1. King Saud University
College of Computer and Information Sciences
Department Name
Security Engineer Intern
A final Report submitted in Partial Fulfillment of the
Practical Training Program
Student Name: Amal Alassaf
Student ID#: 429201822
Company Name: Intel Corporation
Training Date: Starting 9/6/2013 Completion: 1/8/2013
Supervisor Name: Omar M Al-othiem
Summer of 2013
2. Acknowledgement:
I want to take this opportunity to express my profound gratitude and deep regards to
Miss. Hanan Altmemi and all the people who were working on this program. The
blessing, help and guidance given by them time to time shall carry me a long way in the
journey of life on which I am about to embark.
I also take this opportunity to express a deep sense of gratitude to Mr. Omar Al-Othiem,
for his cordial support, valuable information and guidance, which helped me in
completing this task through various stages.
I am really thankful to Mr.Jakob Oberascher, Mr.Tambi Baik, Mr.Andreas Wagner and
all the staff members of McAfee, for the valuable information provided by them in their
respective fields. I am grateful for their cooperation during the period of my assignment.
Lastly, I thank almighty my sister and friends for their constant encouragement without
which this assignment would not be possible.
Amal A Alassaf
3. Table of Contents
Summary ........................................................................................................................ 4
1. Introduction ................................................................................................................ 5
2. The Training Plan ....................................................................................................... 6
3. Information about the Training Company………………………............................... 8
4. Training Work description and Achievements ........................................................... 9
5. Conclusions and Recommendations ..........................................................,............... 18
References ..................................................................................................................... 20
4. List of Figures
Figure 1: McAfee headquarters in Santa Clara, California....................................................... 8
Figure 2: McAfee Vulnerability Manger value. .................................................................. 13
Figure 3: The System I build in McAfee Lab....................................................................... 15
Figure 4: Screenshot of my reports......................................... ............................................16
5. Summary:
I’ve been blessed to have my training in one of the multinational company around
the world. This report will give an Introduction of my training opportunity as a security
engineering in McAfee and some information about the company and the environment
I’ve worked in . This report will also provide my training plan for the whole two months
week by week will explain my tasks in a very detailed way of what I’ve learned. The
report also contain some figures and the name of machines I used and the courses that I
took during my Academic year that helped me during my training.
Finally this report will highlight the major points of what I’ve learned and how I dialed
with the challenges I faced during the 8 week of my training. And some
recommendations that will help this program to improve even more so the other student
will get more benefit of this wonderful experience.
6. 1.Interdiction :
The purpose of this report is to document my experience in a very detailed way of
my training in McAfee for the summer of 2013. This report will help underrating the
company and the environment of the company Also it will provide what I’ve done in my
training period that last for eight weeks.
In Fact My training was built in two Parts. First Part Learning about different area in
security science that will help me to get through the second part which was about
practicing what I learn.
My job basically was to learn how to protect the small/medium companies system of any
threat that could affect their system.
Finally the conclusion of my report present what I’ve learned during my training in
McAfee. And a recommendation for the student who want to get an internship in such a
good company like McAfee. And a recommendation for the university to improve this
program for the future.
7. 2. The Training Plan
Since the interview I was aware that my training will be divided to two parts.
First parts will be based on learning more than doing. Learning about different areas
of security that will help me during my second part which is the project.
In the second part I have to assign what I’ve learn in the first month I start to install
software in the system and test and scan to see how it works and I’ve got the chance
to test a costumer system. Which makes all the things I’ve learned more valuable.
Beside the training plan I’ve got the chance to do additional work such as attending
the meeting and meet the costumer and see how business work. Also I’ve been
blessed by meeting one of the old McAfee employee Mr. Bill Rielly a Senior Vice
President, Small & Medium Business. who worked in the company for more so long.
He taught me a lot of good things that will help me in my future career.
8. 3. Information about the Training Company
McAfee is an American global computer security software company headquartered in
Santa Clara, California, and the world's largest dedicated security technology company.
As of February 28, 2011, McAfee is a wholly owned subsidiary of Intel.
Figure1: McAfee headquarters in Santa Clara, California.
McAfee had opened their first office in Saudi Arabia in 2010 it start with a small office
and now they have more than 10 employee. The age of the employee is different but most
of them are old men who are very expert in their job.
most The employee have an ungraduate degree and few of them got a graduate degree.
There is no specific dress that you have to wear. Every employee can wear what make
him/her comfortable as long as its cover. And for the ladies we wear Abays.
The staff are very respectful, the respect the traditions even though 70% of them are not
Arabs. But they are aware of the limitation and traditions we have in Saudi Arabia
The main objective of this training program is to give an overview to the ungraduated
student To impart basic knowledge from a senior people.
And the purpose of their training program is:
To broaden minds of supervisors.
To assist employees to know more about the new generation.
To enhance the employees of their knowledge and encourage to give more.
To encourage and support the intern to learn about the new technology by
McAfee as they believe that the student will take their place in the future.
9. 4. Training Work description and Achievements
When I first told my advisor that the suggesting training is at least 8 week with a
minimum charge of 300 hours he suggested to divide the 8 weeks to two. So basically
the first 4 weeks will be based on learning and the second 4 works will be a big
project for me. And you will find this in details below:
Week one:
That was the warming week, It was exploratory for me. My advisor was
introducing me to the place to get familiar. The office Manager handed my laptop and
taught me how to work on it. And how to use the system, E-mail how to set a meeting
and use the electronic library it took me a while to get to use to it.
My advisor suggest me to do a one on one meeting with each employee to get to
know them and to break the ice and to know how they can help me during my intern.
Each week the company have a staff meeting for an hour and half. That discuss the
newest technologies, expecting visitor and how each team can work with another on
the challenges. Each team display the projects that they going to work on to either
display it or to discuss some points.
I’ve got a training on the following areas:
- Law of conduct: That was very important to start with. In this training I’ve learned
the law of the company. I’ve reviewed stories based in real used different names of
people who broke the law and went to jail for this.
- Protecting Information: The sensitive information in each company is a target for
either the competitive or the people who use it to blackmail the company for money.
I’ve reviewed some stories about companies who lost their data and these important
information and end up bankrupt their company.
Protecting a Personally Identifiable Information for the company employee is so
important, therefore I’ve learned how we can do that and how to advice the company
and employee about this. I’ve Also learned what type of information that should be
protected in each filed and how I can protect them by using McAfee tools and
programs.
10. -Social Engineering: Basically social engineering is what cybercriminals use to
persuade or deceive the user into sharing sensitive information or allowing access to
user computer by pretending to be someone or something they aren’t. In this training
I’ve reviewed real based stories on this subject and I’ve watched a movie called”
Identity Thief” show how a lady were stealing sensitive bank information from
people and use it to create credit card and use them to buy things. Based on research
that Dimensional Reach center had done they found that 51% of the social
engineering attack were motivated by financial gain, while only 14% of the social
engineering attacks were motivated by revenge.
Reference: http://www.checkpoint.com/press/downloads/social-engineering-
survey.pdf
http://home.mcafee.com/advicecenter/?id=rs_na_su11article2
Required Background: IT140
Machines used: Special Laptop from the company that has an access to my
official Email
11. Week Two:
In this week I’ve got to continue my one on one meeting with the team. And
beside this I’ve got the chance to attend the call with the European office that the
company usually do every quarter I’ve learned a lot from this call that was last for
almost three hours. Beside all previous tasks I’ve continue following my learning
plan:
-Email Security: This training was divide to three parts:
Part one: Was kind of what I’ve studded in Network1 course number IT224 how the
information transfer from one person to another.
Part two: Was really easy for me to understand this part because it’s talk about
encryption and I’ve already studied that in the information Security course number
IT324.
Part three: this part complete part two on how to protect your Email from the hackers
which is something I already studied as well in information security IT324.
My project supervisor had suggest me to read about the encryption since it’s very
important and he suggest me this book (CISSP All-in-One Exam Guide, Fifth Edition
by Shon Harris) I’ve looked up to it in the library but I didn’t found it so I borrowed it
from my supervisor.
-Device Security: This was the most interesting training I’ve got so far. I’ve got the
chance to see McAfee Lab and all the devices that they use for security. Some of the
these devices can’t be sold to the public so it’s just for the security company.
I’ve also learned about McAfee Device Control that help the companies to protects
their data from falling into the wrong hands.
In this training I’ve also learned about the Wi-Fi technology and why it’s easy target
for the Hackers and how can I decreased the risk and improve the protection on this
technology.
Required Background: IT324, IT224, IT140
Books: CISSP All-in-One Exam Guide, Fifth Edition by Shon Harris
12. Week Three:
In this week I’ve been utilizing a senior executive visit to the country where I
improved my technical skills in security filed and business. Mr Bill Rielly a Senior
Vice President, Small & Medium Business in McAfee.
In addition to the visit I’ve worked with one of the team Mr.Jackob on the spyware.
I’ve watched Mr.jackob doing this in steps to seek for the Vulnerabilities In the
System I’ve also took a training on the following:
- Malware: I’ve learned some of this subject in IT324 which helped me a lot specially
after I reviewed the slides of the course.
Required Background: IT324
Challenged: Mr.Jackob was familiar with the spyware’s so he was kind of
working on this very fast I was trying my best to follow up. So the other day I
decide to take notes.
13. Week Four:
One of the intern had faced a technical problem the previous week and my
advisor had suggest me to learn how to report a problem in case I faced this in the
future he asked one of team to guide me and I’ve learned how to report all type of
problems technical, finance, HR, legal etc. That wasn’t part of the plan but it was
very helpful. I’ve took training also in the following:
- Passwords: That was the easiest training. It was kind of giddiness on how to build a
strong password for the systems. And how to convince the costumers to use an
encryption passwords for their system to protect it from the phishing hacks.
-Incident Reporting: It happen that a costumer report a security problem of things that
they aren’t sure about it. In this Training I’ve learned how to read a reports from the
costumer system and report it to concerned team to get it fixed.
- Vulnerability Manager: That was the most important training during the past 4
weeks since it will affect my project. In the figure 1 you see the MVM Value
McAfee happen to have her own system on managing the vulnerabilities. I’ve been
able to see the other team how to work on this system and tools that benefit me and
made me fully understand how the system work in the real world.
Figure 2: McAfee Vulnerability Manger value.
Last day of the week I had a long meeting with Mr.jakob who happen to be my
supervisor for the project he was explaining what I am going to do for the next 4
weeks. He explained the point for me and he gave me some reading task to do during
the weekend that will help me during my project.
14. Week Five:
This week is my first week on the second part of my training which is the
project. In this Week Mr.Jackop had a small meeting to present the project to me.
And advise me to have at least an hour with Mr. Andreas Wagner who is an expert in
this filed.
What I’ve done basically this week is:
1- Installing the Virtual machine player in my computer:
The goal of this: Is in case I’ve messed with the system my real PC won’t be
effective.
2- Connected the Virtual Machine to the McAfee Lab.
Challenge: There were a lot of options during the setup that made lost.
Challenge:
While I was installing the VMP there were a lot of sittings that I may be
very aware and carful about it. Which made me stop installing and reading
on the requirement and need that was around 500 Page from McAfee
library which took me few extra hours.
Connecting the VM to the Lab was also hard as it wasn’t explained very
well in the beginning and I had to find the address for each machine.
Machines used: Personal PC, server, Other devices, switch,
15. Week Six:
McAfee happen to have thousands of application to protect hundreds of different
type of information. Eerily this week I’ve got to read about these applications. My
supervisor had highlighted the apps, software’s and tools that I should read about
carefully that I will need to use later on this week.
I’ve install few software’s and tool that I will need to test, scan in my local system.
Also I’ve scan the assets I have in my system figure 3.
Figure3: The System I build in McAfee Lab
Required Background: IT224
16. Week Seven:
I started with what I finished last week. Scanning the assets. In fact I got the
chance to scan the costumer system. Which was a very huge step for me since I’ve
been working on the local test lab we have in McAfee office since I started.
I’ve Also created risk profiles in the Lab as McAfee believed that “Today Risk could
be Tomorrows Problem” I’ve done these risk profiles in the lab I’ve created earlier in
the office. I couldn’t create one for the customer since I have to get deep into their
system which take longer time than my training period.
My project supervisor had asked me to review few report that will give me a sense of
what I am going to do later on this week. He also had set a meeting for an hour and
half to teach me how to analysis the reports.
Later in this week I’ve been able to create my own report and analysis it.
Figure4: Screenshot of my reports.
17. Week Eight:
That week was my last week. My supervisor allowed me to meet the new
costumer and discuss their system and study:
Their sensitive information area.
what protection they need.
Type of company ( Small/Medium)
And I present this to the costumer in my last day after I present it to the team and
they gave me their feedback.
Required Background: IT140, MC140, 324Stat
18. 5. Conclusions and Recommendations
In conclusion, during the training technically I’ve learned a lot about security and
networking and I’ve learned a lot about life skills that will help me in my future
career.
I would summarize what I’ve learning during my training the following:
Oral and written communication skills.
Customer service skills
Leadership skills
Teamwork skills
Organizational skills.
project management skills
Working with colleagues who have substantial experience within the security
industry
Understanding the Small/medium business System and how to protect it.
Build my own lab using a VM and MVM tools and software
Test and scan the weak point on my system.
Write a report and how to study them
Expect the risk and fix it in early stage.
19. Recommendation:
I recommend an Internship because it gives you the opportunity to apply
fundamentals learned in the classroom to real-world issues. It also gives you an in-
depth analysis of what it is really like to work within your field of study.
Lastly, an Internship gives you an 'edge' against competition when entering into the
workforce. I just wished if it was longer than two month or eight weeks.
20. References:
MVM 750 Best Practices.
MVM Value v3
MVM 750 PA530 Integration Guide
MVM_PowerBroker