SlideShare a Scribd company logo

Final Report-2

A
Amal Alassaf
1 of 20
Download to read offline
King Saud University College of Computer and Information Sciences Department Name Security Engineer Intern A final Report submitted in Partial Fulfillment of the Practical Training Program Student Name: Amal Alassaf Student ID#: 429201822 Company Name: Intel Corporation Training Date: Starting 9/6/2013 Completion: 1/8/2013 Supervisor Name: Omar M Al-othiem Summer of 2013
Acknowledgement: I want to take this opportunity to express my profound gratitude and deep regards to Miss. Hanan Altmemi and all the people who were working on this program. The blessing, help and guidance given by them time to time shall carry me a long way in the journey of life on which I am about to embark. I also take this opportunity to express a deep sense of gratitude to Mr. Omar Al-Othiem, for his cordial support, valuable information and guidance, which helped me in completing this task through various stages. I am really thankful to Mr.Jakob Oberascher, Mr.Tambi Baik, Mr.Andreas Wagner and all the staff members of McAfee, for the valuable information provided by them in their respective fields. I am grateful for their cooperation during the period of my assignment. Lastly, I thank almighty my sister and friends for their constant encouragement without which this assignment would not be possible. Amal A Alassaf
Table of Contents Summary ........................................................................................................................ 4 1. Introduction ................................................................................................................ 5 2. The Training Plan ....................................................................................................... 6 3. Information about the Training Company………………………............................... 8 4. Training Work description and Achievements ........................................................... 9 5. Conclusions and Recommendations ..........................................................,............... 18 References ..................................................................................................................... 20
List of Figures Figure 1: McAfee headquarters in Santa Clara, California....................................................... 8 Figure 2: McAfee Vulnerability Manger value. .................................................................. 13 Figure 3: The System I build in McAfee Lab....................................................................... 15 Figure 4: Screenshot of my reports......................................... ............................................16
Summary: I’ve been blessed to have my training in one of the multinational company around the world. This report will give an Introduction of my training opportunity as a security engineering in McAfee and some information about the company and the environment I’ve worked in . This report will also provide my training plan for the whole two months week by week will explain my tasks in a very detailed way of what I’ve learned. The report also contain some figures and the name of machines I used and the courses that I took during my Academic year that helped me during my training. Finally this report will highlight the major points of what I’ve learned and how I dialed with the challenges I faced during the 8 week of my training. And some recommendations that will help this program to improve even more so the other student will get more benefit of this wonderful experience.
1.Interdiction : The purpose of this report is to document my experience in a very detailed way of my training in McAfee for the summer of 2013. This report will help underrating the company and the environment of the company Also it will provide what I’ve done in my training period that last for eight weeks. In Fact My training was built in two Parts. First Part Learning about different area in security science that will help me to get through the second part which was about practicing what I learn. My job basically was to learn how to protect the small/medium companies system of any threat that could affect their system. Finally the conclusion of my report present what I’ve learned during my training in McAfee. And a recommendation for the student who want to get an internship in such a good company like McAfee. And a recommendation for the university to improve this program for the future.
2. The Training Plan Since the interview I was aware that my training will be divided to two parts. First parts will be based on learning more than doing. Learning about different areas of security that will help me during my second part which is the project. In the second part I have to assign what I’ve learn in the first month I start to install software in the system and test and scan to see how it works and I’ve got the chance to test a costumer system. Which makes all the things I’ve learned more valuable. Beside the training plan I’ve got the chance to do additional work such as attending the meeting and meet the costumer and see how business work. Also I’ve been blessed by meeting one of the old McAfee employee Mr. Bill Rielly a Senior Vice President, Small & Medium Business. who worked in the company for more so long. He taught me a lot of good things that will help me in my future career.
3. Information about the Training Company McAfee is an American global computer security software company headquartered in Santa Clara, California, and the world's largest dedicated security technology company. As of February 28, 2011, McAfee is a wholly owned subsidiary of Intel. Figure1: McAfee headquarters in Santa Clara, California. McAfee had opened their first office in Saudi Arabia in 2010 it start with a small office and now they have more than 10 employee. The age of the employee is different but most of them are old men who are very expert in their job. most The employee have an ungraduate degree and few of them got a graduate degree. There is no specific dress that you have to wear. Every employee can wear what make him/her comfortable as long as its cover. And for the ladies we wear Abays. The staff are very respectful, the respect the traditions even though 70% of them are not Arabs. But they are aware of the limitation and traditions we have in Saudi Arabia The main objective of this training program is to give an overview to the ungraduated student To impart basic knowledge from a senior people. And the purpose of their training program is:  To broaden minds of supervisors.  To assist employees to know more about the new generation.  To enhance the employees of their knowledge and encourage to give more.  To encourage and support the intern to learn about the new technology by McAfee as they believe that the student will take their place in the future.
4. Training Work description and Achievements When I first told my advisor that the suggesting training is at least 8 week with a minimum charge of 300 hours he suggested to divide the 8 weeks to two. So basically the first 4 weeks will be based on learning and the second 4 works will be a big project for me. And you will find this in details below: Week one: That was the warming week, It was exploratory for me. My advisor was introducing me to the place to get familiar. The office Manager handed my laptop and taught me how to work on it. And how to use the system, E-mail how to set a meeting and use the electronic library it took me a while to get to use to it. My advisor suggest me to do a one on one meeting with each employee to get to know them and to break the ice and to know how they can help me during my intern. Each week the company have a staff meeting for an hour and half. That discuss the newest technologies, expecting visitor and how each team can work with another on the challenges. Each team display the projects that they going to work on to either display it or to discuss some points. I’ve got a training on the following areas: - Law of conduct: That was very important to start with. In this training I’ve learned the law of the company. I’ve reviewed stories based in real used different names of people who broke the law and went to jail for this. - Protecting Information: The sensitive information in each company is a target for either the competitive or the people who use it to blackmail the company for money. I’ve reviewed some stories about companies who lost their data and these important information and end up bankrupt their company. Protecting a Personally Identifiable Information for the company employee is so important, therefore I’ve learned how we can do that and how to advice the company and employee about this. I’ve Also learned what type of information that should be protected in each filed and how I can protect them by using McAfee tools and programs.
-Social Engineering: Basically social engineering is what cybercriminals use to persuade or deceive the user into sharing sensitive information or allowing access to user computer by pretending to be someone or something they aren’t. In this training I’ve reviewed real based stories on this subject and I’ve watched a movie called” Identity Thief” show how a lady were stealing sensitive bank information from people and use it to create credit card and use them to buy things. Based on research that Dimensional Reach center had done they found that 51% of the social engineering attack were motivated by financial gain, while only 14% of the social engineering attacks were motivated by revenge. Reference: http://www.checkpoint.com/press/downloads/social-engineering- survey.pdf http://home.mcafee.com/advicecenter/?id=rs_na_su11article2 Required Background: IT140 Machines used: Special Laptop from the company that has an access to my official Email
Week Two: In this week I’ve got to continue my one on one meeting with the team. And beside this I’ve got the chance to attend the call with the European office that the company usually do every quarter I’ve learned a lot from this call that was last for almost three hours. Beside all previous tasks I’ve continue following my learning plan: -Email Security: This training was divide to three parts: Part one: Was kind of what I’ve studded in Network1 course number IT224 how the information transfer from one person to another. Part two: Was really easy for me to understand this part because it’s talk about encryption and I’ve already studied that in the information Security course number IT324. Part three: this part complete part two on how to protect your Email from the hackers which is something I already studied as well in information security IT324. My project supervisor had suggest me to read about the encryption since it’s very important and he suggest me this book (CISSP All-in-One Exam Guide, Fifth Edition by Shon Harris) I’ve looked up to it in the library but I didn’t found it so I borrowed it from my supervisor. -Device Security: This was the most interesting training I’ve got so far. I’ve got the chance to see McAfee Lab and all the devices that they use for security. Some of the these devices can’t be sold to the public so it’s just for the security company. I’ve also learned about McAfee Device Control that help the companies to protects their data from falling into the wrong hands. In this training I’ve also learned about the Wi-Fi technology and why it’s easy target for the Hackers and how can I decreased the risk and improve the protection on this technology. Required Background: IT324, IT224, IT140 Books: CISSP All-in-One Exam Guide, Fifth Edition by Shon Harris
Week Three: In this week I’ve been utilizing a senior executive visit to the country where I improved my technical skills in security filed and business. Mr Bill Rielly a Senior Vice President, Small & Medium Business in McAfee. In addition to the visit I’ve worked with one of the team Mr.Jackob on the spyware. I’ve watched Mr.jackob doing this in steps to seek for the Vulnerabilities In the System I’ve also took a training on the following: - Malware: I’ve learned some of this subject in IT324 which helped me a lot specially after I reviewed the slides of the course. Required Background: IT324 Challenged: Mr.Jackob was familiar with the spyware’s so he was kind of working on this very fast I was trying my best to follow up. So the other day I decide to take notes.
Week Four: One of the intern had faced a technical problem the previous week and my advisor had suggest me to learn how to report a problem in case I faced this in the future he asked one of team to guide me and I’ve learned how to report all type of problems technical, finance, HR, legal etc. That wasn’t part of the plan but it was very helpful. I’ve took training also in the following: - Passwords: That was the easiest training. It was kind of giddiness on how to build a strong password for the systems. And how to convince the costumers to use an encryption passwords for their system to protect it from the phishing hacks. -Incident Reporting: It happen that a costumer report a security problem of things that they aren’t sure about it. In this Training I’ve learned how to read a reports from the costumer system and report it to concerned team to get it fixed. - Vulnerability Manager: That was the most important training during the past 4 weeks since it will affect my project. In the figure 1 you see the MVM Value McAfee happen to have her own system on managing the vulnerabilities. I’ve been able to see the other team how to work on this system and tools that benefit me and made me fully understand how the system work in the real world. Figure 2: McAfee Vulnerability Manger value. Last day of the week I had a long meeting with Mr.jakob who happen to be my supervisor for the project he was explaining what I am going to do for the next 4 weeks. He explained the point for me and he gave me some reading task to do during the weekend that will help me during my project.
Week Five: This week is my first week on the second part of my training which is the project. In this Week Mr.Jackop had a small meeting to present the project to me. And advise me to have at least an hour with Mr. Andreas Wagner who is an expert in this filed. What I’ve done basically this week is: 1- Installing the Virtual machine player in my computer: The goal of this: Is in case I’ve messed with the system my real PC won’t be effective. 2- Connected the Virtual Machine to the McAfee Lab. Challenge: There were a lot of options during the setup that made lost. Challenge:  While I was installing the VMP there were a lot of sittings that I may be very aware and carful about it. Which made me stop installing and reading on the requirement and need that was around 500 Page from McAfee library which took me few extra hours.  Connecting the VM to the Lab was also hard as it wasn’t explained very well in the beginning and I had to find the address for each machine. Machines used: Personal PC, server, Other devices, switch,
Week Six: McAfee happen to have thousands of application to protect hundreds of different type of information. Eerily this week I’ve got to read about these applications. My supervisor had highlighted the apps, software’s and tools that I should read about carefully that I will need to use later on this week. I’ve install few software’s and tool that I will need to test, scan in my local system. Also I’ve scan the assets I have in my system figure 3. Figure3: The System I build in McAfee Lab Required Background: IT224
Week Seven: I started with what I finished last week. Scanning the assets. In fact I got the chance to scan the costumer system. Which was a very huge step for me since I’ve been working on the local test lab we have in McAfee office since I started. I’ve Also created risk profiles in the Lab as McAfee believed that “Today Risk could be Tomorrows Problem” I’ve done these risk profiles in the lab I’ve created earlier in the office. I couldn’t create one for the customer since I have to get deep into their system which take longer time than my training period. My project supervisor had asked me to review few report that will give me a sense of what I am going to do later on this week. He also had set a meeting for an hour and half to teach me how to analysis the reports. Later in this week I’ve been able to create my own report and analysis it. Figure4: Screenshot of my reports.
Week Eight: That week was my last week. My supervisor allowed me to meet the new costumer and discuss their system and study:  Their sensitive information area.  what protection they need.  Type of company ( Small/Medium) And I present this to the costumer in my last day after I present it to the team and they gave me their feedback. Required Background: IT140, MC140, 324Stat
5. Conclusions and Recommendations In conclusion, during the training technically I’ve learned a lot about security and networking and I’ve learned a lot about life skills that will help me in my future career. I would summarize what I’ve learning during my training the following:  Oral and written communication skills.  Customer service skills  Leadership skills  Teamwork skills  Organizational skills.  project management skills  Working with colleagues who have substantial experience within the security industry  Understanding the Small/medium business System and how to protect it.  Build my own lab using a VM and MVM tools and software  Test and scan the weak point on my system.  Write a report and how to study them  Expect the risk and fix it in early stage.
Recommendation: I recommend an Internship because it gives you the opportunity to apply fundamentals learned in the classroom to real-world issues. It also gives you an in- depth analysis of what it is really like to work within your field of study. Lastly, an Internship gives you an 'edge' against competition when entering into the workforce. I just wished if it was longer than two month or eight weeks.
References:  MVM 750 Best Practices.  MVM Value v3  MVM 750 PA530 Integration Guide  MVM_PowerBroker

Recommended

Computer Science Student Final attachment Logbook
Computer Science Student Final attachment Logbook Computer Science Student Final attachment Logbook
Computer Science Student Final attachment Logbook Paullaster Okoth
 
5 common mistakes to avoid during capability procedure
5 common mistakes to avoid during capability procedure5 common mistakes to avoid during capability procedure
5 common mistakes to avoid during capability procedureSonia Gill
 
7 ETHICS SURVIVAL SKILLS FOR THE GOVERNMENT LAWYER
7 ETHICS SURVIVAL SKILLS FOR THE GOVERNMENT LAWYER7 ETHICS SURVIVAL SKILLS FOR THE GOVERNMENT LAWYER
7 ETHICS SURVIVAL SKILLS FOR THE GOVERNMENT LAWYERtexasgovernmentlawyer
 
Client interviewing techniques
Client interviewing techniquesClient interviewing techniques
Client interviewing techniquesPooja Thomas
 
Client interviewing (1)
Client interviewing (1)Client interviewing (1)
Client interviewing (1)Nationallawschoolbangalore
 
Chapter 5
Chapter 5Chapter 5
Chapter 5Eba Tolesa
 
Intern insights with sonora gaggar
Intern insights with sonora gaggarIntern insights with sonora gaggar
Intern insights with sonora gaggarSwitch Idea
 
Project assignment objective
Project assignment objectiveProject assignment objective
Project assignment objectiveEssaywriting.ae - Best Essay Writing Help Service
 

Recommended

Computer Science Student Final attachment Logbook
Computer Science Student Final attachment Logbook Computer Science Student Final attachment Logbook
Computer Science Student Final attachment Logbook Paullaster Okoth
 
5 common mistakes to avoid during capability procedure
5 common mistakes to avoid during capability procedure5 common mistakes to avoid during capability procedure
5 common mistakes to avoid during capability procedureSonia Gill
 
7 ETHICS SURVIVAL SKILLS FOR THE GOVERNMENT LAWYER
7 ETHICS SURVIVAL SKILLS FOR THE GOVERNMENT LAWYER7 ETHICS SURVIVAL SKILLS FOR THE GOVERNMENT LAWYER
7 ETHICS SURVIVAL SKILLS FOR THE GOVERNMENT LAWYERtexasgovernmentlawyer
 
Client interviewing techniques
Client interviewing techniquesClient interviewing techniques
Client interviewing techniquesPooja Thomas
 
Client interviewing (1)
Client interviewing (1)Client interviewing (1)
Client interviewing (1)Nationallawschoolbangalore
 
Chapter 5
Chapter 5Chapter 5
Chapter 5Eba Tolesa
 
Intern insights with sonora gaggar
Intern insights with sonora gaggarIntern insights with sonora gaggar
Intern insights with sonora gaggarSwitch Idea
 
Project assignment objective
Project assignment objectiveProject assignment objective
Project assignment objectiveEssaywriting.ae - Best Essay Writing Help Service
 
internship report covert
internship report covertinternship report covert
internship report covertMohammad Ibrahim
 
SIP Report Final Copy
SIP Report Final CopySIP Report Final Copy
SIP Report Final CopyAmeya Kulkarni
 
E
EE
EZemenab Arega
 
Chapter 2
Chapter 2Chapter 2
Chapter 2Eba Tolesa
 
IT_Analyst_6_Shentaijun
IT_Analyst_6_ShentaijunIT_Analyst_6_Shentaijun
IT_Analyst_6_Shentaijun?? ?
 
Summer internship
Summer internshipSummer internship
Summer internshipSreeSowmya7
 
Inquiry and information_fluency_mini_lessons
Inquiry and information_fluency_mini_lessonsInquiry and information_fluency_mini_lessons
Inquiry and information_fluency_mini_lessonsCherelleR
 
Internship_Report_Projects_have_done_Dur.pdf
Internship_Report_Projects_have_done_Dur.pdfInternship_Report_Projects_have_done_Dur.pdf
Internship_Report_Projects_have_done_Dur.pdfHikMan2
 
Internship Report
Internship ReportInternship Report
Internship Reporthongocdang
 
java training in chennai
java training in chennaijava training in chennai
java training in chennaisanjai rsamy
 
Report
ReportReport
ReportAlok Chaudhary
 
Imation Corp. - Intern Program
Imation Corp. - Intern ProgramImation Corp. - Intern Program
Imation Corp. - Intern ProgramAbby Cranston Dalzell
 
Topic Tech companies prepare for cyber-attacks using common cyber.docx
Topic Tech companies prepare for cyber-attacks using common cyber.docxTopic Tech companies prepare for cyber-attacks using common cyber.docx
Topic Tech companies prepare for cyber-attacks using common cyber.docxjuliennehar
 
Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...
Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...
Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...TechSoup
 
Project Charter 461
Project Charter 461Project Charter 461
Project Charter 461mohamed abbas
 
Why should you join Aedifico Tech?
Why should you join Aedifico Tech?Why should you join Aedifico Tech?
Why should you join Aedifico Tech?David Choudhury
 
Dit yvol4iss37
Dit yvol4iss37Dit yvol4iss37
Dit yvol4iss37Rick Lemieux
 
15 best practices for online teaching
15 best practices for online teaching15 best practices for online teaching
15 best practices for online teachingDavid Deubelbeiss
 
Btec core business and ict
Btec core business and ictBtec core business and ict
Btec core business and ict29006
 
Btec core business and ict
Btec core business and ictBtec core business and ict
Btec core business and ict29006
 

More Related Content

Similar to Final Report-2

IT_Analyst_6_Shentaijun
IT_Analyst_6_ShentaijunIT_Analyst_6_Shentaijun
IT_Analyst_6_Shentaijun?? ?
 
Summer internship
Summer internshipSummer internship
Summer internshipSreeSowmya7
 
Inquiry and information_fluency_mini_lessons
Inquiry and information_fluency_mini_lessonsInquiry and information_fluency_mini_lessons
Inquiry and information_fluency_mini_lessonsCherelleR
 
Internship_Report_Projects_have_done_Dur.pdf
Internship_Report_Projects_have_done_Dur.pdfInternship_Report_Projects_have_done_Dur.pdf
Internship_Report_Projects_have_done_Dur.pdfHikMan2
 
Internship Report
Internship ReportInternship Report
Internship Reporthongocdang
 
java training in chennai
java training in chennaijava training in chennai
java training in chennaisanjai rsamy
 
Topic Tech companies prepare for cyber-attacks using common cyber.docx
Topic Tech companies prepare for cyber-attacks using common cyber.docxTopic Tech companies prepare for cyber-attacks using common cyber.docx
Topic Tech companies prepare for cyber-attacks using common cyber.docxjuliennehar
 
Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...
Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...
Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...TechSoup
 
Why should you join Aedifico Tech?
Why should you join Aedifico Tech?Why should you join Aedifico Tech?
Why should you join Aedifico Tech?David Choudhury
 
15 best practices for online teaching
15 best practices for online teaching15 best practices for online teaching
15 best practices for online teachingDavid Deubelbeiss
 
Btec core business and ict
Btec core business and ictBtec core business and ict
Btec core business and ict29006
 
Btec core business and ict
Btec core business and ictBtec core business and ict
Btec core business and ict29006
 

Similar to Final Report-2 (20)

internship report covert
internship report covertinternship report covert
internship report covert
 
SIP Report Final Copy
SIP Report Final CopySIP Report Final Copy
SIP Report Final Copy
 
E
EE
E
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
IT_Analyst_6_Shentaijun
IT_Analyst_6_ShentaijunIT_Analyst_6_Shentaijun
IT_Analyst_6_Shentaijun
 
Summer internship
Summer internshipSummer internship
Summer internship
 
Inquiry and information_fluency_mini_lessons
Inquiry and information_fluency_mini_lessonsInquiry and information_fluency_mini_lessons
Inquiry and information_fluency_mini_lessons
 
Internship_Report_Projects_have_done_Dur.pdf
Internship_Report_Projects_have_done_Dur.pdfInternship_Report_Projects_have_done_Dur.pdf
Internship_Report_Projects_have_done_Dur.pdf
 
Internship Report
Internship ReportInternship Report
Internship Report
 
java training in chennai
java training in chennaijava training in chennai
java training in chennai
 
Report
ReportReport
Report
 
Imation Corp. - Intern Program
Imation Corp. - Intern ProgramImation Corp. - Intern Program
Imation Corp. - Intern Program
 
Topic Tech companies prepare for cyber-attacks using common cyber.docx
Topic Tech companies prepare for cyber-attacks using common cyber.docxTopic Tech companies prepare for cyber-attacks using common cyber.docx
Topic Tech companies prepare for cyber-attacks using common cyber.docx
 
Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...
Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...
Expert-Led Online Training for Nonprofit Changemakers on TechSoup Courses- Au...
 
Project Charter 461
Project Charter 461Project Charter 461
Project Charter 461
 
Why should you join Aedifico Tech?
Why should you join Aedifico Tech?Why should you join Aedifico Tech?
Why should you join Aedifico Tech?
 
Dit yvol4iss37
Dit yvol4iss37Dit yvol4iss37
Dit yvol4iss37
 
15 best practices for online teaching
15 best practices for online teaching15 best practices for online teaching
15 best practices for online teaching
 
Btec core business and ict
Btec core business and ictBtec core business and ict
Btec core business and ict
 
Btec core business and ict
Btec core business and ictBtec core business and ict
Btec core business and ict
 

Final Report-2

  • 1. King Saud University College of Computer and Information Sciences Department Name Security Engineer Intern A final Report submitted in Partial Fulfillment of the Practical Training Program Student Name: Amal Alassaf Student ID#: 429201822 Company Name: Intel Corporation Training Date: Starting 9/6/2013 Completion: 1/8/2013 Supervisor Name: Omar M Al-othiem Summer of 2013
  • 2. Acknowledgement: I want to take this opportunity to express my profound gratitude and deep regards to Miss. Hanan Altmemi and all the people who were working on this program. The blessing, help and guidance given by them time to time shall carry me a long way in the journey of life on which I am about to embark. I also take this opportunity to express a deep sense of gratitude to Mr. Omar Al-Othiem, for his cordial support, valuable information and guidance, which helped me in completing this task through various stages. I am really thankful to Mr.Jakob Oberascher, Mr.Tambi Baik, Mr.Andreas Wagner and all the staff members of McAfee, for the valuable information provided by them in their respective fields. I am grateful for their cooperation during the period of my assignment. Lastly, I thank almighty my sister and friends for their constant encouragement without which this assignment would not be possible. Amal A Alassaf
  • 3. Table of Contents Summary ........................................................................................................................ 4 1. Introduction ................................................................................................................ 5 2. The Training Plan ....................................................................................................... 6 3. Information about the Training Company………………………............................... 8 4. Training Work description and Achievements ........................................................... 9 5. Conclusions and Recommendations ..........................................................,............... 18 References ..................................................................................................................... 20
  • 4. List of Figures Figure 1: McAfee headquarters in Santa Clara, California....................................................... 8 Figure 2: McAfee Vulnerability Manger value. .................................................................. 13 Figure 3: The System I build in McAfee Lab....................................................................... 15 Figure 4: Screenshot of my reports......................................... ............................................16
  • 5. Summary: I’ve been blessed to have my training in one of the multinational company around the world. This report will give an Introduction of my training opportunity as a security engineering in McAfee and some information about the company and the environment I’ve worked in . This report will also provide my training plan for the whole two months week by week will explain my tasks in a very detailed way of what I’ve learned. The report also contain some figures and the name of machines I used and the courses that I took during my Academic year that helped me during my training. Finally this report will highlight the major points of what I’ve learned and how I dialed with the challenges I faced during the 8 week of my training. And some recommendations that will help this program to improve even more so the other student will get more benefit of this wonderful experience.
  • 6. 1.Interdiction : The purpose of this report is to document my experience in a very detailed way of my training in McAfee for the summer of 2013. This report will help underrating the company and the environment of the company Also it will provide what I’ve done in my training period that last for eight weeks. In Fact My training was built in two Parts. First Part Learning about different area in security science that will help me to get through the second part which was about practicing what I learn. My job basically was to learn how to protect the small/medium companies system of any threat that could affect their system. Finally the conclusion of my report present what I’ve learned during my training in McAfee. And a recommendation for the student who want to get an internship in such a good company like McAfee. And a recommendation for the university to improve this program for the future.
  • 7. 2. The Training Plan Since the interview I was aware that my training will be divided to two parts. First parts will be based on learning more than doing. Learning about different areas of security that will help me during my second part which is the project. In the second part I have to assign what I’ve learn in the first month I start to install software in the system and test and scan to see how it works and I’ve got the chance to test a costumer system. Which makes all the things I’ve learned more valuable. Beside the training plan I’ve got the chance to do additional work such as attending the meeting and meet the costumer and see how business work. Also I’ve been blessed by meeting one of the old McAfee employee Mr. Bill Rielly a Senior Vice President, Small & Medium Business. who worked in the company for more so long. He taught me a lot of good things that will help me in my future career.
  • 8. 3. Information about the Training Company McAfee is an American global computer security software company headquartered in Santa Clara, California, and the world's largest dedicated security technology company. As of February 28, 2011, McAfee is a wholly owned subsidiary of Intel. Figure1: McAfee headquarters in Santa Clara, California. McAfee had opened their first office in Saudi Arabia in 2010 it start with a small office and now they have more than 10 employee. The age of the employee is different but most of them are old men who are very expert in their job. most The employee have an ungraduate degree and few of them got a graduate degree. There is no specific dress that you have to wear. Every employee can wear what make him/her comfortable as long as its cover. And for the ladies we wear Abays. The staff are very respectful, the respect the traditions even though 70% of them are not Arabs. But they are aware of the limitation and traditions we have in Saudi Arabia The main objective of this training program is to give an overview to the ungraduated student To impart basic knowledge from a senior people. And the purpose of their training program is:  To broaden minds of supervisors.  To assist employees to know more about the new generation.  To enhance the employees of their knowledge and encourage to give more.  To encourage and support the intern to learn about the new technology by McAfee as they believe that the student will take their place in the future.
  • 9. 4. Training Work description and Achievements When I first told my advisor that the suggesting training is at least 8 week with a minimum charge of 300 hours he suggested to divide the 8 weeks to two. So basically the first 4 weeks will be based on learning and the second 4 works will be a big project for me. And you will find this in details below: Week one: That was the warming week, It was exploratory for me. My advisor was introducing me to the place to get familiar. The office Manager handed my laptop and taught me how to work on it. And how to use the system, E-mail how to set a meeting and use the electronic library it took me a while to get to use to it. My advisor suggest me to do a one on one meeting with each employee to get to know them and to break the ice and to know how they can help me during my intern. Each week the company have a staff meeting for an hour and half. That discuss the newest technologies, expecting visitor and how each team can work with another on the challenges. Each team display the projects that they going to work on to either display it or to discuss some points. I’ve got a training on the following areas: - Law of conduct: That was very important to start with. In this training I’ve learned the law of the company. I’ve reviewed stories based in real used different names of people who broke the law and went to jail for this. - Protecting Information: The sensitive information in each company is a target for either the competitive or the people who use it to blackmail the company for money. I’ve reviewed some stories about companies who lost their data and these important information and end up bankrupt their company. Protecting a Personally Identifiable Information for the company employee is so important, therefore I’ve learned how we can do that and how to advice the company and employee about this. I’ve Also learned what type of information that should be protected in each filed and how I can protect them by using McAfee tools and programs.
  • 10. -Social Engineering: Basically social engineering is what cybercriminals use to persuade or deceive the user into sharing sensitive information or allowing access to user computer by pretending to be someone or something they aren’t. In this training I’ve reviewed real based stories on this subject and I’ve watched a movie called” Identity Thief” show how a lady were stealing sensitive bank information from people and use it to create credit card and use them to buy things. Based on research that Dimensional Reach center had done they found that 51% of the social engineering attack were motivated by financial gain, while only 14% of the social engineering attacks were motivated by revenge. Reference: http://www.checkpoint.com/press/downloads/social-engineering- survey.pdf http://home.mcafee.com/advicecenter/?id=rs_na_su11article2 Required Background: IT140 Machines used: Special Laptop from the company that has an access to my official Email
  • 11. Week Two: In this week I’ve got to continue my one on one meeting with the team. And beside this I’ve got the chance to attend the call with the European office that the company usually do every quarter I’ve learned a lot from this call that was last for almost three hours. Beside all previous tasks I’ve continue following my learning plan: -Email Security: This training was divide to three parts: Part one: Was kind of what I’ve studded in Network1 course number IT224 how the information transfer from one person to another. Part two: Was really easy for me to understand this part because it’s talk about encryption and I’ve already studied that in the information Security course number IT324. Part three: this part complete part two on how to protect your Email from the hackers which is something I already studied as well in information security IT324. My project supervisor had suggest me to read about the encryption since it’s very important and he suggest me this book (CISSP All-in-One Exam Guide, Fifth Edition by Shon Harris) I’ve looked up to it in the library but I didn’t found it so I borrowed it from my supervisor. -Device Security: This was the most interesting training I’ve got so far. I’ve got the chance to see McAfee Lab and all the devices that they use for security. Some of the these devices can’t be sold to the public so it’s just for the security company. I’ve also learned about McAfee Device Control that help the companies to protects their data from falling into the wrong hands. In this training I’ve also learned about the Wi-Fi technology and why it’s easy target for the Hackers and how can I decreased the risk and improve the protection on this technology. Required Background: IT324, IT224, IT140 Books: CISSP All-in-One Exam Guide, Fifth Edition by Shon Harris
  • 12. Week Three: In this week I’ve been utilizing a senior executive visit to the country where I improved my technical skills in security filed and business. Mr Bill Rielly a Senior Vice President, Small & Medium Business in McAfee. In addition to the visit I’ve worked with one of the team Mr.Jackob on the spyware. I’ve watched Mr.jackob doing this in steps to seek for the Vulnerabilities In the System I’ve also took a training on the following: - Malware: I’ve learned some of this subject in IT324 which helped me a lot specially after I reviewed the slides of the course. Required Background: IT324 Challenged: Mr.Jackob was familiar with the spyware’s so he was kind of working on this very fast I was trying my best to follow up. So the other day I decide to take notes.
  • 13. Week Four: One of the intern had faced a technical problem the previous week and my advisor had suggest me to learn how to report a problem in case I faced this in the future he asked one of team to guide me and I’ve learned how to report all type of problems technical, finance, HR, legal etc. That wasn’t part of the plan but it was very helpful. I’ve took training also in the following: - Passwords: That was the easiest training. It was kind of giddiness on how to build a strong password for the systems. And how to convince the costumers to use an encryption passwords for their system to protect it from the phishing hacks. -Incident Reporting: It happen that a costumer report a security problem of things that they aren’t sure about it. In this Training I’ve learned how to read a reports from the costumer system and report it to concerned team to get it fixed. - Vulnerability Manager: That was the most important training during the past 4 weeks since it will affect my project. In the figure 1 you see the MVM Value McAfee happen to have her own system on managing the vulnerabilities. I’ve been able to see the other team how to work on this system and tools that benefit me and made me fully understand how the system work in the real world. Figure 2: McAfee Vulnerability Manger value. Last day of the week I had a long meeting with Mr.jakob who happen to be my supervisor for the project he was explaining what I am going to do for the next 4 weeks. He explained the point for me and he gave me some reading task to do during the weekend that will help me during my project.
  • 14. Week Five: This week is my first week on the second part of my training which is the project. In this Week Mr.Jackop had a small meeting to present the project to me. And advise me to have at least an hour with Mr. Andreas Wagner who is an expert in this filed. What I’ve done basically this week is: 1- Installing the Virtual machine player in my computer: The goal of this: Is in case I’ve messed with the system my real PC won’t be effective. 2- Connected the Virtual Machine to the McAfee Lab. Challenge: There were a lot of options during the setup that made lost. Challenge:  While I was installing the VMP there were a lot of sittings that I may be very aware and carful about it. Which made me stop installing and reading on the requirement and need that was around 500 Page from McAfee library which took me few extra hours.  Connecting the VM to the Lab was also hard as it wasn’t explained very well in the beginning and I had to find the address for each machine. Machines used: Personal PC, server, Other devices, switch,
  • 15. Week Six: McAfee happen to have thousands of application to protect hundreds of different type of information. Eerily this week I’ve got to read about these applications. My supervisor had highlighted the apps, software’s and tools that I should read about carefully that I will need to use later on this week. I’ve install few software’s and tool that I will need to test, scan in my local system. Also I’ve scan the assets I have in my system figure 3. Figure3: The System I build in McAfee Lab Required Background: IT224
  • 16. Week Seven: I started with what I finished last week. Scanning the assets. In fact I got the chance to scan the costumer system. Which was a very huge step for me since I’ve been working on the local test lab we have in McAfee office since I started. I’ve Also created risk profiles in the Lab as McAfee believed that “Today Risk could be Tomorrows Problem” I’ve done these risk profiles in the lab I’ve created earlier in the office. I couldn’t create one for the customer since I have to get deep into their system which take longer time than my training period. My project supervisor had asked me to review few report that will give me a sense of what I am going to do later on this week. He also had set a meeting for an hour and half to teach me how to analysis the reports. Later in this week I’ve been able to create my own report and analysis it. Figure4: Screenshot of my reports.
  • 17. Week Eight: That week was my last week. My supervisor allowed me to meet the new costumer and discuss their system and study:  Their sensitive information area.  what protection they need.  Type of company ( Small/Medium) And I present this to the costumer in my last day after I present it to the team and they gave me their feedback. Required Background: IT140, MC140, 324Stat
  • 18. 5. Conclusions and Recommendations In conclusion, during the training technically I’ve learned a lot about security and networking and I’ve learned a lot about life skills that will help me in my future career. I would summarize what I’ve learning during my training the following:  Oral and written communication skills.  Customer service skills  Leadership skills  Teamwork skills  Organizational skills.  project management skills  Working with colleagues who have substantial experience within the security industry  Understanding the Small/medium business System and how to protect it.  Build my own lab using a VM and MVM tools and software  Test and scan the weak point on my system.  Write a report and how to study them  Expect the risk and fix it in early stage.
  • 19. Recommendation: I recommend an Internship because it gives you the opportunity to apply fundamentals learned in the classroom to real-world issues. It also gives you an in- depth analysis of what it is really like to work within your field of study. Lastly, an Internship gives you an 'edge' against competition when entering into the workforce. I just wished if it was longer than two month or eight weeks.
  • 20. References:  MVM 750 Best Practices.  MVM Value v3  MVM 750 PA530 Integration Guide  MVM_PowerBroker