A Summer Internship - II Report

On
ZERO TRUST CLOUD SECURITY
Submitted In accordance with the requirement for the degree of

BACHELOR OF TECHNOLOGY
CSE - (ARTIFICIAL INTELLIGENCE & MACHINE LEARNING)

Under the Esteemed Guidance of

Mr.M. CHENNAKESAVA RAO M.E, ( Ph.D)
Assistant Professor , CSE - (AI &ML)

Submitted by
NERIYANURU VEDA PRIYA(228X1A4291)

DEPARTMENT OF CSE- (ARTIFICIAL INTELLIGENCE& MACHINE LEARNING)

KALLAM HARANADHAREDDY INSTITUTE OF TECHNOLOGY
(AUTONOMOUS)
Approved by AICTE, New Delhi; Permanently Affiliated to JNTU KAKINADA
Accredited by NAAC with an ‘A’ Grade
NH – 16, Chowdavaram, Guntur – 522019 (A.P)

ACADEMIC YEAR: 2025-2026

 1Program Book for Summer Internship

Name of the Student : NERIYANURU VEDA PRIYA

Name of the College : KALLAM HARANADHAREDDY INSTITUTE OF TECHNOLOGY

Registration Number : 228X1A4291

Period of Internship : 10 weeks, From 07-07-2025 To 13-09-2025

Name &Address of the

Intern Organization : EDUSKILLS
 Student Declaration

I, NERIYANURU VEDA PRIYA student of IV B.Tech Program, Reg.No.228X1A4291 of

the CSE(ARTIFICIAL INTELLIGENCE & MACHINE LEARNING), KHIT do here by
declare that I have completed the mandatory internship virtually from JULY, 2025 to
SEPTEMBER, 2025 in Zero Trust Cloud Security Virtual Internship under the guidance
of M. Chennakesavarao M.E,(Ph.D). Assistant Professor, Department of CSE -
(ARTIFICIAL INTELLIGENCE & MACHINE LEARNING), Kallam Haranadhareddy
Institute of Technology (Autonomous).

Signature of student

Internal Examiner External Examiner

Head of the Department

INTERNSHIP COMPLETION CERTIFICATE
 ACKNOWLEDGEMENT

I profoundly express my gratitude and respect towards our honourable chairman SRI
KALLAM MOHAN REDDY, Chairman, KHIT for his precious support in the
college.

I sincerely express my deepest gratitude to dynamic director of our institute Dr. M.

UMA SHANKARA REDDY M.Sc., Ph.D., Director, KHIT for his valuable
guidance.

I would like to thank Dr. B. S. B. REDDY M.Tech., Ph.D. Principal, KHIT for
providing a great support and for giving us the opportunity of doing the Internship.

I want to thank Dr. B. Prakash M.Tech., Ph.D. Head of the Department, CSE-
(Artificial Intelligence & Machine Learning) KHIT for inspiring us all the way and
for arranging all the facilities and resources needed for our internship.

I would like to express our gratitude to our Internship coordinator Mr. M.

CHENNAKESAVARAO, M.E, (Ph.D) who has guided us a lot and encouraged us in
every step of the internship work, his valuable moral support and guidance throughout
the Internship helped us to a greater extent.

I would also like to thank the Directors of AICTE for giving me the opportunity to do
an internship. I would like to thank our internship mentors who has guided us a lot and
encouraged us in every step of the intern project work. I also would like all the people
that worked along with me in Zero Trust Cloud Security Virtual Internship.
CONTENTS

1. EXECUTIVE SUMMARY..........................................................................................01-09

2. OVERVIEW OF THE ORGANIZATION.................................................................10-11

3. INTERNSHIP PART...................................................................................................12-22

4. ACTIVITY LOG...........................................................................................................23-42

5. OUTCOMES OF THE INTERNSHIP........................................................................43-44

6. CONCLUSION..............................................................................................................45-46

7. STUDENTS SELF EVALUATION............................................................................47-48

 LIST OF FIGURES

1.1.1: cyber security.....................................................................................09

3.2.1: types of cyber security......................................................................16
3.5.1: various type of cybersecurity threats..............................................20

8
 CHAPTER 1: EXECUTIVE SUMMARY

The Zero Trust Cloud Security virtual internship provides participants with hands-on experience in
implementing and managing modern cybersecurity principles in cloud environments. Zero Trust is
a security framework that assumes no implicit trust within or outside an organization’s network,
requiring strict identity verification for every user and device attempting to access resources.

Fig1.1: CYBER SECURITY

Key Features of the Internship:
1. Learning Zero Trust Architecture:
Understanding the Zero Trust security model and its core principles: never trust, always verify.
Exploring security technologies such as identity and access management (IAM), multi-factor
authentication (MFA), and continuous monitoring.

2. Cloud Security Fundamentals:

Learning about cloud security architectures, including Infrastructure as a Service (IaaS), Platform
as a Service (PaaS), and Software as a Service (SaaS).
Understanding cloud-native security solutions, including encryption, data protection, and network
segmentation.

3. Hands-on Experience:
Practical labs and simulations focused on implementing Zero Trust in cloud platforms like AWS,
Azure, and Google Cloud.
Working with security tools such as VPNs, firewalls, and security information and event management
(SIEM) systems.

4. Risk Management & Compliance:

dentifying cloud-specific security risks and how Zero Trust mitigates these risk
Addressing compliance frameworks like GDPR, HIPAA, and SOC 2 in cloud environments.

5. Collaboration & Mentorship:

Interns will work on real-world case studies, engage in peer collaboration, and receive

guidance from experienced cyber security professionals. Learning

Objectives:
• Explore career alternatives prior to graduation.
• Integrate theory and practice.
• Assess interests and abilities in our fields of study.
• Learn to appreciate work and its function in the economy.
• Develop work habits and attitudes necessary for job success.
• Build a record of work experience.
• Acquire employment contacts leading directly to a full-time job following graduation from
college.

Outcomes:
• A virtual internship was an opportunity to practice flexibility and develop collaboration.
• Practice our communication skills.
• Time management skills in a completely virtual environment.
• Widen our world and connections.
• Prepare for the future of work.
• Develop how to work.
• Enhance our employability
 CHAPTER 2: OVERVIEW OF THE ORGANIZATION
Introduction of the Organization:
EduSkills is a not-for-profit organization focused on empowering and upskilling students,
educators, and institutions in the field of education, particularly in the areas of digital literacy,
employability skills, and industry-aligned training. EduSkills partners with educational
institutions, industry leaders, and government bodies to bridge the skill gap between academia and
industry, aiming to enhance the quality of education and equip learners with the necessary tools to
succeed in the modern workforce.

Key Focus Areas of EduSkills:

Digital Literacy: EduSkills emphasizes the importance of digital literacy and provides resources
and programs to help students and teachers become proficient in using digital tools and
technologies. Industry-Aligned Training: Through partnerships with leading tech companies like
Cisco, AWS, Palo Alto, and VMware, EduSkills offers industry-certified training courses that
align with current market demands, ensuring that students and professionals are equipped with
relevant and up-to-date skills.
Capacity Building for Educators: EduSkills provides training for teachers, helping them adopt
new teaching methodologies and integrate technology into their curriculums, thus improving the
overall quality of education delivery.

Employability and Job Readiness: The organization helps students develop skills that enhance
their employability. This includes not only technical skills but also soft skills like communication,
problem-solving, and teamwork, which are critical for career success.

Collaboration with Academia and Industry: EduSkills works closely with schools, colleges,
universities, and companies to create a seamless pathway for students from education to
employment. Their initiatives often include practical training, internships, and mentorship
opportunities.

Mission of EduSkills:
EduSkills aims to democratize education and skill development by making quality learning
accessible to students from all backgrounds, regardless of geography or socio-economic
conditions. By doing so, the organization strives to create a future-ready workforce capable of
meeting the demands of the rapidly changing job market.

Key Programs and Initiatives:

Skills Training and Certification: Offering free and low-cost training programs in collaboration with
global technology leaders to help students earn industry-recognized certifications.
EduSkills Academy: A learning platform that provides courses in emerging technologies like
cybersecurity, cloud computing, AI, and data science.
Teacher Training Programs: Helping educators integrate digital tools and pedagogical
innovations into their classrooms.

Partnerships:
EduSkills has established strong partnerships with leading global companies and educational
platforms, leveraging these connections to provide students with opportunities to learn cutting-
edge technologies. These partners often provide curriculum, certification, and tools necessary for
real- world application.

In summary, EduSkills serves as a bridge between academia and industry, fostering a collaborative
environment where students, educators, and professionals can gain the skills necessary to thrive in
an increasingly digital world.

Vision and mission and goals of the eduskills organization Vision:

EduSkills envisions a world where quality education and essential skills are accessible to all,
enabling individuals to thrive in a rapidly evolving digital landscape. The organization aims to
create a future-ready workforce equipped with the necessary tools to succeed in various industries,
ultimately contributing to economic growth and societal development.

Mission:
EduSkills’ mission is to empower students, educators, and institutions through innovative training
programs and resources that enhance digital literacy and employability. By collaborating with
industry leaders and educational institutions, EduSkills strives to bridge the skill gap between
academia and the workforce, ensuring that learners are prepared for the challenges of the modern
job market.
Goals:

Enhance Digital Literacy:

Provide accessible training and resources that improve digital skills among students and educators.
Industry-Relevant Training:
Develop and deliver programs that align with current market demands and emerging technologies,
facilitating industry-recognized certifications.

Empower Educators:
Offer professional development opportunities for teachers to integrate technology and innovative
teaching methods into their classrooms.

Promote Employability:
Equip students with both technical and soft skills necessary for career success, increasing their
employability in the competitive job market.

Support Diverse Learners:

Ensure equitable access to education and training resources for learners from various backgrounds,
fostering an inclusive learning environment.

Continuous Improvement:
Regularly assess and adapt programs to meet the evolving needs of students and the job market,
enduring that EduSkills remains relevant and effective in its mission.
 CHAPTER 3: INTERNSHIP PART
The Cyber security Intern provides an opportunity to gain professional experience in a real-world
setting

Modules:
Fundamental of cyber security
• Cyber security and attack surface
• Types of cyber security
• Importances of cyber security for business
• Cyber security framework and compliance
• Cyber threats, cyber-attacks and cyber attackers
• Various types of cyber attacks
• Cyber safety and its measures
• Perimeter based and zero trust security models
• Zscaler zero trust exchange

3.1 Cyber security and attack surface:

Cybersecurity involves protecting computer systems, networks, and data from digital attacks, theft,
and damage. It encompasses a wide range of practices, technologies, and processes aimed at
safeguarding information and ensuring the integrity, confidentiality, and availability of data. Key
elements of cybersecurity include:
Threat Intelligence: Understanding and analyzing potential threats to anticipate and mitigate risks.
Incident Response: Having a plan in place to address and recover from security breaches.
Access Control: Managing who can access what information, often through authentication and
authorization mechanisms.
Encryption: Protecting data by transforming it into a secure format that can only be read by
authorized users.
Network Security: Protecting the integrity and usability of networks through hardware and software
technologies.

Attack Surface
The attack surface refers to the total number of points (attack vectors) in a system that an attacker
can exploit to gain unauthorized access. A larger attack surface typically means more potential
vulnerabilities.

15
Components of the Attack Surface:

User Interfaces: Any point where users interact with a system, such as web applications and
APIs. Network Interfaces: All the entry points to a network, including open ports and
communication protocols.
Software Applications: Programs that might contain vulnerabilities or be misconfigured.
Third-party Services: Any external services or components integrated into your system that could
introduce vulnerabilities.

Reducing the Attack Surface

To minimize the attack surface, organizations can implement several strategies:
Regular Audits and Assessments: Identifying and mitigating vulnerabilities in systems and
applications.
Minimize Services: Disable unnecessary services and applications to reduce potential entry points.
Patch Management: Regularly updating software to fix known vulnerabilities.
Network Segmentation: Dividing networks into smaller segments to limit access and reduce the
potential impact of a breach.
User Education: Training users to recognize phishing attempts and other common attack methods.

3.2 Types of cyber security:

Cybersecurity is vital for several reasons, each addressing different aspects of technology, business,
and personal safety. Here are some key types of cybersecurity importance:

1. Data Protection
Confidentiality: Safeguarding sensitive data from unauthorized access.
Integrity: Ensuring that data is accurate and unaltered during transmission and storage.
Availability: Making sure data and systems are accessible when needed.

2. Business Continuity
Disaster Recovery: Establishing protocols to restore operations after a cyber incident.
Minimizing Downtime: Reducing the impact of attacks to maintain productivity and service delivery.

3. Regulatory Compliance
Adhering to Laws: Meeting industry regulations (e.g., GDPR, HIPAA) to avoid legal penalties.
Building Trust: Demonstrating a commitment to security to customers and partners.
4. Reputation Management
Brand Protection: Preventing breaches that can harm a company’s reputation.
Customer Loyalty: Ensuring trust by safeguarding customer data and privacy.

5. Intellectual Property Protection

Safeguarding Innovations: Protecting proprietary information and trade secrets from theft or
espionage.

Fig 3.2.1: TYPES OF CYBER SECURITY

6. Financial Security
Preventing Loss: Reducing the risk of financial loss from cyberattacks, such as ransomware
or fraud.
Insurance Benefits: Lowering premiums by demonstrating strong security practices.

7. Employee Safety
Awareness and Training: Educating employees about cybersecurity threats to reduce
risks of breaches.
Creating a Safe Work Environment: Ensuring that internal systems are secure from
attacks.

8. National Security
Protecting Critical Infrastructure: Securing systems that support essential services like
power, healthcare, and transportation.
3.3 Importances of cyber security for business
Security can be categorized into various types, each focusing on different areas of protection.
Here’s an overview of the main types of security:

1. Physical Security
Protection of Physical Assets: Involves safeguarding physical locations, such as buildings and
equipment, from unauthorized access, theft, and natural disasters.
Components: Access controls (locks, badges), surveillance (CCTV), security personnel, and
environmental controls (fire alarms, climate controls).

2. Cybersecurity
Protection of Digital Information: Focuses on protecting computer systems, networks, and data
from cyber-attacks and unauthorized access.
Components: Firewalls, encryption, intrusion detection systems, antivirus software, and security
policies.

3. Network Security
Securing Network Infrastructure: Involves protecting the integrity and usability of networks from
intrusions and attacks.
Components: VPNs, firewalls, intrusion prevention systems, and secure configurations.

4. Application Security
Securing Software Applications: Ensures that applications are designed and maintained to prevent
vulnerabilities.
Components: Secure coding practices, application testing, vulnerability assessments, and patch
management.

5. Information Security
Protecting Data Integrity: Focuses on protecting data from unauthorized access and corruption.
Components: Access controls, encryption, data classification, and secure data storage.
6. Operational Security (OpSec)
Protecting Processes and Information: Involves processes that protect sensitive information and
operational capabilities.
Components: Risk assessments, security policies, and employee training.

7. Cloud Security
Securing Cloud Environments: Focuses on protecting data and applications hosted in cloud services.
Components: Identity management, access controls, encryption, and compliance monitoring.

3.4 Importances of cyber security for business

Security can be categorized into various types, each focusing on different areas of protection.
Here’s an overview of the main types of security:

8. Physical Security
Protection of Physical Assets: Involves safeguarding physical locations, such as buildings and
equipment, from unauthorized access, theft, and natural disasters.
Components: Access controls (locks, badges), surveillance (CCTV), security personnel, and
environmental controls (fire alarms, climate controls).

9. Cybersecurity
Protection of Digital Information: Focuses on protecting computer systems, networks, and data
from cyber-attacks and unauthorized access.
Components: Firewalls, encryption, intrusion detection systems, antivirus software, and security
policies.

10. Network Security

Securing Network Infrastructure: Involves protecting the integrity and usability of networks from
intrusions and attacks.
Components: VPNs, firewalls, intrusion prevention systems, and secure configurations.

11. Information Security

Protecting Data Integrity: Focuses on protecting data from unauthorized access and corruption.
Components: Access controls, encryption, data classification, and secure data storage.
12. Operational Security (OpSec)
Protecting Processes and Information: Involves processes that protect sensitive information and
operational capabilities.
Components: Risk assessments, security policies, and employee training.

13. Cloud Security

Securing Cloud Environments: Focuses on protecting data and applications hosted in cloud services.
Components: Identity management, access controls, encryption, and compliance monitoring.

14. Endpoint Security

Protecting End-user Devices: Involves securing devices like laptops, smartphones, and tablets that
connect to the network.
Components: Antivirus software, endpoint detection and response (EDR), and mobile device
management (MDM).

15. Mobile Security

Securing Mobile Devices: Focuses on protecting smartphones and tablets from threats and
vulnerabilities.
Components: App vetting, data encryption, and remote wipe capabilities.

16. Disaster Recovery and Business Continuity

Planning for Incidents: Ensures that operations can continue or recover quickly in the event of a
disaster or major disruption.

Components: Backup systems, recovery plans, and continuity planning.

3.5 Importances of cyber security for business
Security can be categorized into various types, each focusing on different areas of protection.
Here’s an overview of the main types of security:

17. Physical Security

Protection of Physical Assets: Involves safeguarding physical locations, such as buildings and
equipment, from unauthorized access, theft, and natural disasters.
Components: Access controls (locks, badges), surveillance (CCTV), security personnel, and
environmental controls (fire alarms, climate controls).
18. Cybersecurity
Protection of Digital Information: Focuses on protecting computer systems, networks, and data
from cyber-attacks and unauthorized access.
Components: Firewalls, encryption, intrusion detection systems, antivirus software, and security
policies.

19. Network Security

Securing Network Infrastructure: Involves protecting the integrity and usability of networks from
intrusions and attacks.
Components: VPNs, firewalls, intrusion prevention systems, and secure configurations.

20. Application Security

Securing Software Applications: Ensures that applications are designed and maintained to prevent
vulnerabilities.
Components: Secure coding practices, application testing, vulnerability assessments, and patch
management.

21. Information Security

Protecting Data Integrity: Focuses on protecting data from unauthorized access and corruption.
Components: Access controls, encryption, data classification, and secure data storage.

22. Operational Security (OpSec)

Protecting Processes and Information: Involves processes that protect sensitive information and
operational capabilities.
Components: Risk assessments, security policies, and employee training.

23. Cloud Security

Securing Cloud Environments: Focuses on protecting data and applications hosted in cloud services.
Components: Identity management, access controls, encryption, and compliance monitoring.
3.6 Importances of cyber security for business
Security can be categorized into various types, each focusing on different areas of protection.
Here’s an overview of the main types of security:

24. Physical Security

Protection of Physical Assets: Involves safeguarding physical locations, such as buildings and
equipment, from unauthorized access, theft, and natural disasters.
Components: Access controls (locks, badges), surveillance (CCTV), security personnel, and
environmental controls (fire alarms, climate controls).
25. Cybersecurity
Protection of Digital Information: Focuses on protecting computer systems, networks, and data
from cyber-attacks and unauthorized access.
Components: Firewalls, encryption, intrusion detection systems, antivirus software, and security
policies.

26. Network Security

Securing Network Infrastructure: Involves protecting the integrity and usability of networks from
intrusions and attacks.
Components: VPNs, firewalls, intrusion prevention systems, and secure configurations.

27. Application Security

Securing Software Applications: Ensures that applications are designed and maintained to prevent
vulnerabilities.
Components: Secure coding practices, application testing, vulnerability assessments, and patch
management.

28. Information Security

Protecting Data Integrity: Focuses on protecting data from unauthorized access and corruption.
Components: Access controls, encryption, data classification, and secure data storage.

29. Operational Security (OpSec)

Protecting Processes and Information: Involves processes that protect sensitive information and
operational capabilities.
Components: Risk assessments, security policies, and employee training.

30. Cloud Security

Securing Cloud Environments: Focuses on protecting data and applications hosted in cloud services.
Components: Identity management, access controls, encryption, and compliance monitoring.
31. Endpoint Security
Protecting End-user Devices: Involves securing devices like laptops, smartphones, and tablets that
connect to the network.
Components: Antivirus software, endpoint detection and response (EDR), and mobile device
management (MDM).

32. Mobile Security

Securing Mobile Devices: Focuses on protecting smartphones and tablets from threats and
vulnerabilities.
Components: App vetting, data encryption, and remote wipe capabilities.

33. Disaster Recovery and Business Continuity

Planning for Incidents: Ensures that operations can continue or recover quickly in the event of a
disaster or major disruption.
Components: Backup systems, recovery plans, and continuity planning.

3.7 Cyber security framework and compliance

Cybersecurity frameworks and compliance are essential for organizations aiming to establish
robust security practices and meet regulatory requirements. Here’s an overview of key frameworks
and compliance considerations:
Cybersecurity Frameworks
NIST Cybersecurity Framework (CSF)
Developed by the National Institute of Standards and Technology, this framework provides a
policy framework of computer security guidance for how private sector organizations can assess
and improve their ability to prevent, detect, and respond to cyber attacks.

Core Functions:
Identify: Understanding organizational risks and resources.
Protect: Implementing safeguards to limit the impact of potential events.
Detect: Developing and implementing activities to identify the occurrence of a cybersecurity event.
Respond: Taking action regarding a detected cybersecurity incident.
Recover: Maintaining plans for resilience and restoring services affected by cybersecurity incidents.
ISO/IEC 27001
An international standard for managing information security. It provides requirements for
establishing, implementing, maintaining, and continually improving an information security
management system (ISMS).
Key Components: Risk management, security controls, and continuous improvement.
CIS Controls
Developed by the Center for Internet Security, these are a set of best practices for securing IT
systems and data. The controls provide actionable guidance on protecting against the most
common cyber threats.
Categories: Basic, foundational, and organizational controls, with a focus on risk management and
security hygiene.
COBIT (Control Objectives for Information and Related Technologies)
A framework for developing, implementing, monitoring, and improving IT governance and
management practices. It helps organizations align IT goals with business objectives and manage
risks effectively.

PCI DSS (Payment Card Industry Data Security Standard)

A set of security standards designed to ensure that all companies that accept, process, store, or
transmit credit card information maintain a secure environment. Compliance is mandatory for
businesses handling card payments.

Cybersecurity Maturity Model Certification (CMMC)

Developed by the U.S. Department of Defense, this framework is designed to enhance the
protection of sensitive information within the defense industrial base. It includes multiple levels of
maturity that organizations must achieve for compliance.
Organizations must be aware of and comply with industry-specific regulations, such as:
GDPR: General Data Protection Regulation for data protection and privacy in the European
Union. HIPAA: Health Insurance Portability and Accountability Act for protecting healthcare
information in the U.S.
FISMA: Federal Information Security Management Act for federal agencies in the U.S.

Audits and Assessments

Regular security audits and assessments help organizations identify vulnerabilities and ensure
compliance with internal policies and external regulations.

Documentation and Reporting

Maintaining thorough documentation of policies, procedures, and incident responses is crucial for
demonstrating compliance during audits. Training and Awareness
Continuous employee training on cybersecurity best practices and compliance requirements is
essential for fostering a security-aware culture within the organization.

Risk Management
Implementing a risk management process to identify, assess, and mitigate cybersecurity risks is
fundamental for both compliance and effective security.

3.8 Cyber threats, cyber-attacks and cyber attackers

1. Cyber Threats
Cyber threats are potential malicious activities that aim to compromise or damage digital
information systems, networks, or devices. They target vulnerabilities in software, hardware, or
human behavior to steal data, disrupt services, or cause harm. Cyber threats can be categorized
into several types: Malware: Software designed to harm or exploit a system, including viruses,
trojans, spyware, and ransomware.
Phishing: Fraudulent attempts to obtain sensitive information, often by impersonating trustworthy
entities through emails or fake websites.
Ransomware: A type of malware that encrypts files, demanding payment (ransom) in exchange for
decrypting them.
Insider Threats: Employees or individuals with access to sensitive data who intentionally or
unintentionally cause harm.
Zero-day Exploits: Attacks that occur before a software vulnerability is known and patched.
Man-in-the-Middle (MITM): Attacks where a hacker intercepts communication between two parties
to steal or alter data.

Fig 3.5.1 Various Type Of Cybersecurity Threats

2. Cyber Attacks
A cyber-attack is an actual incident where a cyber threat is realized. Cyber-attacks are deliberate
and aim to disrupt, damage, or gain unauthorized access to a system or data. Common types of
cyber- attacks include:
DDoS (Distributed Denial of Service): Overloading a system with traffic to make it unavailable to
legitimate users.
SQL Injection: Inserting malicious code into a database query to access or manipulate sensitive
information.
Social Engineering: Manipulating individuals into revealing confidential information, such as
passwords or personal details.
Brute Force Attacks: Systematically attempting all possible password combinations to gain access
to a system.
Credential Stuffing: Using stolen login details (from another breach) to gain access to multiple
accounts.
Supply Chain Attacks: Targeting third-party suppliers or contractors to compromise a larger
organization indirectly.

3. Cyber Attackers
Cyber attackers (hackers) are individuals or groups who perform cyber-attacks. They may have
different motivations, such as financial gain, political goals, espionage, or simply causing
disruption. Types of cyber attackers include:
Hacktivists: Individuals or groups that attack systems to promote political or social agendas (e.g.,
Anonymous).
Cybercriminals: Individuals or organized groups that engage in cybercrime for financial gain, often
through phishing, fraud, or ransomware.
State-Sponsored Hackers: Hackers employed or supported by nation-states, usually involved in
espionage, sabotage, or political warfare.
Insider Threats: Employees or partners with legitimate access to systems who turn malicious.
Script Kiddies: Inexperienced hackers who use pre-made tools and scripts to launch attacks,
typically without fully understanding the complexities.
Advanced Persistent Threats (APT): Sophisticated and often state-sponsored groups that infiltrate
systems and remain undetected for long periods to steal data or cause harm over time.

3.9 Various types of cyber attacks

Cyber-attacks come in many forms, each exploiting different vulnerabilities in systems, networks, or
users. Here’s an overview of the most common types of cyber-attacks:

1. Malware Attacks
Malware refers to malicious software designed to disrupt, damage, or gain unauthorized access to
systems. Types of malware include:
Viruses: Spread by attaching themselves to legitimate programs, capable of self-replicating and
spreading to other files.
Trojans: Disguised as legitimate software, but open backdoors to allow unauthorized access to a
system.
Ransomware: Encrypts a victim’s data and demands payment for decryption.
Spyware: Secretly gathers information from a system and transmits it to an attacker.
Worms: Self-replicating programs that spread across networks without user intervention.

2. Phishing Attacks
Phishing is a social engineering technique where attackers impersonate trustworthy entities to trick
users into revealing sensitive information, such as passwords or credit card numbers. Types of
phishing include:
Spear Phishing: Targeted phishing aimed at specific individuals or organizations, often customized
for higher success rates.
Whaling: Phishing attempts targeted at high-profile individuals like CEOs or executives.
Clone Phishing: Creating a copy of a legitimate email but replacing its attachments or links with
malicious ones.

3. Denial of Service (DoS) & Distributed Denial of Service (DDoS)

In a DoS attack, the attacker overwhelms a system, server, or network with traffic, rendering it
unavailable to legitimate users. A DDoS attack amplifies this by using multiple compromised
systems (often through botnets) to send massive amounts of traffic.
Botnets: Networks of infected computers controlled by a central server to carry out DDoS attacks.
Application-layer DDoS: Focuses on specific applications to exhaust their resources.

4. SQL Injection Attacks

In an SQL injection attack, malicious SQL statements are inserted into a query to manipulate a
database. These attacks allow attackers to view, modify, or delete data and, in some cases, gain
administrative access to the system.
Error-based SQL Injection: Exploiting database error messages to gain information.
Blind SQL Injection: The attacker does not receive direct feedback but uses time-based or Boolean
techniques to gather information.

5. Cross-site Scripting (XSS)

In this attack, malicious scripts are injected into web pages viewed by other users. If successful, XSS
can lead to the theft of cookies, session tokens, or personal information. Types include:
Stored XSS: The malicious script is permanently stored on a server and executed when a victim
loads a page.
Reflected XSS: The malicious script is reflected off a web application and executed in the user’s
browser.

6. Man-in-the-Middle (MitM) Attacks

In MitM attacks, an attacker intercepts communication between two parties without their knowledge,
either to eavesdrop or alter the communication. Common MitM techniques include:
Session Hijacking: Stealing a user’s session token to gain access to their account.
Eavesdropping: Listening in on conversations over unencrypted communication channels.
SSL Stripping: Downgrading a user’s secure connection to an insecure one to intercept data.

7. Brute Force Attacks

These attacks involve systematically trying all possible combinations of passwords or encryption keys
until the correct one is found. Variations include:
Dictionary Attack: Using a predefined list of common passwords.
Credential Stuffing: Using credentials leaked from other breaches to access accounts.
Hybrid Attack: Combining dictionary and brute force methods to crack passwords.

8. Password Attacks
In these attacks, cybercriminals attempt to gain access to systems by stealing or guessing passwords.
Common techniques include:
Keylogging: Recording keystrokes to steal sensitive information.
Password Spraying: Attempting commonly used passwords across many accounts without triggering
account lockout mechanisms.

9. Cryptojacking
This attack involves secretly using a victim’s computer resources to mine cryptocurrency. It typically
happens via infected websites, malicious scripts, or compromised software.

3.10 Cyber safety and its measures

1. Strong Passwords and Authentication
Create strong passwords: Use a mix of uppercase and lowercase letters, numbers, and special
characters. Passwords should be at least 12 characters long.
Use passphrases: Passphrases (a sequence of words or characters) are harder to guess and easier to
remember than traditional passwords.
Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring two
or more forms of verification (e.g., password + a code sent to your phone).

2. Antivirus and Anti-malware Software

Install reputable antivirus software: This can help detect and remove malware from your devices.
Run regular scans: Schedule regular full-system scans to check for malware or malicious software.
Enable real-time protection: Many antivirus programs offer real-time protection, which actively
monitors for threats.

3. Secure Wi-Fi Networks

Encrypt your Wi-Fi network: Use WPA3 (Wi-Fi Protected Access 3) encryption to secure your
wireless network. Avoid using WEP or WPA, as they are outdated and easily compromised. Change
default router settings: Change the default username and password for your router, and ensure
remote management is disabled.
Avoid public Wi-Fi: Public Wi-Fi networks are often unsecured. If you must use them, avoid
accessing sensitive information or use a VPN (Virtual Private Network).

4. Encryption
Encrypt sensitive data: Encryption converts data into unreadable formats without a decryption
key. Encrypt important files and communications, especially when transmitting them over the
internet. Use end-to-end encryption for communication: Messaging apps and email services that
offer end- to-end encryption (like Signal or encrypted email services) ensure that only the sender
and recipient can read the message.

5. Email and Phishing Awareness

Be cautious with email attachments and links: Only open attachments or click on links from trusted
sources. Phishing emails often contain links that look legitimate but redirect to malicious websites.
Verify sender details: Check the email address of the sender and be cautious of unusual requests for
sensitive information.
Anti-phishing software: Install tools that can detect and filter phishing attempts and spam emails.
 CHAPTER-4: ACTIVITY LOG AND REPORT

ACTIVITY LOG FOR THE FIRST WEEK : (08-07-2024 to 13-07-2024)

Day &Date Brief Description of Daily Learning Outcome Signature of
Activity student
Increase in Cloud-Based Cloud environments remain a
Attacks primary target for cybercriminals
Day-1 due to miscon figurations, weak
identity management, and
8-07-2024 monitoring.

The role of cyber criminals and

Cyber security Criminals their motivations. Finally,
Day- versus Cyber security the chapter explains how to become a
Specialists cyber security specialist.
9-07-2024

Threat Arenas Cyber threats are particularly

dangerous to certain industries
Day-3 and the records they must
maintain.
10-07-2024

The new generation of attacks involves

Heightened Recognition of intelligent selection of victims. In the
Day-4 Cyber security Threats and past, attacks would select the low
Threat complexity hanging fruit or most Vulnerable
11-07-2024 victims.

The specialty areas then define

A work force Framework common types of cyber security
Day-5 for Cyber security work like security provisioning,
operate, Collect and analysis etc.
12-08-2024

International technology
Online Cyber security organizations often sponsor works
Day-6 Communities hops and conferences. These
organizations often keep cyber
13-07-2024 security professionals inspired and
motivated
 ACTIVITY LOG FOR THE SECOND WEEK : (15-07-2024 to 20-07-2024)

Day & Date Brief Description of Daily Activity Learning Outcome Signature of
student
Project Setup Describe the steps
taken to Set up
Day-1 the project
environment.
15-07-2024

Summarize the data

Exploits Targeting Remote Work collected for the project.
Day-2 Infrastructure

16-07-2024

Summarize the
Exploits Targeting Remote Work data collected
Day-3 17- Infrastructure for the project.
07-2024

Exploratory Data Analysis (EDA) Summarize the key

insights gained from the
Day-4 18- initial EDA.

07-2024

Day-5 Training and Testing data Understand data

splitting, validation,
19-08-2024
and Overfitting
concepts
Model Selection If applicable, outline
the initial
Day-6 considerations for
20-07-2024 model alizations and
trends identified in the
data.
 ACTIVITY LOG FOR THE THIRD WEEK : (22-07-2024 to 27-07-2024)

Day & Date Brief Description of Daily Learning Outcome Signature of

Activity student
Data Refinement Detail any further steps taken
in data cleaning and
Day-1 preprocessing.

22-07-2024

Feature Engineering Outline any feature engineering

performed during
Day-2 Week 2 and the
rationale behind
23-07-2024 those choices.

Model Development Summarize progress in

model development.
Day-3 Include insights
gained, initial model
24-07-2024
training results.

Validation Strategy Describe the chosen validation

strategy and any insights
Day-4 gained from validation
results.
25-07-2024

Documentation Updates Report on updates to

project
Day-5 documentation,
including any changes
26-08-2024 to the data dictionary.

Highlight any collaborations or

Collaboration and communications with team
Day-6 Communication members, stakeholders or
clients.
27-07-2024
 ACTIVITY LOG FOR THE FOURTH WEEK: (29-07-2024 to 03-08-2024)

Day & Date Brief Description of Daily Learning Outcome Signature of

Activity student
Summarize efforts in refining
and optimizing the chosen
Day-1 Model Tuning and Optimization model.

29-08-2024

Validation Results Discuss the outcomes of

the model validation,
Day-2 including any
challenges faced and
30-08-2024 solutions implemented.

Feedback Incorporation Detail any feedback received

from stakeholders or team
Day-3 members.

31-08-2024

Model Interpretability If relevant, discuss efforts to

interpret the model,
Day-4 including the exploration
of feature.
01-08-2024

Documentation Updates Report on any updates made to

project documentation.
Day-5
02-08-2024

Summarize any client or

Communication and Reporting stakeholder
Day-6 communication during
the week.
03-08-2024
 ACTIVITY LOG FOR THE FIFTH WEEK: (05-08-2024 to 10-08-2024)

Day & Brief Description of Daily Activity Learning Outcome Signature of

Date student
Summarize the final steps
Final Model Development in model development,
Day-1 including any additional
optimizations or
05-08-2024 adjustments made based
on feedback and
validation results.
Model Evaluation Present the final
evaluation metrics for the
Day-2 model.

06-08-2024

Model Deployment Plan Outline the plan for

deploying the model into
Day-3 a production environment.

07-08-2024

Confirm that all project

Documentation Finalization documentation is up-to-
Day-4 date, including the data
dictionary.
08-08-2024

Summarize any
Client or Stakeholder Presentation presentations or
Day-5 demonstrations made
to clients or
09-08-2024 stakeholders during
the week.
Lessons Learned Share insights gained
from the project,
Day-6 including challenges
faced and lessons learned.
10-08-2024
 ACTIVITY LOG FOR THE SIXTH WEEK: (12-08-2024 to 17-08-2024)

Day & Date Brief Description of Daily Learning Outcome Signature of

Activity student
Model Deployment Summarize the steps taken to deploy the
model into a production environment.
Day-1
12-08-2024

Post-Deployment Monitoring Outline the monitoring plan for the

deployed model.
Day-2
13-08-2024

Documentation Finalization. Confirm that all project

documentation is
Day-3 finalized and
comprehensive.
14-08-2024

Summarize any additional

communications with clients or
Day-4 Client or Stakeholder stakeholders.
Communication
15-08-2024

If relevant, document any

knowledge transfer activities to
Day-5 Project Wrap-Up ensure that team members

16-08-2024

Day-6 Outline the plan for archiving

Documentation Archive project documentation for
17-08-2024 future reference.
 ACTIVITY LOG FOR THE SEVENTH WEEK: (19-08-2024 to 24-08-2024)

Day & Date Brief Description of Daily Learning Outcome Signature of

Activity student
Summarize the analysis of the
model's performance in
Day-1 Post-Deployment Analysis Production
environment.
12-08-2024

If applicable, discuss any user

feedback received after the model's
Day-2 User Feedback and Iteration deployment.

13-08-2024

Documentation Review Conduct a final

review of all
Day-3 project
documentation.
14-08-2024

Provide a final evaluation of the

project's success against
Day-4 Project Evaluation the initial goals and
objectives.
15-08-2024

If relevant, document any

knowledge transfer activities to
Day-5 Knowledge Transfer ensure that team members.

16-08-2024

Day-6 Outline the plan for archiving

Documentation Archive project documentation for
17-08-2024 future reference.
 ACTIVITY LOG FOR THE SEVENTH WEEK: (19-08-2024 to 24-08-2024)
Day & Brief Description of Daily Activity Learning Outcome Signature of
Date student
Summarize ongoing
analysesof the model's
Day-1 Post-Implementation Analysis performance in
the production environment.
19-08-2024

If applicable, discuss
User Feedback and Improvements additional user feedback
Day-2 received and the iterations.

20-08-2024

If applicable, confirm the

completion of any
Day-3 Knowledge Transfer Completion knowledge transfer
activities.
21-08-2024

Revisit the project's

Project Evaluation initialgoals and objectives.
Day-4
22-08-2024

If applicable, confirm that

allproject deliverables or
Day-5 responsibilities have been
Final Handover
successfully handed over to
23-08-2024 the relevant parties.

Express final gratitude to

theteam members
Acknowledgments and Celebrations
Day-6 andstakeholders for their
contributions.
24-08-2024
 ACTIVITY LOG FOR THE EIGHTH WEEK: (26-08-2024 to 31-08-2024)

Day & Date Brief Description of Daily Activity Learning Outcome Signature
of student
Summarize ongoing
Continued Monitoring and Analysis monitoring and analysis
Day-1 of the model's
performance in the
26-08-2024 production environment.

If applicable, discuss any

final user feedback
Day-2 User Feedback and Final Iterations received and the
last iterations.
27-08-2024

If applicable, confirm that

Knowledge Transfer Confirmation knowledge
Day-3 transfer
activities are completed.
28-08-2024

Revisit the project's

initialgoals and
Day-4 Final Project Evaluation objectives.

29-08-2024

Summarize any final

team meetings or
Day-5 Meetings and Communication discussions heldduring
the week.
30-08-2024

Ensure that project

documentation is
Day-6 properly archived for
Documentation Archive future reference.
31-08-2024
 ACTIVITY LOG FOR THE NINETH WEEK: (02-09-2024 to 7-09-2024)
Day & Date Brief Description of Daily Activity Learning Outcome Signature of
student
Continued Monitoring and Analysis Summarize ongoing
monitoring and analysis of
the model's performance in
Day-1
the production environment..
02-09-2024

User Feedback and Final Iterations If applicable, discuss any

final user feedback received
and the last iterations.
Day-2
03-09-2024

Day-3 Knowledge Transfer Confirmation If applicable, confirm that

knowledge transfer
04-092024
activities are completed.

Final Project Evaluation Revisit the project's

initialgoals and objectives.
Day-4
05-09-2024

Day-5 Meetings and Communication Summarize any final team

meetings or discussions
07-09-2024
heldduring the week.

Ensure that project

Day-6 Documentation Archive documentation is properly
archived for future reference.
08-09-2024
 ACTIVITY LOG FOR THE TENTH WEEK: (9-09-2024 to 14-09-2024)
Day & Date Brief Description of Daily Activity Learning Outcome Signature of
student
Daily Transaction Data Zscaler processes over 500
billion transactions daily,
Day-1 which helps feed into its AI
systems to enhance security
09-09-2024 protocols, predict breaches, and
recommend policies
Daily Threat Detection The platform monitors
threats in real- time,
Day-2 inspecting all traffic,
including SSL/TLS-
10-09-2024 encrypted traffic,
which helps stop
potential cyberattacks
before they reach
users or applications
Updates from Security Cloud Zscaler continuously releases
updates on new threat patterns
Day-3 User Experience & Operational and their response capabilities.
Metrics Recently, the platform is
11-09-2024 integrating more AI-based
features for improved detection
of sophisticated attacks
Their analytics collect signals on
app performance, threats, and
user behavior, all of which are
processed daily
• Vulnerability Scanners
Cyber security Weapons Penetration Testing Packet
Day-4 Analyzers.
12-09-2024

This culminating activity

Packet Tracer-Skills Integration includes many of the skills that
Day-5 Challenge. you have acquired during this
course.
13-09-2024

Day-6 Final Review and Reflection Summarize key takeaways from

the 10week course.
14-09-2024
 WEEKLY REPORT

WEEK–1 (From Dt:-09-01-2024 To Dt:14-01-2024)

Objective: To describe the weekly performances in the virtual Internship.

Description: In my first week, I learned about a World of Experts and Criminals

Detailed Report:
• Ability to collect user data contributed by the ourselves

• How to became cyber security specialists to help defeat the cyber criminals that threaten
the cyber world Threats are particularly dangerous to certain industries and the records they
must maintain.
• Greater attention to detection and isolation of cyber-attacks, cyber criminals must be
more careful Security provisioning, operate, collect and analyses etc., Inspired and motivated
by cyber security professionals.
 WEEK–2 (From Dt:15-01-2024 To Dt:21-01-2024)

Objective of the Activity Done: Project Setup, Data Cleaning and Preprocessing, Data
Analysis (EDA), Model Selection

Detailed Report:

Describe the steps taken to set up the project environment, including tools, libraries, and data
sources.

Summarize the data collected for the project.

Provide details on the data cleaning and preprocessing steps undertaken.

Summarize the keyinsights gained from the initial EDA. Includevisualizations and trends identified
in the data.
 WEEK–3 (From Dt:21/01/2024 to Dt:26/01/2024)
Detailed Report:

• Objective of the
Detail any Activity
further stepsDone: Data
taken in Refinement,
data Feature
cleaning and Engineering,
preprocessing. Model
Address specific
Development,
challenges Validation
encountered Strategythe decisions made.
and describe
• Outline any feature engineering performed during Week 2 and the rationalebehind
those choices.
• Summarize progress in model development. Include insights gained, initialmodel
training results, and any adjustments made.
Describe the chosen validation strategyand anyinsights gained from validation results.
 WEEK–4 (From Dt:27/01/2024 to Dt:01/02/2024)
Objective of the Activity Done: Model Tuning and Optimization, Validation Results,
Feedback Incorporation, Model Interpretability

Detailed Report:
Summarize the final steps in model development, including any additionaloptimizations or
adjustments made based on feedback and validation results.

Present the final evaluation metrics for the model. Discuss how well the modelperforms against
the project objectives and success criteria.

Outline the plan for deploying the model into a production environment.Include considerations for
scalability, monitoring, and maintenance.
 WEEK–5 (From Dt:02/02/2024 to Dt:07/02/2024)

Objective of the Activity Done: Final Model Development, Model Evaluation, Model
Deployment Plan, Documentation Finalization.

Detailed Report:
Summarize the final steps in model development, including any additionaloptimizations or
adjustments made based on feedback and validation results.

Present the final evaluation metrics for the model. Discuss how well the modelperforms against
the project objectives and success criteria.

Outline the plan for deploying the model into a production environment.Include considerations for
scalability, monitoring, and maintenance.
 WEEK–6 (From Dt:08/02/2024 to Dt:13/02/2024)

Objective of the Activity Done: Model Deployment, Post-Deployment Monitoring,

Documentation Finalization, Client or Stakeholder Communication

Detailed Report:

Summarize the steps taken to deploythe model into a production environment.

Outline the monitoring plan for the deployed model.

Confirm that all project documentation is finalized and comprehensive. Ensurethat it includes
deployment instructions, model monitoring procedures, and any other relevant details.

Summarize any additional communications with clients or stakeholders Discuss any feedback
received and actions taken.
 WEEK–7(FromDt:14/02/2024 to Dt:19/02/2024)

Objective of the Activity Done: Post-Deployment Analysis,User Feedback and Iteration,

Documentation Review, Project Evaluation

Detailed Report:
Summarize the analysis of the model's performance in the productionenvironment.

If applicable, discuss any user feedback received after the model's deployment.Detail any iterations
or improvements made based on this feedback.

Conduct a final review of all project documentation.

Provide a final evaluation of the project's success against the initial goals andobjectives. Discuss
any key insights, achievements, or areas for improvement.
 WEEK–8(FromDt:20/02/2024 to Dt:25/02/2024)

Objective of the Activity Done: Continued Monitoring and Analysis,User Feedback and Final
Iterations, Knowledge Transfer Confirmation, Final ProjectEvaluation.

Detailed Report:
Summarize ongoing monitoring and analysis of the model's performance in theproduction
environment.

If applicable, discuss any final user feedback received and the last iterations orimprovements made
to the model or system.

If applicable, confirm that knowledge transfer activities are completed.

Revisit the project's initial goals and objectives. Provide a final evaluation ofthe project's overall
success and discuss any lessons learned.
 WEEK–09(FromDt:26/02/2024 Dt:02/03/2024)

Objective of the Activity Done: Post-Implementation Analysis, User Feedback

an Improvements, Knowledge Transfer Completion, Project Evaluation
If applicable, confirm the completion of any knowledge transfer activities Ensure that
team members

Revisit the project's initial goals and objectives. Provide a final evaluation of

the project's overall success and discuss any valuable insights gained.
 WEEK–10(FromDt:03/03/2024 to Dt:08/03/2024)

Objective of the Activity Done: Post-Implementation Analysis, User Feedback an

Improvements, Knowledge Transfer Completion, Project Evaluation

Detailed Report:
Summarize ongoing analyses of the model's performance in the production environment. Discuss
any optimizations or adjustments made based on continued monitoring.

If applicable, discuss any additional user feedback received and the iterations or improvements
made to the model or system.

If applicable, confirm the completion of any knowledge transfer activities Ensure that team
members

Revisit the project's initial goals and objectives. Provide a final evaluation of

the project's overall success and discuss any valuable insights gained.
 CHAPTER 5: OUTCOMES DESCRIPTION

Technical Skills:
Programming Languages:
Python: Widely used for data manipulation, analysis, and machine learning. Libraries likeNumPy,
Pandas, and sickie - learn are commonly employed.

R: Used for statistical modeling and analysis. Popular in academia and certain industries.

Data Manipulation and Analysis:

Pandas: A Python library for data manipulation and analysis.
NumPy: Fundamental package for scientific computing in Python, providing support for
large,multi- dimensional arrays and matrices.

Data Visualization:
Matplotlib: A 2D plotting library for Python.
Seaborn: Built on top of Matplotlib, Seaborn provides a high-level interface for drawingattractive
and informative statistical graphics.
Platy: An interactive graphing library for Python.

Machine Learning:
Sickie-learn: A machine learning library for classical algorithms and tools for data mining anddata
analysis.
Tensor Flow and Porch: Deep learning frameworks widely used for neural networkdevelopment.
Statistical Analysis:
Statistics: A solid understanding of statistical concepts is crucial for hypothesis testing,confidence
intervals, and data interpretation.

Big Data Technologies:

Hadoop: An open-source framework for distributed storage and processing of large data
sets.Spark: A fast and general-purpose cluster-computing framework for big data processing.

Database Management:
SQL: Proficiency in querying relational databases using SQL is essential.
NoSQL databases: Understanding and working with non-relational databases like MongoDBor
Cassandra.
Business Skills:
Domain Knowledge:
Industry Understanding: Familiarity with the specific industry or domain the organization
operates in is crucial for interpreting data in a meaningful business context.

Communication Skills:
Data Storytelling: The ability to convey complex findings in a clear and compellingmanner to non-
technical stakeholders.
Visualization Communication: Effectively using visualizations to convey insights toboth technical
and non-technical audiences.

Problem-Solving:
Critical Thinking: The capacity to approach problems with a logical and analyticalmindset.
Decision-Making: Contributing to decision-making processes by providing data-driveninsights.

Collaboration:
Interdisciplinary Collaboration: Working effectively with professionals from diverse fields,
including business analysts, executives, and IT teams.
Teamwork: Collaborating with cross-functional teams to achieve common goals.

Business Strategy Alignment:

Understanding Business Objectives: Aligning data science projects withbroader organizational
goals and strategies.
Return on Investment (ROI) Analysis: Assessing the potential impact and value ofdata science
initiatives.

Project Management:
Project Planning: Effectively planning and organizing data science projects.

Time Management: Meeting deadlines and managing time efficiently.

 CHAPTER 6: CONCLUSION

Zero Trust Cloud Security is a modern security framework that ensures secure access to cloud
environments by eliminating the notion of inherent trust within a network. Unlike traditional
security models that rely on a strong perimeter, Zero Trust treats all users, devices, and
applications as potential threats, requiring verification and continuous monitoring at every access
point.

Key Components of Zero Trust Cloud Security:

Continuous Verification ("Never Trust, Always Verify"): Every request to access data or
resources must be verified, regardless of whether it originates from inside or outside the network.
This includes robust identity verification through multi-factor authentication (MFA), device
health checks, and user context analysis.
1. Least Privilege Access: Users are granted the minimal level of access necessary to
perform their tasks. This principle ensures that even if a user or device is compromised, they
cannot access more than what is required, reducing the potential impact of an attack.
2. Micro-Segmentation: Instead of securing the entire cloud network with a single
perimeter, micro-segmentation breaks the network into smaller zones, each with its own access
policies. This prevents lateral movement within the cloud, containing threats to one part of the
network if an attack occurs.
3. Endpoint Security and Device Trust: In a Zero Trust model, every device accessing the
cloud is treated as untrusted until proven otherwise. Endpoint detection and response (EDR)
tools, alongside device health checks, ensure that only secure and compliant devices can connect
to the network.
4. Real-Time Monitoring and Analytics: Zero Trust requires ongoing monitoring of
network traffic, user behavior, and system logs. Anomalous activity, such as unusual login
attempts or unauthorized access requests, can be flagged and responded to in real time, ensuring
threats are quickly addressed.
5. Encryption and Secure Access: Data is encrypted both in transit and at rest to protect it
from unauthorized access or exposure during transmission across cloud environments. All
communications are secured through encryption protocols like TLS and VPNs for remote access.
6. Assume Breach Mentality: Zero Trust operates with the mindset that breaches are inevitable.
This means preparing for the worst-case scenario and focusing on minimizing the impact of any
compromise. Regularly auditing systems, improving detection capabilities, and having an incident
response plan in place are critical to reducing breach effects.
Challenges:
Complex Implementation: Transitioning from a traditional security model to a Zero Trust
architecture requires significant planning, resource investment, and a clear strategy for integrating
existing infrastructure.
Continuous Management: Zero Trust is not a "set it and forget it" solution. It demands ongoing
monitoring, updates, and adjustments to policies as users and devices change.
Initial Costs: Adopting a Zero Trust approach can involve substantial upfront costs related to
upgrading systems, purchasing new security tools, and training personnel.

Benefits of Zero Trust Cloud Security:

Enhanced Protection: By verifying every access request and limiting permissions, Zero Trust
significantly reduces the risk of data breaches, insider threats, and unauthorized access.
Improved Scalability: As organizations adopt hybrid or multi-cloud environments, Zero Trust's
scalable architecture can protect assets across on-premises and cloud systems without relying on a
single perimeter.
Compliance: Zero Trust frameworks align well with regulatory requirements such as GDPR,
HIPAA, and PCI-DSS, providing enhanced data protection and privacy controls.
Resilience Against Evolving Threats: Zero Trust is designed to address the challenges of
modern cybersecurity, where attackers continuously innovate and adapt.
Student Self Evaluation for the Summer Internship

Student Name : NERIYANURU VEDAPRIYA

Registration No : 228X1A4291
Period of Internship : From: JUL-2025 to SEP-2025
Date of Evaluation :
Name of the Person in charge : Dr. M.CHENNAKESAVA RAO , M.Tech., Ph.D
Address With Mobile Number : Guntur

Please rate your performance in the following areas:

Rating Scale: 1 is the lowest and 5 is the highest value

1) Oral Communication 1 2 3 4 5

2) Written Communication 1 2 3 4 5

3) Initiative 1 2 3 4 5

4) Interaction with staff 1 2 3 4 5

5) Attitude 1 2 3 4 5

6) Dependability 1 2 3 4 5

7) Ability to learn 1 2 3 4 5

8) Planning and organization 1 2 3 4 5

9) Professionalism 1 2 3 4 5
10) Creativity 1 2 3 4 5

11) Quality of work 1 2 3 4 5

12) Productivity 1 2 3 4 5

13) Progress of learning 1 2 3 4 5

14) Adaptability to the organization’s culture/policies 1 2 3 4 5

15) OVERALLPERFORMANCE 1 2 3 4 5
 Evaluation By the Person in Charge:-
Student Name NERIYANURU VEDA PRIYA

: 228X1A4291
Registration No

: 10WEEKS, JULY 2025 to SEPTEMBER 202

Period of Internship from

Date of Evaluation :

Name of the Person in charge : M. Chennakesavarao, M.E,(Ph.D)

Address With Mobile Number : Kallam Haranadhareddy Institute Of

Technology (Autonomous)Chowdavaram,

Please note that your evaluation shall be done independent of the student’s self- evaluation
Rating Scale: 1 is lowest and 5 is highest rank.

1) Oral Communication 1 2 3 4 5
2) Written Communication 1 2 3 4 5
3) Initiative 1 2 3 4 5
4) Interaction with staff 1 2 3 4 5
5) Attitude 1 2 3 4 5
6) Dependability 1 2 3 4 5
7) Ability to learn 1 2 3 4 5
8) Planning and organization 1 2 3 4 5
9) Professionalism 1 2 3 4 5
10) Creativity 1 2 3 4 5
11) Quality of work 1 2 3 4 5
12) Productivity 1 2 3 4 5
13) Progress of learning 1 2 3 4 5
14)Adaptability to the 1 2 3 4 5
organization’s culture/policies
15) OVERALLPERFORMANCE 1 2 3 4 5

Date: Signature of the Supervisor: