SAP: MY FIRST CYBERSECURITY VIRUTAL INTERNSHIP EXPERIENCE
Hello reader, hope you are doing good. I am here to share my experience as a cybersecurity virtual intern at SAP. I dedicate my sincere thanks to Forage for providing me this opportunity.
About SAP
According to Wikipedia, SAP SE is a German multinational software corporation based in Walldorf, Baden-Württemberg, that develops enterprise software to manage business operations and customer relations. The company is especially known for its ERP software.
My experience at SAP
As this was my first virtual internship and I am a beginner in the field of cybersecurity while applying for this virtual internship, I was set blank at first. But they have provided with all the necessary instructions to complete the internship.
In virtual internships, we’ll be provided with some tasks that is carried out by that company and they’ll also guide you at every step, also they’ll provide the solutions too at the end of the internship.
At SAP, they assigned me with four tasks related to cybersecurity:
- Identifying password flaws
- Identifying phishing attempts
- Hardening Windows server
- Finally analyzing and recommending best practices for the clients.
Now, let us walk through each and every task that I have done during my internship.
1. Protect the keys to the kingdom:
In this task, they provided me with a list of users and their respective passwords. And I was asked to determine which users are complaint and non-complaint by reviewing the policy document and comparing the user passwords.
The password policy comprised of three pages and it has some common policies like the minimum length must be twelve characters, password should not be a proper name, password would expire within 90 days of calendar days and so on. After I went through the company’s password policy, I compared the user’s passwords with the password policies and identified the complaint passwords.
My learning from this task:
I learnt how to set a secure password and how to maintain it. And learnt about the Principles of Defense.
2. Gone Phishing:
For this task, we should be familiar with some common terms and definitions like ransomware, false positives and spear phishing.
Before getting into this task, I have gone through the resource, “Social Engineering Red Flags” which was very useful for me to complete the task. In this task, they have provided with a document containing screenshots of emails received by their clients. I was supposed to review the emails and identify the false positive emails.
My learning from this task:
Through this task, I have gained knowledge of Anti-Phishing Tactics and Techniques through “Phishing Red Flags” (resource that they have provided) i.e. how to differentiate and identify phishing emails from the genuine ones.
3. Harden your system:
This task is about working with “Windows server 2019”. I was instructed to download and install VirtualBox and host the Windows server 2019 virtual machine. As I had VirtualBox already, I downloaded the “Windows Server 2019 ISO file” and hosted it in the VirtualBox.
The following steps of this task are: first I have configured the VirtualBox environment and have installed the OS in virtual server and then here comes the main thing, hardening the server.
For hardening the server, we have to first run the “Windows update” to ensure maximum protection. And then we have to update the server’s local password policy.
My learning from this task:
I learnt how to install and run a server’s ISO file in VirtualBox. And I had some hands-on experience on working with Windows server. I grasped Windows Hardening Techniques.
4.Final analysis and Recommendations:
As I have learnt some new things in the above tasks, the final task is the combination of those things I learnt. I was provided with a .csv file and I was asked to use all the information and resources used throughout that course. I verified the password strength, checked whether all the users and systems are compliant or not.
Finally, I submitted a report in which I have to mention my findings and recommendations based on my analysis.
My learning from this task:
I got to know how to write a report on my findings from a given information and developed my analyzing skill and attention to detail.
To conclude with, from this virtual internship, I came to know about many new things in the field of Cybersecurity and got an experience as same as a cybersecurity engineer at SAP. This internship was a great way for me to dip my leg into this field.
