Cyber Security

What is Cybersecurity?

Importance of Cybersecurity in the modern world

Key Concepts: Confidentiality, Integrity, Availability (CIA Triad)

Types of Cyber Attacks: Malware, Phishing, Denial-of-Service (DoS), Ransomware, etc.

Cybersecurity Threat Landscape: Understanding current global cyber threats

Cybersecurity Frameworks and Standards (ISO/IEC 27001, NIST)

Basic Networking Concepts:

• OSI Model and TCP/IP Stack
• IP Addressing, Subnets, and VLANs
• Routers, Switches, Firewalls, and VPNs

Understanding network protocols: HTTP/HTTPS, FTP, DNS, DHCP, ARP, etc.

Wireless Network Security: WPA, WPA2, and encryption protocols

Hands-On Practice:

• Network Packet Analysis with Wireshark
• Configuring Firewalls and VPNs

Introduction to Cryptography:

• Symmetric vs Asymmetric Cryptography
• Public Key Infrastructure (PKI)
• Hash Functions (MD5, SHA)

Encryption Standards: AES, RSA, DES, and ECC

Digital Signatures and Certificates

Hands-On Practice:

• Encrypting and Decrypting Data using OpenSSL
• Implementing Hashing Techniques for Data Integrity

Operating System Security

• Windows Security Basics: UAC, Firewalls, BitLocker
• Linux Security Basics: File Permissions, SELinux, Firewalls

Anti-virus, Anti-malware, and Endpoint Detection and Response (EDR) tools

Hardening Systems: Patching, Updates, and Security Configurations

Hands-On Practice:

• Setting up and securing virtual environments
• Implementing EDR tools for system monitoring

Vulnerability Assessment and Scanning

• Common Vulnerabilities and Exposure (CVE)
• Tools: Nmap, OpenVAS, Nessus

Introduction to Penetration Testing

• Reconnaissance, Scanning, Exploitation, Post-Exploitation
• Types of Penetration Testing (Black-box, White-box, Gray-box)

Ethical Hacking Techniques and Legal Considerations

Hands-On Practice:

• Vulnerability scanning using Nessus or OpenVAS
• Conducting basic penetration tests using Kali Linux tools

Understanding Web Application Security

• OWASP Top 10 Vulnerabilities (SQL Injection, Cross-Site Scripting, etc.)
• Common web security threats: Man-in-the-middle (MITM), Cross-site Request Forgery (CSRF)
• Secure Software Development Lifecycle (SDLC)

Hands-On Practice:

• Web application vulnerability scanning with OWASP ZAP or Burp Suite
• Testing and mitigating SQL injection and XSS attacks

Incident Response Lifecycle

• Preparation, Detection, Containment, Eradication, Recovery, and Lessons Learned
• Creating an Incident Response Plan (IRP)
• Cyber Forensics: Gathering evidence, Chain of custody

Security Information and Event Management (SIEM)

• Logs and Event Monitoring
• Popular SIEM Tools: Splunk, ELK Stack, IBM QRadar

Hands-On Practice:

• Setting up SIEM tools for real-time monitoring and incident response
• Basic forensic analysis on compromised systems

Introduction to Cloud Computing and Cloud Security

• Cloud Models: IaaS, PaaS, SaaS
• Cloud Security Challenges: Data Security, Privacy, Compliance
• Cloud Service Providers: AWS, Microsoft Azure, Google Cloud

Best Practices for Securing Cloud Environments

Hands-On Practice:

• Implementing cloud security controls in AWS or Azure
• Securing cloud storage and configuring IAM policies

Internship Setup: Collaborate with cybersecurity firms or organizations

Internship Work:

• Work on real-world security tasks such as vulnerability assessments, incident response, or security policy implementation
• Assist in creating and maintaining cybersecurity frameworks for the organization
• Engage in activities like monitoring network security or conducting penetration tests

Internship Evaluation:

• Weekly reports and feedback sessions
• Guidance from industry mentors and professionals

Final Internship Report:

• Detailed report outlining the tasks completed, key learning points, and recommendations for improvement

Presentation: Final presentation to showcase internship experience and project outcomes