANTIVIRUS AND NGAV”in,

DIGITAL TRACK SOLUTION., MADURAI submitted to SUBBALAKSHMI

LAKSHMIPATHY COLLEGE OF SCIENCE, MADURAI -22 is the record done by myself

and this project work has not been formed by the basis for the award of any degree/associate

ship / fellowship or similar to any candidate in any university.

DEPARTMENT & YEAR: B.SC. NETWORKING - III YEAR

REGISTER NUMBER: 20906

(M.SURENTHAR)
 ACKNOWLEDGEMENT

I hereby express my thanks to almighty for sprinkling his blessings throughout my studies &
during my Internship Training period.

I would like to express my heartfelt gratitude and thanks to our honorable president Dr. R.
LAKSHMIPATHY for providing an excellent infrastructure to do my degree successfully.

My sincere thanks to our honorable principal Dr. R. SUJATHA for allowing me to do my

internship and encouraging my academics in SLCS.

I express my thanks to the Head of the Department Mr. M. ATHIGOPAL M.SC., M.PHIL.
B. ED (PHD) for all the help and support during my studies and Internship Training.

My cordial gratitude thanks to the team head Miss. JANANI and Managing Director Mr.
MUNEER AHAMED of DIGITAL TRACK SOLUTION for the great experience and
Learning which he had shared throughout my Internship Training.

My sincere gratefulness to DIGITAL TRACK SOLUTION for the great opportunity to be part
of this Internship Training and having the chance to meet this wonderful profession.

I acknowledge my deepest thanks to the fullest support rendered by all the faculty members
who helped me in melding my career and improving my technical knowledge.

I express my deepest gratitude to my beloved parents for allowing me to realize my own

potential. All the support they have provided me over the years was the greatest and
wonderful gift anyone has ever given me.

(SURENTHAR M)
 TABLE OF CONTENTS

CHAPTER NO TITLE PAGE NO

1. INTRODUCTION 2

1.1. Synopsis 4

1.2. Organization profile 5

1.3. Organization pyramid 9

2. NETWORK INFRASTRUCTURE SETUP 7

2.1. Company domain 11

2.2 Network infrastructure model diagram 14

3. INTERNSHIP TRAINING DETAILS 16

3.1. Roles and responsibility 18

4. INTERNSHIP TRAINING DAILY ACTIVITIES 59

REPORT

5. TECHNOLOGY LEARNED 64

5.1 End point security 65

5.2 Malware threats 68

5.3 Edr and Xdr 71

6. CONCLUSION 78

7. REFERENCE 79

1
 CHAPTER 1
INTRODUCTION

2
1. INTRODUCTION:

This Report is about Three month’s Internship Training carried out as a

mandatory component of B.Sc. Networking. This document contains information about the
organization and the responsibilities performed throughout the Internship Training period.
The Internship Training was carried out by DIGITAL TRACK SOLUTION. The first part
offers an overview of the organization, followed by all the duties carried out during this time
of Internship Training period.
DigitalTrack brings 360-degree Digital Transformation for business of all vertical catering to
small business, mid-size and large enterprises by delivering assured business efficiency
through a set of new-age technologies with in house and external expertise backed by the
strong technical support team.

DT’s 18 years of youthful journey has a perfectly balanced team of matured leadership,
supported by a seasoned mid-level team and backed by strong young and energetic next
generation work force, which helps us with a mix of traditional and new age cultural working
environment to retain the best talents. It gives the confidence to our customers and vendors.

Born in 2004 head quartered in Chennai, we travelled the length and breadth to serve
customers across the country, with our presence in South, West, East & North. We also
optimistically stretched our wings to Singapore & Middle East regions.

3
2.SYNOPSIS:

The Major goal of the Internship Training in DIGITAL TARCK

SOLUTIONis a new age IT Infrastructure management services company delivering timely
solutions enhancing operational excellence of our customer’s businesses. We have put in
undeterred hard work and our clientele is the proof to our professionalism. Our passion to
transcend new boundaries has driven us to go that extra mile to bring a smile on our
customer’s face. The purpose of our business is to maximize our customer’s return on IT
investment, to adhere to standards and compliance, to promote adaptability and
interoperability in IT.

4
1.1 ORGANIZATION PROFILE:

Digital Track brings 360-degree Digital Transformation for business of all verticalcatering to
small business, mid-size and large enterprises by delivering assured business efficiency
through a set of new-age technologies with in house and external expertise backed by the
strong technical support team. DT’s 18 years of youthful journey has a perfectly balanced
team of matured leadership, supported by a seasoned mid-level team and backed by strong
young and energetic next generation work force, which helps us with a mix of traditional and
new age cultural working environment to retain the best talents. It gives the confidence to our
customers and vendors

 Founded in 2004 & Incorporated in 2009

 Private Limited Organization
 Over 100 + highly skilled work force
 Over 800+ satisfied customers in South India in all industry verticals
 Clean & Modern Design
 Services offered 24/7 and across the globe through its Preferred Partner network

Established as Six different business verticals

 Network Infrastructure & Security,

 Data Management & Availability,
 Integrated IT Infrastructure
 Cloud
 Artificial intelligence
 Cyber security

5
FIGURE 1.1 Clients and products

6
7
1.2.1 GOAL:

Our aim is to ease the transition of enterprises into the Internet age. We offer a full range of
IT, Security, Network, Collaboration, Data Center, Storage & Backup Infrastructure,
Virtualization, Cloud Management, IT Facility Management and System integration services
and solutions partnering with the best-of-breed technologies in the industry, giving a
competitive edge to our clients to achieve their business goals in style.

1.2.2 VISION:

Our vision is to be most customer centric organization; to build a place where customers
believe and treat us as A Trusted Advisor for their IT infrastructure, security, storage,
virtualization, Artificial Intelligence and Cloud and Software solutions

1.2.2 MISSION:

To constantly improve what is essential to gain trust and confidence of us customers in

network security, storage virtualization & System integration domain with the best technical
support and services which will recognize as one of the best value-added system integrators
by customers and vendors.

8
1.2 ORGANIZATION PYRAMID:

This inverted pyramid diagram represents company hierarchy level

Figure 1.2 Organization Pyramid

9
 CHAPTER 2
NETWORK INFRASTRUCTURE SETUP

10
 2.1 COMPANY DOMAIN

Digital Track Solutions Pvt.Ltd is one of the fastest growing network security and storage
solution

NETWORK:

The first and foremost need for every organization irrespective of the industry or size is
Network. Networks are the means of communication that enables us to have accessibility to
any point across the globe. To put it directly, the internet is a vast bunch of computers
connected to one another. Since the network is the backbone for communication, designing a
network requires experience
DigitalTrack as a pioneer in the field of networking has been able to levitate the burden of
Network Infrastructure architecture and deployment from the clients. It goes beyond doubt
that businesses cannot sustain without proper networking. Digitaltrack as a partner specializes
in providing secure, robust and scalable network for organizations of all sizes. We take a
holistic approach to design a network considering Wired & Wireless LAN, WAN, Inbound
and Outbound Traffic and growth factor of the organization. We make sure that the proposed
architecture can accommodate multifactor growth in size so as to not render the initial
investment obsolete our offering.

Figure 2.1 Networking

11
NETWORK AUDIT:

Our Offerings For both organizations with an existing infrastructure as well organizations

who want to build an architecture from scratch, we provide auditing services and recommend

architecture and infrastructure changes and deployment strategy.

INFRASTUCTURE DEPLOYMENT:

We configure and deploy networks incorporating organization requirements, compliance and

industry best practices.

SUPPLY AND SUPPORT:

As a partner we supply, deploy and support clients for issues as well as minor to major

changes in the infrastructure including integration with other solutions.

OUR MAJOR FOCOUS:

 WAN

 SD-LAN

 SD-WAN

 Monitoring Solutions

 Automation & Orchestration Solutions

SECURITY:
In today's threat landscape, securing the organization has become an imperative goal right

next to productivity. The big question has transitioned from "If I get attacked" to 'When I get

attacked". As the vectors and methodologies of attack have become increasingly diverse,

organizations are forced to consider two scenarios

 How do I protect my organization against a cyber-attack?

 How do I handle when there is an attack and minimize the damages?

12
Digital Track as a Security consultant have adopted a Zero trust framework with a threat
centric approach across all segments of the network. Our recommendations revolve around
the philosophy of "trust but verify" while optimizing the solution on sole goal of preventing
an attack through any vector.

Where Digital Track as a partner adds value is through our understanding of the attack
vectors and methodologies which enables us in designing a security architecture in which the
components integrate with one another to enable intelligence sharing between the appliances.
Holistic security is achieved when the security peripherals can communicate and share intel
with one another rather than working in silos.

Audit is one process which terrifies even the most meticulous organizations. Digital Track
enables organizations become complianct and ensure that they are being compliant around
the year. We offer change management and Compliance Checker solutions which would alert
you when you become non compliant upon a change in the configuration or the
infrastructure. Furthermore, we also offer Cyber Risk Quantification solutions which
incorporate both the technical and Business contexts of your organization to help you
objectively quantify the risk within the organization.

13
2.2. NETWORK INFRASTRUCTURE SETUP DIAGRAM

Fig 2.3 Network Infrastructure Setup Diagram

14
2.2.1 Hardware of the server system

Mac Mini:

● 2.8Ghz-Core Intel Core i5

● 1TB Fusion Driver

● 8GB of 1600 MHz LPDDR3 Memory

● LED Monitors

Desktop:

● Intel Dual-core i7-6402 processors

● 1TB cache up to 7.80 GHz

● 32 GB Ram

● 2TB SSD Driver

● LED Monitor

Laptop:

● 15.5 inches LED backlight screen

● 16 GB DDR3 RAM

● Intel i7-530 Dual Core-CPU

● 1 TB SSD Driver

● Intel 16GB Graphics card

15
 CHAPTER 3

INTERNSHIP TRAINING DETAILS

16
17
 3.1 ROLES AND RESPONSIBLITIES

NETWORK:
A network is a group of two or more computers or other electronic devices that are
interconnected for the purpose of exchanging data and sharing resources.
TYPES OF NETWORKS:

LOCAL AREA NETWORK:

LAN is the most frequently used network. A LAN is a computer network that connects
computers through a common communication path, contained within a limited area, that is,
locally. A LAN encompasses two or more computers connected over a server. The two
important technologies involved in this network are ETHERNET and WIFI. It ranges up to
2km & transmission speed is very high with easy maintenance and low cost. Examples of
LAN are networking in a home, school, library, laboratory, college, office, etc.

18
 Local Area Network (LAN)

Metropolitan Area Network (MAN):

A MAN is larger than a LAN but smaller than a WAN. This is the type of computer network
that connects computers over a geographical distance through a shared communication path
over a city, town, or metropolitan area. This network mainly uses FDDI, CDDI, and ATM as
the technology with a range from 5km to 50km. Its transmission speed is average. It is
difficult to maintain and it comes with a high cost.Examples of MAN are networking in
towns, cities, a single large city, a large area within multiple buildings, etc.

19
WIDE AREA NETWORK:

WAN is a type of computer network that connects computers over a large geographical
distance through a shared communication path. It is not restrained to a single location but
extends over many locations. WAN can also be defined as a group of local area networks that
communicate with each other with a range above 50km. Here we use Leased-Line & Dial-up
technology. Its transmission speed is very low and it comes with very high maintenance and
very high cost. The most common example of WAN is the Internet.

CAMPUS AREA NETWORK:

CAN is bigger than a LAN but smaller than a MAN. This is a type of computer network that
is usually used in places like a school or colleges. This network covers a limited geographical
area that is, it spreads across several buildings within the campus. CAN mainly use Ethernet
technology with a range from 1km to 5km.Its transmission speed is very high with a
moderate maintenance cost and moderate cost. Examples of CAN are networks that cover
schools, colleges, buildings, etc.

20
PERSONAL AREA NETWORK:

PAN is the most basic type of computer network. This network is restrained to a single
person, that is, communication between the computer devices is centered only on an
individual’s workspace. PAN offers a network range of 1 to 100 meters from person to device
providing communication. Its transmission speed is very high with very easy maintenance
and very low cost. This uses Bluetooth, IrDA, and Zigbee as technology. Examples of PAN
are USB, computer, phone, tablet, printer, PDA, etc.

21
COMMUNICATION TYPES:

There are 3 types of transmission modes which are given below: Simplex mode, Half duplex
mode, and Full-duplex mode. These are explained below.

1. Simplex mode: In simplex mode, Sender can send the data but the sender can’t
receive the data. It is a unidirectional communication.

2. Half-duplex mode: In half-duplex mode, Sender can send the data and also can
receive the data one at a time.

22
 time.

3. Full duplex mode: In full-duplex mode, Sender can send the data and also can receive
the data simultaneously. It is two-way directional communication
simultaneously.

UNICAST TRANSMISSION:

In Unicast transmission, the data is transferred from a single sender (or a single source host)
to a single receiver (or a single destination host). The network switches hear the MAC
addresses of the devices on the networks to which they are connected. They can then forward
packets only onto those networks containing devices with the connected MAC addresses.
Unicast gradually becomes less efficient as more receivers need to see identical data.

23
EXAMPLE;

In the following figure, Host A sends the IP address 11.1.2.2 data to the Host B IP address
20.12.4.3.

 Source Address = IP address of host A is 11.1.2.2

 Destination Address = IP address of host B is 20.12.4.3

BROADCAST TRANSMISSION:

In Broadcast transmission, the data is transmitted from one or more senders to all the
receivers within the same network or in other networks. This type of transmission is useful in
network management packets such as ARP (Address Resolution Protocol) and RIP (Routing
Information Protocol) where all the devices must see the data.

There are two types of broadcast transmission:

 Directed Broadcast, and

 Limited Broadcast
DIRECTED BROADCAST:
Directed Broadcast transmits data from one source host to all the other hosts that exist in
some other network. It is used in two scenarios −

 When the hosts are responsible for parsing data from broadcast packets.

24
  When all the hosts require the same data.

LIMITED BROADCST:

In Limited Broadcast, the data is transmitted from a single source host to all the other hosts
residing in the same network.

25
MULTICAST BROADCAST:

When the data is transmitted from a single source host to a specific group of hosts having the
interest to receive the data, it is known as multicast transmission. Multicast can be more
efficient than unicast when different groups of receivers need to see the same data.

Example − Multicast is the technique used in Internet streaming of video or audio

teleconference, sending an email to a particular group of people, etc.

Network Devices:

Network devices, also known as networking hardware, are physical devices that allow
hardware on a computer network to communicate and interact with one another. For example,
Repeater, Hub, Bridge, Switch, Routers, Gateway, Brouter, and NIC, etc.

1. Repeater – A repeater operates at the physical layer. Its job is to regenerate the signal over
the same network before the signal becomes too weak or corrupted to extend the length to
which the signal can be transmitted over the same network. An important point to be noted
about repeaters is that they do not amplify the signal. When the signal becomes weak, they
copy it bit by bit and regenerate it at its star topology connectors connecting if original
strength. It is a 2-port device.

2. Hub – A hub is a basically multi-port repeater. A hub connects multiple wires coming
from different branches, for example, the connector in star topology which connects different
stations. Hubs cannot filter data, so data packets are sent to all connected devices. In other

26
words, the collusion domain of all hosts connected through Hub remains one. Also, they do
not have the intelligence to find out the best path for data packets which leads to
inefficiencies and wastage.

TYPES OF HUBS:

 Active Hub: - These are the hubs that have their power supply and can clean, boost,
and relay the signal along with the network. It serves both as a repeater as well as a
wiring center. These are used to extend the maximum distance between nodes.

 Passive Hub: - These are the hubs that collect wiring from nodes and power supply
from the active hub. These hubs relay signals onto the network without cleaning and
boosting them and can’t be used to extend the distance between nodes.

 Intelligent Hub: - It works like an active hub and includes remote management
capabilities. They also provide flexible data rates to network devices. It also enables
an administrator to monitor the traffic passing through the hub and to configure each
port in the hub.

3. Bridge – A bridge operates at the data link layer. A bridge is a repeater, with add on the
functionality of filtering content by reading the MAC addresses of the source and destination.
It is also used for interconnecting two LANs working on the same protocol. It has a single
input and single output port, thus making it a 2-port device.

Types of Bridges

 Transparent Bridges: - These are the bridge in which the stations are completely
unaware of the bridge’s existence i.e., whether or not a bridge is added or deleted
from the network, reconfiguration of the stations is unnecessary. These bridges make
use of two processes i.e., bridge forwarding and bridge learning.

 Source Routing Bridges: - In these bridges, routing operation is performed by the

source station and the frame specifies which route to follow. The host can discover
the frame by sending a special frame called the discovery frame, which spreads
through the entire network using all possible paths to the destination.

4. Switch – A switch is a multiport bridge with a buffer and a design that can boost its
efficiency (a large number of ports imply less traffic) and performance. A switch is a data
link layer device.

27
Types of Switches:

1. Unmanaged switches: These switches have a simple plug-and-play design and do not
offer advanced configuration options. They are suitable for small networks or for use
as an expansion to a larger network.

2. Managed switches: These switches offer advanced configuration options such as

VLANs, QoS, and link aggregation. They are suitable for larger, more complex
networks and allow for centralized management.

3. Smart switches: These switches have features similar to managed switches but are
typically easier to set up and manage. They are suitable for small- to medium-sized
networks.

4. Layer 2 switches: These switches operate at the Data Link layer of the OSI model
and are responsible for forwarding data between devices on the same network
segment.

5. Layer 3 switches: These switches operate at the Network layer of the OSI model and
can route data between different network segments. They are more advanced than
Layer 2 switches and are often used in larger, more complex networks.

6. PoE switches: These switches have Power over Ethernet capabilities, which allows
them to supply power to network devices over the same cable that carries data.

7. Gigabit switches: These switches support Gigabit Ethernet speeds, which are faster
than traditional Ethernet speeds.

8. Rack-mounted switches: These switches are designed to be mounted in a server rack

and are suitable for use in data centers or other large networks.

9. Desktop switches: These switches are designed for use on a desktop or in a small
office environment and are typically smaller in size than rack-mounted switches.

10. Modular switches: These switches have modular design, which allows for easy
expansion or customization. They are suitable for large networks and data centers.

11. 5. Routers – A router is a device like a switch that routes data packets based on their
IP addresses. The router is mainly a Network Layer device. Routers normally connect
LANs and WANs and have a dynamically updating routing table based on which they

28
 make decisions on routing the data packets. The router divides the broadcast domains
of hosts connected through it.

6. Gateway – A gateway, as the name suggests, is a passage to connect two networks that
may work upon different networking models. They work as messenger agents that take data
from one system, interpret it, and transfer it to another system. Gateways are also called
protocol converters and can operate at any network layer. Gateways are generally more
complex than switches or routers. A gateway is also called a protocol converter.

7. Brouter – It is also known as the bridging router is a device that combines features of both
bridge and router. It can work either at the data link layer or a network layer. Working as a
router, it is capable of routing packets across networks and working as the bridge, it is
capable of filtering local area network traffic.

8. NIC – NIC or network interface card is a network adapter that is used to connect the
computer to the network. It is installed in the computer to establish a LAN. It has a unique id
that is written on the chip, and it has a connector to connect the cable to it. The cable acts as

29
an interface between the computer and the router or modem. NIC card is a layer 2 device
which means that it works on both the physical and data link layers of the network model.

TOPOLOGY:

Topology defines the structure of the network of how all the components are interconnected
to each other.

TYPES OF TOPOLOGIES:

 STAR TOPOLOGY
 BUS TOPOLOGY
 RING TOPOLOGY
 MESH TOPOLOGY
 HYBRID TOPOLOGY

STAR TOPOLOGY:

In a Star network topology, every node is connected using a single central hub or switch. The
hub or switch performs the entire centralized administration. Each node sends its data to the
hub, and later hub shares the received information to the destination device. Two or more-star
topologies can be connected to each other with the help of a repeater.

BUS TOPLOGY:

30
A Bus network topology supports a common transmission medium where each node is
directly connected with the main network cable. The data is transmitted through the main
network cable and is received by all nodes simultaneously. A signal is generated through the
source machine, which contains the address of the receiving machine. The signal travels in
both the direction to all the nodes connected to the bus network until it reaches the destination
node. Bus topology is not fault-tolerant and has a limited cable length.

RING TOPOLOGY:

In ring topology, each host machine connects to exactly two other machines, creating a
circular network structure. When one host tries to communicate or send message to a host
which is not adjacent to it, the data travels through all intermediate hosts. To connect one
more host in the existing structure, the administrator may need only one more extra cable

MESH TOPOLOGY:

31
In a Mesh topology, every node in the network connection is directly connected to one other
forming overlapping connections between the nodes. This topology delivers better fault
tolerance because if any network device fails, it won't affect the network, as other devices can
transfer information. The Mesh networks self-configure and self-organize, finding the
quickest, most secure way to transmit the data.

HYBRID TOPOLOGY:

A network structure whose design contains more than one topology is said to be hybrid
topology. Hybrid topology inherits merits and demerits of all the incorporating topologies.

32
PROTOCOLS:

A protocol is a set of rules and guidelines for communicating data. Rules are defined for each
step and process during communication between two or more computers. Networks have to
follow these rules to successfully transmit data.

PROTOCOLS PORT NUMBER

FTP 20,21
SSH 22
TELNET 23
SMTP 25
DNS 53
HTTP 80
HTTPS 443
POP3 110
DNS 53
IMAP4 143

33
Transmission Control Protocol (TCP)

TCP (Transmission control protocol) is one of the main protocols of the Internet protocol
suite. It lies between the Application and Network Layers which are used in providing
reliable delivery services. It is a connection-oriented protocol for communications that helps
in the exchange of messages between different devices over a network. The Internet Protocol
(IP), which establishes the technique for sending data packets between computers, works with
TCP.

Transmission Control Protocol

Features of TCP

 TCP keeps track of the segments being transmitted or received by assigning numbers
to every single one of them.

 Flow control limits the rate at which a sender transfers data. This is done to ensure
reliable delivery.

 TCP implements an error control mechanism for reliable data transfer.

 TCP takes into account the level of congestion in the network.

Advantages of TCP

34
 It is reliable for maintaining a connection between Sender and Receiver.

 It is responsible for sending data in a particular sequence.

 Its operations are not dependent on OS.

 It allows and supports many routing protocols.

 It can reduce the speed of data based on the speed of the receiver.

35
Disadvantages of TCP

 It is slower than UDP and it takes more bandwidth.

 Slower upon starting of transfer of a file.

 Not suitable for LAN and PAN Networks.

 It does not have a multicast or broadcast category.

 It does not load the whole page if a single data of the page is missing.

User Datagram Protocol (UDP)

User datagram protocol (UDP) is a Transport Layer protocol. UDP is a part of the Internet
Protocol suite, referred to as the UDP/IP suite. Unlike TCP, it is an unreliable and
connectionless protocol. So, there is no need to establish a connection before data transfer.
The UDP helps to establish low-latency and loss-tolerating connections establish over the
network. The UDP enables process-to-process communication.

User Datagram Protocol

Features of UDP

 Used for simple request-response communication when the size of data is less and
hence there is lesser concern about flow and error control.

 It is a suitable protocol for multicasting as UDP supports packet switching.

 UDP is used for some routing update protocols like RIP (Routing information
protocol)

36
  Normally used for real-time applications which cannot tolerate uneven delays
between sections of a received message.

Advantages of UDP

 It does not require any connection for sending or receiving data.

 Broadcast and Multicast are available in UDP.

 UDP can operate on a large range of networks.

 UDP has live and real-time data.

 UDP can deliver data if all the components of the data are not complete.

Disadvantages of UDP

 We cannot have any way to acknowledge the successful transfer of data.

 UDP cannot have the mechanism to track the sequence of data.

 UDP is connectionless, and due to this, it is unreliable to transfer data.

 In case of a Collision, UDP packets are dropped by Routers in comparison to TCP.

 UDP can drop packets in case of detection of errors.

OSI LAYERS:

What Is the OSI Model

 The Open Systems Interconnection (OSI) model describes seven layers that computer
systems use to communicate over a network. It was the first standard model for
network communications, adopted by all major computer and telecommunication
companies in the early 1980s
 The modern Internet is not based on OSI, but on the simpler TCP/IP model. However,
the OSI 7-layer model is still widely used, as it helps visualize and communicate how
networks operate, and helps isolate and troubleshoot networking problems.
 OSI was introduced in 1983 by representatives of the major computer and telecom
companies, and was adopted by ISO as an international standard in 1984.

37
OSI Model Explained: The OSI 7 Layers

We’ll describe OSI layers “top down” from the application layer that directly serves the end
user, down to the physical layer.

7. Application Layer

The application layer is used by end-user software such as web browsers and email clients. It
provides protocols that allow software to send and receive information and present
meaningful data to users. A few examples of application layer protocols are the Hypertext
transfer protocol (HTTP), File Transfer Protocol (FTP), Post Office Protocol (POP), Simple
Mail Transfer Protocol (SMTP), and Domain Name System (DNS).

6. Presentation Layer

38
The presentation layer prepares data for the application layer. It defines how two devices
should encode, encrypt, and compress data so it is received correctly on the other end. The
presentation layer takes any data transmitted by the application layer and prepares it for
transmission over the session layer.

5. Session Layer

The session layer creates communication channels, called sessions, between devices. It is
responsible for opening sessions, ensuring they remain open and functional while data is
being transferred, and closing them when communication ends. The session layer can also set
checkpoints during a data transfer—if the session is interrupted, devices can resume data
transfer from the last checkpoint.

4. Transport Layer

The transport layer takes data transferred in the session layer and breaks it into “segments” on
the transmitting end. It is responsible for reassembling the segments on the receiving end,
turning it back into data that can be used by the session layer. The transport layer carries out
flow control, sending data at a rate that matches the connection speed of the receiving device,
and error control, checking if data was received incorrectly and if not, requesting it again.

3. Network Layer

The network layer has two main functions. One is breaking up segments into network
packets, and reassembling the packets on the receiving end. The other is routing packets by
discovering the best path across a physical network. The network layer uses network
addresses (typically Internet Protocol addresses) to route packets to a destination node.

2. Data Link Layer

The data link layer establishes and terminates a connection between two physically-
connected nodes on a network. It breaks up packets into frames and sends them from source
to destination. This layer is composed of two parts—Logical Link Control (LLC), which
identifies network protocols, performs error checking and synchronizes frames, and Media
Access Control (MAC) which uses MAC addresses to connect devices and define
permissions to transmit and receive data.

1. Physical Layer

39
The physical layer is responsible for the physical cable or wireless connection between
network nodes. It defines the connector, the electrical cable or wireless technology
connecting the devices, and is responsible for transmission of the raw data, which is simply a
series of 0s and 1s, while taking care of bit rate control.

The OSI model helps users and operators of computer networks:

 Determine the required hardware and software to build their network.

 Understand and communicate the process followed by components communicating

across a network.

 Perform troubleshooting, by identifying which network layer is causing an issue and

focusing efforts on that layer.

DOMAIN NAME SYSTEM:

Domain Name System (DNS) is a hostname for IP address translation service. DNS is a
distributed database implemented in a hierarchy of name servers. It is an application layer
protocol for message exchange between clients and servers. It is required for the functioning
of the Internet.

ORGANIZATION OF DOMAIN

 DNS record: Domain name, IP address what is the validity?? what is the time to
live ?? and all the information related to that domain name. These records are stored
in a tree-like structure.

 Namespace: Set of possible names, flat or hierarchical. The naming system maintains
a collection of bindings of names to values – given a name, a resolution mechanism
returns the corresponding value.

 Name server: It is an implementation of the resolution mechanism. DNS (Domain

Name System) = Name service in Internet – A zone is an administrative unit, and a
domain is a subtree.

DYNAMIC HOST CONFIGURATION PROTOCOL:

DHCP stands for Dynamic Host Configuration Protocol. It is the critical feature on which the
users of an enterprise network communicate. DHCP helps enterprises to smoothly manage

40
the allocation of IP addresses to the end-user clients’ devices such as desktops, laptops,
cellphones, etc. is an application layer protocol that is used to provide:

Subnet Mask (Option 1 - e.g., 255.255.255.0)

Router Address (Option 3 - e.g., 192.168.1.1)

DNS Address (Option 6 - e.g., 8.8.8.8)

Vendor Class Identifier (Option 43 - e.g.,

'unifi' = 192.168.1.9 ##where unifi = controller)

DHCP is based on a client-server-model and based on discovery, offer, request, and ACK.

Why Use DHCP?

DHCP helps in managing the entire process automatically and centrally. DHCP helps in
maintaining a unique IP Address for a host using the server. DHCP servers maintain
information on TCP/IP configuration and provide configuration of address to DHCP-enabled
clients in the form of a lease offer.

Components of DHCP:

 DHCP Server: DHCP Server is basically a server that holds IP Addresses and other
information related to configuration.

 DHCP Client: It is basically a device that receives configuration information from

the server. It can be a mobile, laptop, computer, or any other electronic device that
requires a connection.

 DHCP Relay: DHCP relays basically work as a communication channel between

DHCP Client and Server.

 Default Gateway: DHCP servers can also provide information about the default
gateway, which is the device that packets are sent to when the destination is outside
the local network.

Working of DHCP

DHCP works on the Application layer of the TCP/IP Protocol. The main task of DHCP is to
dynamically assigns IP Addresses to the Clients and allocate information on TCP/IP
configuration to Clients. For more, you can refer to the Article working of dhcp.

41
The DHCP port number for the server is 67 and for the client is 68. It is a client-server
protocol that uses UDP services. An IP address is assigned from a pool of addresses. In
DHCP, the client and the server exchange mainly 4 DHCP messages in order to make a
connection, also called the DORA process, but there are 8 DHCP messages in the process.

Working of DHCP

DORA PROCESS:

1. DHCP discover message: This is the first message generated in the communication
process between the server and the client. This message is generated by the Client host in
order to discover if there is any DHCP server/servers are present in a network or not. This
message is broadcasted to all devices present in a network to find the DHCP server. This
message is 342 or 576 bytes long

42
 DHCP discover message

As shown in the figure, the source MAC address (client PC) is 08002B2EAF2A, the
destination MAC address(server) is FFFFFFFFFFFF, the source IP address is 0.0.0.0(because
the PC has had no IP address till now) and the destination IP address is 255.255.255.255 (IP
address used for broadcasting). As they discover message is broadcast to find out the DHCP
server or servers in the network therefore broadcast IP address and MAC address is used.

2. DHCP offers a message: The server will respond to the host in this message specifying
the unleased IP address and other TCP configuration information. This message is
broadcasted by the server. The size of the message is 342 bytes. If there is more than one
DHCP server present in the network then the client host will accept the first DHCP OFFER
message it receives. Also, a server ID is specified in the packet in order to identify the
server.

43
DHCP offer message

Now, for the offer message, the source IP address is 172.16.32.12 (server’s IP address in the
example), the destination IP address is 255.255.255.255 (broadcast IP address), the source
MAC address is 00AA00123456, the destination MAC address is FFFFFFFFFFFF. Here, the
offer message is broadcast by the DHCP server therefore destination IP address is the
broadcast IP address and destination MAC address is FFFFFFFFFFFF and the source IP
address is the server IP address and the MAC address is the server MAC address.

Also, the server has provided the offered IP address 192.16.32.51 and a lease time of 72
hours(after this time the entry of the host will be erased from the server automatically). Also,
the client identifier is the PC MAC address (08002B2EAF2A) for all the messages.

3. DHCP request message: When a client receives an offer message, it responds by

broadcasting a DHCP request message. The client will produce a gratuitous ARP in order to
find if there is any other host present in the network with the same IP address. If there is no
reply from another host, then there is no host with the same TCP configuration in the network
and the message is broadcasted to the server showing the acceptance of the IP address. A
Client ID is also added to this message.

44
 DHCP request message

Now, the request message is broadcast by the client PC therefore source IP address is
0.0.0.0(as the client has no IP right now) and destination IP address is 255.255.255.255 (the
broadcast IP address) and the source MAC address is 08002B2EAF2A (PC MAC address)
and destination MAC address is FFFFFFFFFFFF.

Note – This message is broadcast after the ARP request broadcast by the PC to find out
whether any other host is not using that offered IP. If there is no reply, then the client host
broadcast the DHCP request message for the server showing the acceptance of the IP address
and Other TCP/IP Configuration.

4. DHCP acknowledgment message: In response to the request message received, the server
will make an entry with a specified client ID and bind the IP address offered with lease time.
Now, the client will have the IP address provided by the server.

45
 DHCP acknowledgment message

Now the server will make an entry of the client host with the offered IP address and lease
time. This IP address will not be provided by the server to any other host. The destination
MAC address is FFFFFFFFFFFF and the destination IP address is 255.255.255.255 and the
source IP address is 172.16.32.12 and the source MAC address is 00AA00123456 (server
MAC address).

46
Advantages of DHCP

 Centralized management of IP addresses.

 Centralized and automated TCP/IP configuration

 Ease of adding new clients to a network.

 Reuse of IP addresses reduces the total number of IP addresses that are required.

 The efficient handling of IP address changes for clients that must be updated
frequently, such as those for portable devices that move to different locations on a
wireless network.

 Simple reconfiguration of the IP address space on the DHCP server without needing
to reconfigure each client.

 The DHCP protocol gives the network administrator a method to configure the
network from a centralized area.

 With the help of DHCP, easy handling of new users and the reuse of IP addresses can
be achieved.

Disadvantages of DHCP

 IP conflict can occur.

 The problem with DHCP is that clients accept any server. Accordingly, when another
server is in the vicinity, the client may connect with this server, and this server may
possibly send invalid data to the client.

 The client is not able to access the network in absence of a DHCP Server.

 The name of the machine will not be changed in a case when a new IP Address is
assigned.

47
TWO WAY HANDSHAKE:

The two-way handshake is a simple protocol to create a connection between two parties that
want to communicate.

THREE WAY HANDSHAKE:

Like two-way handshaking, three-way handshaking also establishes connections between two
parties using SYN and ACK messages.

48
INTERNET PROTOCOL(IP):

 An IP address is the identifier that enables your device to send or receive data packets
across the internet. It holds information related to your location and therefore making
devices available for two-way communication. The internet requires a process to
distinguish between different networks, routers, and websites. Therefore, IP addresses
provide the mechanism of doing so, and it forms an indispensable part in the working
of the internet. You will notice that most of the IP addresses are essentially numerical.
Still, as the world is witnessing a colossal growth of network users, the network
developers had to add letters and some addresses as internet usage grows.
 An IP address is represented by a series of numbers segregated by periods(.). They are
expressed in the form of four pairs - an example address might be 255.255.255.255
wherein each set can range from 0 to 255.
 IP addresses are not produced randomly. They are generated mathematically and are
further assigned by the IANA (Internet Assigned Numbers Authority), a department
of the ICANN.

49
  ICANN stands for Internet Corporation for Assigned Names and Numbers. It is a non-
profit corporation founded in the US back in 1998 with an aim to manage Internet
security and enable it to be available by all.

CLASS OF IP:

Address Subnet Example Leading Max number

Class Application
Range masking IP bits of networks
IP
Used for large number of
Class 1 to 126 255.0.0.0 1.1.1.1 8 128
hosts.
A
IP
Used for medium size
Class 128 to 191 255.255.0.0 128.1.1.1 16 16384
network.
B
IP
Class 192 to 223 255.255.255.0 192.1.11. 24 2097157 Used for local area network.
C
IP
Class 224 to 239 NA NA NA NA Reserve for multi-tasking.
D
IP This class is reserved for
Class 240 to 254 NA NA NA NA research and Development
E Purposes.

IPv4 VERSION:

IP stands for Internet Protocol and v4 stands for Version Four (IPv4). IPv4 was the
primary version brought into action for production within the ARPANET in 1983.
IP version four addresses are 32-bit integers which will be expressed in decimal notation.

50
Example- 192.0.2.126 could be an IPv4 address. For each host on the network, the network
part is the same, however, the host half must vary.

 Subnet number:
This is the nonobligatory part of IPv4. Local networks that have massive numbers of
hosts are divided into subnets and subnet numbers are appointed to that.

Characteristics of IPv4

 IPv4 could be a 32-Bit IP Address.

 IPv4 could be a numeric address, and its bits are separated by a dot.

 The number of header fields is twelve and the length of the header field is twenty.

 It has Unicast, broadcast, and multicast style of addresses.

 IPv4 supports VLSM (Virtual Length Subnet Mask).

 IPv4 uses the Post Address Resolution Protocol to map to the MAC address.

 RIP may be a routing protocol supported by the routed daemon.

 Networks ought to be designed either manually or with DHCP.

 Packet fragmentation permits from routers and causing host.

Advantages of IPv4

 IPv4 security permits encryption to keep up privacy and security.

 IPV4 network allocation is significant and presently has quite 85000 practical routers.

 It becomes easy to attach multiple devices across an outsized network while not NAT.

 This is a model of communication so provides quality service also as economical

knowledge transfer.

 IPV4 addresses are redefined and permit flawless encoding.

 Routing is a lot of scalable and economical as a result of addressing is collective more

effectively.

 Data communication across the network becomes a lot of specific in multicast

organizations.

51
  Limits net growth for existing users and hinders the use of the net for brand
new users.

 Internet Routing is inefficient in IPv4.

 IPv4 has high System Management prices and it’s labor-intensive, complex,
slow & frequent to errors.

 Security features are nonobligatory.

 Difficult to feature support for future desires as a result of adding it on is

extremely high overhead since it hinders the flexibility to attach everything
over IP.

Limitations of IPv4

 IP relies on network layer addresses to identify end-points on network, and each

network has a unique IP address.

 The world’s supply of unique IP addresses is dwindling, and they might eventually
run out theoretically.

 If there are multiple hosts, we need IP addresses of next class.

 Complex host and routing configuration, non-hierarchical addressing, difficult to re-

numbering addresses, large routing tables, non-trivial implementations in providing.

 security, QoS (Quality of Service), mobility and multi-homing, multicasting etc. are
the big limitation of IPv4 so that’s why IPv6 came into the picture.

IPv6 VERSION:

IP address is your digital identity. It’s a network address for your computer so the Internet
knows where to send you emails, data, etc.IP address determines who and where you are in
the network of billions of digital devices that are connected to the Internet. IPv6 or Internet
Protocol Version 6 is a network layer protocol that allows communication to take place over
the network.

Types of IPv6 Address

Now that we know about what is IPv6 address let’s take a look at its different types.

52
  Unicast addresses It identifies a unique node on a network and usually refers to a
single sender or a single receiver.

 Multicast addresses It represents a group of IP devices and can only be used as the
destination of a datagram.

 Anycast addresses It is assigned to a set of interfaces that typically belong to

different nodes.

Advantages of IPv6

 Reliability

 Faster Speeds: IPv6 supports multicast rather than broadcast in IPv4.This feature
allows bandwidth-intensive packet flows (like multimedia streams) to be sent to
multiple destinations all at once.

 Stronger Security: IP Security, which provides confidentiality, and data integrity, is

embedded into IPv6.

 Routing efficiency

 Most importantly it’s the final solution for growing nodes in Global-network.

Disadvantages of IPv6

 Conversion: Due to widespread present usage of IPv4 it will take a long period to
completely shift to IPv6.

 Communication: IPv4 and IPv6 machines cannot communicate directly with each
other. They need an intermediate technology to make that possible.

SUBNET MASK:

A subnet mask is a 32-bit number created by setting host bits to all 0s and setting network
bits to all 1s. In this way, the subnet mask separates the IP address into the network and host
addresses.

The “255” address is always assigned to a broadcast address, and the “0” address is always
assigned to a network address.

ROUTING:

53
  A Router is a process of selecting path along which the data can be transferred from
source to the destination. Routing is performed by a special device known as a router.

 A Router works at the network layer in the OSI model and internet layer in TCP/IP
model

 A router is a networking device that forwards the packet based on the information
available in the packet header and forwarding table.

 The routing algorithms are used for routing the packets. The routing algorithm is
nothing but a software responsible for deciding the optimal path through which packet
can be transmitted.

 The routing protocols use the metric to determine the best path for the packet
delivery. The metric is the standard of measurement such as hop count, bandwidth,
delay, current load on the path, etc. used by the routing algorithm to determine the
optimal path to the destination.

 The routing algorithm initializes and maintains the routing table for the process of
path determination.

STATIC ROUTING:

 Static Routing is also known as Nonadaptive Routing.

 It is a technique in which the administrator manually adds the routes in a routing

table.

 A Router can send the packets for the destination along the route defined by the
administrator.

54
  In this technique, routing decisions are not made based on the condition or topology
of the networks

Default Routing:

 Default Routing is a technique in which a router is configured to send all the packets
to the same hop device, and it doesn't matter whether it belongs to a particular
network or not. A Packet is transmitted to the device for which it is configured in
default routing.

 Default Routing is used when networks deal with the single exit point.

 It is also useful when the bulk of transmission networks have to transmit the data to
the same hp device.

 When a specific route is mentioned in the routing table, the router will choose the
specific route rather than the default route. The default route is chosen only when a
specific route is not mentioned in the routing table.

Dynamic Routing:

 It is also known as Adaptive Routing.

 It is a technique in which a router adds a new route in the routing table for each
packet in response to the changes in the condition or topology of the network.
 Dynamic protocols are used to discover the new routes to reach the destination.
 In Dynamic Routing, RIP and OSPF are the protocols used to discover the new
routes.
 If any route goes down, then the automatic adjustment will be made to reach the
destination.

CONNECTED ROUTE:

Subnets directly connected to a router’s interface are added to the router’s routing table.
Interface has to have an IP address configured and both interface status codes must be in
the up and up state. A router will be able to route all packets destined for all hosts in subnets
directly connected to its active interfaces

NETWORK ADRESSES TRANSLATION:

55
Network Address Translation (NAT) is a process that enables one, unique IP address to
represent an entire group of computers. In network address translation, a network device,
often a router or NAT firewall, assigns a computer or computers inside a private network a
public address. In this way, network address translation allows the single device to act as an
intermediary or agent between the local, private network and the public network that is the
internet. NAT’s main purpose is to conserve the number of public IP addresses in use, for
both security and economic goals.

TYPES OF NAT:

 Static NAT: Static NAT maps an internal IP address to an external one on a one-to-
one basis. This doesn’t help with the scalability of IPv4 but does make a system
reachable from outside of the network without disrupting internal addressing schemes.

56
  Dynamic NAT: With Dynamic NAT, a firewall has a pool of external IP addresses
that it assigns to internal computers as needed. Like Static NAT, this creates a one-to-
one mapping between internal and external IP addresses; however, these mappings are
not permanent.

 Port Address Translation (PAT): PAT is used to create many-to-one mappings

between internal and external IP addresses. The firewall uses the same IP address for
multiple systems but assigns a different TCP or UDP port to each. Since a single IP
address can have 65,535 ports associated with it, PAT allows a single external IP
address to represent thousands of devices on a private network. PAT is the application
of NAT that allows IPv4 addresses to scale.

INBOUND NAT:

Inbound NAT refers to traffic entering a network from a remote network

57
OUTBOUND NAT:

Outbound NAT defines how traffic leaving a local network destined for a remote network,
such as the Internet is translated.

VIRTUAL PRIVATE NETWORK:

VPN stands for Virtual Private Network. It provides inline privacy and anonymity by
building a private network from a public internet connection. VPN creates a virtual tunnel to
transfer data. A VPN creates an encrypted tunnel to protect your personal data and
communications, hide your IP address, and let you safely use public Wi-Fi networks.

TYPES OF VPN :

 SITE TO SITE VPN

 CLIENT TO SITE VPN

LOAD BALANCING:

Load balancing is a technique used to distribute network traffic across a pool of servers
known as a server farm. It optimizes network performance, reliability and capacity, reducing
latency

METHODS OF LOAD BALANCING:

 ROUND ROBIN

 SPILLOVER

 WEIGHTED

 RATIO

 POLICY BASED ROUTING

58
 CHAPTER 4

INTERNSHIP TRAINING DAILY ACTIVITY

REPORT

59
 INTERNSHIP TRAINING DAILY REPORT/ATTENDANCE

S.N In Out Training undergone / Work

Date
O. Time Time Done
20.02.23 9.00 6.00 Learned about digital track
1.
AM PM
9.00 6.00 Learned about IT infrastructure
2. 21.02.23
AM PM
22.02.23 9.00 6.00 Learned about basic network
3.
AM PM
23.02.23 9.00 6.00 Learned about network devices
4.
AM PM
9.00 6.00 Learned about ip address
5. 24.02.23
AM PM
27.02.23 9.00 6.00 Learned about subnetting
6.
AM PM
28.02.23 9.00 6.00 Learned about network transmission types
7.
AM PM
01.03.23 9.00 6.00 Learned about network communication types
8.
AM PM
02.03.23 9.00 6.00 Learned about protocols
9.
AM PM
03.03.23 9.00 6.00 Learned about ARP
10.
PM

60
 AM
06.03.23 9.00 6.00 Learned about DHCP
11.
AM PM
07.03.23 9.00 6.00 Learned about TCP/UDP
12.
AM PM
08.03.23 9.00 6.00 Learned about OSI layer
13.
AM PM
09.03.23 9.00 6.00 Learned about topology
14.
AM PM
10.03.23 9.00 6.00 Learned about NAT
15.
AM PM
13.03.23 9.00 6.00 Learned about network basic security
16.
AM PM
14.03.23 9.00 6.00 Learned about VPN
17.
AM PM
15.03.23 9.00 6.00 Learned about Antivirus
18.
AM PM
16.03.23 9.00 6.00 Learned about firewall
19.
AM PM
17.03.23 9.00 6.00 Learned about WAF
20.
AM PM
20.03.23 9.00 6.00 Learned about cloud
21.
AM PM
21.03.23 9.00 6.00 Learned about AWS
22.
AM PM
22.03.23 9.00 6.00 Learned about AWS console
23.
AM PM
23.03.23 9.00 6.00 Learned about proxy
24.
AM PM
24.03.23 9.00 6.00 Learned about network monitoring system
25.
AM PM
27.03.23 9.00 6.00 Learned about network management system
26.
AM PM

61
 28.03.23 9.00 6.00 Learned about AI
27.
AM PM
29.03.23 9.00 6.00 Learned about CISCO
28.
AM PM
30.03.23 9.00 6.00 Learned about network communication types
29.
AM PM
31.03.23 9.00 6.00 Learned about load balancing
30.
AM PM
03.04.23 9.00 6.00 Learned about load balancing spilover,round
31.
AM PM robin
04.04.23 9.00 6.00 Learned about load balancing ratio,weighted
32.
AM PM
05.04.23 9.00 6.00 Learned about DNS
33.
AM PM
06.04.23 9.00 6.00 Learned about End point security
34.
AM PM
07.04.23 9.00 6.00 Learned about security
35.
AM PM
10.04.23 9.00 6.00 Learned about virus
36.
AM PM
11.04.23 9.00 6.00 Learned about virus alert
37.
AM PM
12.04.23 9.00 6.00 Learned about malware threats
38.
AM PM
13.04.23 9.00 6.00 Learned about ransomware
39.
AM PM
14.04.23 9.00 6.00 Learned about phishing
40.
AM PM
17.04.23 9.00 6.00 Learned about Trojans,worms
41.
AM PM
18.04.23 9.00 6.00 Learned about spyware,adware
42.
AM PM
43. 19.04.23 9.00 6.00 Learned about rootkit

62
 AM PM
20.04.23 9.00 6.00 Learned about malware detection
44.
AM PM
21.04.23 9.00 6.00 Learned about end point detection
45.
AM PM
24.04.23 9.00 6.00 Learned about end point detection
46.
AM PM
25.04.23 9.00 6.00 Learned about traditional antivirus
47.
AM PM
26.04.23 9.00 6.00 Learned about traditional antivirus
48.
AM PM
27.04.23 9.00 6.00 Learned about next generation antivirus
49.
AM PM
28.04.23 9.00 6.00 Learned about NGAV end point security
50.
AM PM
02.05.23 9.00 6.00 Learned about switching to NGAV
51.
AM PM
03.05.23 9.00 6.00 Learned about NGAV solution
52.
AM PM
04.05.23 9.00 6.00 Learned about host based firewall
53.
AM PM
05.05.23 9.00 6.00 Learned about endpoint detection response
54.
AM PM
08.05.23 9.00 6.00 Learned about extended detection response
55.
AM PM
09.05.23 9.00 6.00 Learned about EDR importance
56.
AM PM
10.05.23 9.00 6.00 Learned about remove malware
57.
AM PM
11.05.23 9.00 6.00 Learned about threat hunting
58.
AM PM
12.05.23 9.00 6.00 Learned about threat intelligence
59.
AM PM

63
 15.05.23 9.00 6.00 Learned about benefits of endpoint security
60.
AM PM
16.05.23 9.00 6.00 Learned about endpoint devices
61.
AM PM
17.05.23 9.00 6.00 Learned about end point threats
62.
AM PM
18.05.23 9.00 6.00 Learned about antivirus
63.
AM PM
19.05.23 9.00 6.00 Learned about important endpoint
64.
AM PM
20.05.23 9.00 6.00 Learned about traditional antivirus
65.
AM PM

SIGNATURE OF TEAM HEAD

64
 CHAPTER 5

TECHNOLOGY LEARNED

65
 5. TECHNOLOGY LEARNED:

5.1 END POINT SECURITY

Endpoint security is the practice of securing endpoints or entry points of end-user devices
such as desktops, laptops, and mobile devices from being exploited by malicious actors and
campaigns. Endpoint security systems protect these endpoints on a network or in the cloud
from cybersecurity threats. Endpoint security has evolved from traditional antivirus software
to providing comprehensive protection from sophisticated malware and evolving zero-day
threats

Organizations of all sizes are at risk from nation-states, hacktivists, organized crime, and
malicious and accidental insider threats. Endpoint security is often seen as cybersecurity's
frontline, and represents one of the first places organizations look to secure their enterprise
networks.

As the volume and sophistication of cybersecurity threats have steadily grown, so has the
need for more advanced endpoint security solutions. Today’s endpoint protection systems are
designed to quickly detect, analyze, block, and contain attacks in progress. To do this, they
need to collaborate with each other and with other security technologies to give
administrators visibility into advanced threats to speed detection and remediation response
times.

WHY ENDPOINT SECURITY IS IMPORTANT

An endpoint protection platform is a vital part of enterprise cyber security for several reasons.
First of all, in today’s business world, data is the most valuable asset of a company and to
lose that data, or access to that data, could put the entire business at risk of insolvency.
Businesses have also had to contend with not only a growing number of endpoints, but also a
rise in the number of types of endpoints. These factors make enterprise endpoint security
more difficult on their own but they’re compounded by remote work and BYOD policies
which make perimeter security increasingly insufficient and create vulnerabilities. The threat
landscape is becoming more complicated, as well: Hackers are always coming up with new
66
ways to gain access, steal information or manipulate employees into giving out sensitive
information. Add in the opportunity, cost of reallocating resources from business goals to
addressing threats, the reputational cost of a large-scale breach, and the actual financial cost
of compliance violations, and it’s easy to see why endpoint protection platforms have become
regarded as must-haves in terms of securing modern enterprises

HOW ENDPOINT PROTECTION WORKS

Endpoint security is the practice of safeguarding the data and workflows associated with the
individual devices that connect to your network. Endpoint protection platforms (EPP) work
by examining files as they enter the network. Modern EPPs harness the power of the cloud to
hold an ever-growing database of threat information, freeing endpoints of the bloat associated
with storing all this information locally and the maintenance required to keep these databases
up to date. Accessing this data in the cloud also allows for greater speed and scalability.

The EPP provides system administrators a centralized console, which is installed on a

network gateway or server and allows cybersecurity professionals to control security for each
device remotely. The client software is then assigned to each endpoint—it can either be
delivered as a SaaS and managed remotely, or it can be installed directly on the device. Once
the endpoint has been set up, the client software can push updates to the endpoints when
necessary, authenticate log-in attempts from each device, and administer corporate policies
from one location. EPPs secure endpoints through application control—which blocks the use
of applications that are unsafe or unauthorized—and through encryption, which helps prevent
data loss.

When the EPP is set up, it can quickly detect malware and other threats. Some solutions also
include an Endpoint Detection and Response (EDR) component. EDR capabilities allow for
the detection of more advanced threats, such as polymorphic attacks, fileless malware, and
zero-day attacks. By employing continuous monitoring, the EDR solution can offer better
visibility and a variety of response options.

67
EPP solutions are available in on-premises or cloud based models. While cloud- based
products are more scalable and can more easily integrate with your current architecture,
certain regulatory/compliance rules may require on-premises security.

WHAT IS CONSIDERED AN ENDPOINT ?

Endpoints can range from the more commonly thought of devices such as:
 Tablets
 Mobile devices
 Smart watches
 Printers
 Servers
 ATM machines
 Medical devices

If a device is connected to a network, it is considered an endpoint. With the growing

popularity of BYOD (bring your own device) and IoT (Internet of Things), the number of
individual devices connected to an organization's network can quickly reach into the tens
(and hundreds) of thousands.

Because they are entry points for threats and malware, endpoints (especially mobile and
remote devices) are a favorite target of adversaries. Mobile endpoint devices have become
much more than just Android devices and iPhones—think of the latest wearable watches,
smart devices, voice-controlled digital assistants, and other IOT enabled smart devices. We
now have network-connected sensors in our cars, airplanes, hospitals, and even on the drills

68
of oil rigs.

5.2 MALWARE THREATS

Malware, or malicious software, is any program or file that is intentionally harmful to a

computer, network or server.

Types of malware include computer viruses, worms, Trojan horses, ransomware and
spyware. These malicious programs steal, encrypt and delete sensitive data; alter or hijack
core computing functions and monitor end users' computer activity.

WHAT DOES MALWARE DO ?

Malware can infect networks and devices and is designed to harm those devices, networks
and/or their users in some way.

Depending on the type of malware and its goal, this harm may present itself differently to the
user or endpoint. In some cases, the effect malware has is relatively mild and benign, and in
others, it can be disastrous.No matter the method, all types of malware are designed to exploit
devices at the expense of the user and to the benefit of the hacker -- the person who has
designed and/or deployed the malware.

69
WHAT ARE THE DIFFERENT TYPES OF MALWARE ?

Different types of malware have unique traits and characteristics. Types of malware include
the following:

A virus is the most common type of malware that can execute itself and spread by infecting
other programs or files.

A worm can self-replicate without a host program and typically spreads without any
interaction from the malware authors.

A Trojan horse is designed to appear as a legitimate software program to gain access to a

system. Once activated following installation, Trojans can execute their malicious functions.

Spyware collects information and data on the device and user, as well as observes the user's
activity without their knowledge.

Ransomware infects a user's system and encrypts its data. Cybercriminals then demand a
ransom payment from the victim in exchange for decrypting the system's data.

A rootkit obtains administrator-level access to the victim's system. Once installed, the
program gives threat actors root or privileged access to the system.

A backdoor virus or remote access Trojan (RAT) secretly creates a backdoor into an
infected computer system that enables threat actors to remotely access it without alerting the
user or the system's security programs.

Adware tracks a user's browser and download history with the intent to display pop-up or
banner advertisements that lure the user into making a purchase. For example, an advertiser
might use cookies to track the webpages a user visits to better target advertising.

Keyloggers, also called system monitors, track nearly everything a user does on their
computer. This includes emails, opened webpages, programs and keystrokes.

70
HOW TO REMOVE MALWARE

As mentioned, many security software products are designed to detect and prevent malware,
as well as remove it from infected systems.

Malwarebytes is an example of an antimalware tool that handles detection and removal of

malware. It can remove malware from Windows, macOS, Android and iOS platforms.
Malwarebytes can scan a user's registry files, running programs, hard drives and individual
files. If detected, malware can then be quarantined and deleted. However, unlike some other
tools, users cannot set automatic scanning schedules.

HOW TO PREVENT MALWARE INFECTION

There are several ways users can prevent malware. In the case of protecting a personal
computer, users can install antimalware software.

Users can prevent malware by practicing safe behavior on their computers or other personal
devices. This includes not opening attachments from strange email addresses that may
contain malware disguised as a legitimate attachment -- such emails may even claim to be
from legitimate companies but have unofficial email domains.

71
Users should update their antimalware software regularly, as hackers continually adapt and
develop new techniques to breach security software. Security software vendors respond by
releasing updates that patch those vulnerabilities. If users neglect to update their software,
they may miss out on a patch that leaves them vulnerable to a preventable exploit.

In enterprise settings, networks are larger than home networks, and there is more at stake
financially. There are proactive steps companies should take to enforce malware protection.
Outward-facing precautions include the following:

 Implementing dual approval for business-to-business (B2B) transactions;

 Implementing second-channel verification for business-to-consumer (B2C)
transactions.

Business-facing, internal precautions include the following:

 Implementing offline malware and threat detection to catch malicious software before
it spreads;
 Implementing allowlist security policies whenever possible; and

Implementing strong web browser-level security.

5.3 EDR-ENDPOINT DETECTION AND RESPONSE

Endpoint detection and response (EDR) helped to advance endpoint security from being a
reactive service to a more proactive solution. EDR tools help provide security teams with
quick access to incident data, enriched information and indicators of compromise (IoCs),
which are all essential elements in monitoring security on endpoints. Forrester defines EDR
as “Detection, investigation, and response technology that collects security-relevant telemetry
from endpoints, performs anomaly detection, enables analysts to investigate from collected
telemetry, and facilitates response by analysts on affected endpoints.

XDR-EXTENDED DETECTION AND RESPONSE

While traditional EDR tools focus only on endpoint data, XDR solutions seek to unify siloed
security tools to deliver protection, detection and response across all data sources. An XDR
platform integrates endpoint, network, cloud and third-party data to extend protection, and
uses user and entity behavior analytics (UEBA) as well as artificial intelligence (AI) to
address some of the known shortcomings of SIEM tools in detecting zero-day attacks. The
term XDR was first coined by NIR ZUK, Palo Alto Networks CTO, back in 2018.

72
According to Forrester, “EDR is a stepping stone to better protection, detection and
response,” but they admit that EDR has evolved into more of a suite of tools, alluding to its
eventual demise (only mostly dead) to be replaced by XDR functionality.

EDR VS XDR

EDR and XDR solutions are both designed to replace legacy, reactive approaches to
cybersecurity. As a result, EDR and XDR solutions are similar in several ways, such as:

Preventative Approach: Traditional security solutions are often focused on detecting and
remediating ongoing threats. EDR and XDR attempt to prevent security incidents by
collecting in-depth data and applying data analytics and threat intelligence to identify threats
before they occur.

Rapid Threat Response: EDR and XDR both support automated threat detection and
response. This enables an organization to minimize the cost, impact, and damage caused by a
cyberattack by preventing or rapidly remediating it.

Threat Hunting Support: Threat hunting enables proactive security by allowing analysts to
identify and remediate potential security issues before they are exploited by an attacker. EDR
and XDR provide deep visibility and easy access to data, which aids threat hunting efforts.

Despite their similarities, EDR and XDR take different approaches to cybersecurity. Some of
the primary differences between EDR and XDR include:

Focus: EDR is focused on protecting the endpoint, providing in-depth visibility and threat
prevention for a particular device. XDR takes a wider view, integrating security across
endpoints, cloud computing, email, and other solutions.

Solution Integration: EDR solutions can provide “best in breed” protection for endpoints,
and an organization may be able to manually integrate them with an array of point solutions.
XDR is designed to provide integrated visibility and threat management within a single
solution, dramatically simplifying an organization’s security architecture

NEXT GENRATION ANTIVRUS

Next-Generation antivirus takes traditional antivirus software to a new

Combination of artificial intelligence, behavioral detection, machine learning algorithms, and

exploit mitigation

73
NGAV is cloud-based, which allows it to be deployed in hours instead of months

It will reduce the managing infrastructure and updating signature databases is eliminated.

NEXT GENERATION ENDPOINT SECURITY

Require more intelligence and insight than traditional endpoint security provides.

 Focuses on events – files, processes, applications, and network connections.

 proactively detect and identify threats.

NGAV uses a combination of AI & machine Learning algorithms and Threat Intelligence
can deliver the below protection.

 Detecting unauthorized behaviors of users, applications, or network services

 Blocking suspicious files before execution
 Stopping unauthorized data movement
 Analyzing suspicious app data in isolated "sandboxes"
 Isolating suspect endpoints
 Delivering endpoint detection and response that can continuously monitor systems

HOW TO CHOOSE NGAV SOLUTION

 Prevent the rapidly changing tactics, techniques, and procedures (TTPs) used
by attackers to breach organizations.

Prevention of Known and Unknown Malware

 Signature-less malware protection

 Machine learning

Prevention of Malware-Free Attacks

 Indicators of Attack (IOAs)

 Exploit Blocking
 Local and Autonomous
 Threat intelligence integration
 EDR Capabilities

74
HOW NGAV WORKS

Threat intelligence

 Threat intelligence involves collecting and analyzing information about past, current,
and future cybersecurity threats.
 Lists of IOCs like malicious URLs or emails, malware hashes, and suspicious IP
addresses.

Importance of Threat Intelligence

 Provides insight into the unknown

 Insight of adversarial motives and their tactics, techniques, and procedures (TTPs)
 Fastest way to find information about potential threats

Types of Threat Intelligence

 Strategic
 Operational
 Tactical

Endpoint Detection and Response

 EDR can detect threats that exist in your networking environment and then respond to
them

Primary functions of an EDR

 Monitor and collect activity data from endpoints

 Analyze this data
 local and external addresses to which the host is connected
 user accounts that have logged in
 process executions

Key components of EDR

 Endpoint data collection agents

 Automated incident response
 Analysis

Capabilities of EDR

75
  Detection
 Containment
 Investigation
 Elimination

EDR Importance

 Prevention alone can’t ensure 100 percent protection

 Adversaries can be inside your network for weeks
 Organizations lack the visibility needed to effectively monitor endpoints
 Having the data is only part of the solution
 Remediation can be protracted and costly

BENEFITS OF SWITCHING TO NGAV

 No need for signature updates

 Reduce Operational Costs / No management burden
 Immediate time-to-value / Save Time
 Single Agent
 Integrate Your Security Solutions
 No recurring scans
 Does not negatively impact endpoint performance

TRADITIONAL ANTIVIRUS

 A class of program that is designed to prevent, detect and remediate malware

infections on individual computing devices
 Antivirus software will scan a file for known malware whenever download or open a
file. Whenever it scans a file or a device, it’ll compare the files on the system to an
extensive list of virus definitions.
 continuously update database to be alert to the
latest malware and ransomware attacks.

The most common forms of malware detected by traditional antivirus tools include

76
  Adware
 Bots and botnets
 Keyloggers
 Known Ransomware
 Trojans
 Worms
 Viruses

Pros:

 Virus protection
 Web protection
 Spyware protection
 Firewall
 spam protection

Cons:

 Not total protection

 Limited threat detection techniques
 Security Holes
 System slowdown

LIMITATIONS WITH TRADITIONAL ANTIVIRUS

Cannot protect from Unknown Malware

 AV vendors core protection is based on signatures – scanning the endpoint for files
which match a massive database of known malicious files.
 New malicious files are generated each day. Each of these cannot be blocked by AV
signatures

Cannot Protect from Exploits

 Advanced attacks utilize exploits to deliver malware.

 AV approach of scanning running files to match signatures does not address this
vector

The actor penetrate in below ways that easily bypass traditional AV.

77
 Memory-based attacks
 Fileless Attacks

78
 CHAPTER 6

CONCLUSION

6. CONCLUSION:

79
In conclusion, my college internship experience has been extremely valuable and rewarding.
Throughout my time at DIGITALTRACK SOLUTION , I had the opportunity to gain
practical knowledge and hands-on experience in my field of study. This internship has
provided me with a deeper understanding of the industry and has allowed me to apply the
theoretical concepts I learned in the classroom to real-world situations.During my internship,
I was able to work closely with a team of professionals who were supportive and willing to
mentor me. This collaborative environment helped me develop essential skills such as
communication, problem-solving, and teamwork. I was also able to enhance my technical
skills through various projects and assignments, which further strengthened my expertise in
my chosen field.

80
CHAPTER 7

REFERENCE

81
7. REFERENCE:
 http://www.steves-internet-guide.com/networking/
 https://aws.amazon.com/what-is/computer-networking/#:~:text=Computer
%20networking%20refers%20to%20interconnected,over%20physical%20or
%20wireless%20technologies.
 https://www.checkpoint.com/solutions/endpoint-security/#:~:text=What%20is
%20Endpoint%20Security%3F,in%20enabling%20your%20remote%20workforce.
 https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-endpoint-detection-
and-response/edr-vs-xdr/#:~:text=Endpoint%20Detection%20and%20Response%20
 https://intellipaat.com/blog/tutorial/ethical-hacking-cyber-security-tutorial/threats-
from-malware/#:~:text=Malware%20is%20malicious%20software%20that,rootkits
%2C%20spyware%2C%20and%20ransomware.
 https://www.verizon.com/articles/internet-essentials/antivirus-definition/

82