Professional Documents
Culture Documents
harsh internship report final
harsh internship report final
A Report Submitted
In Partial Fulfillment
for award of Bachelor of Technology
In
COMPUTER SCIENCE & ENGINEERING
(AIML)
By
&
Saurabh Namdev
DECLARATION
I hereby declare that the work presented in this report was carried out by me. I have not
submitted the matter embodied in this report for the award of any other degree or diploma of
any other University or Institute.
i
CSE AIML
Certified that Harsh Tiwari (Roll No: 2001331530076), has carried out the industrial work
presented in this Internship Report at Zscaler in partial fulfilment of the requirements for the
award of Bachelor of Technology, department name from Dr. APJ Abdul Kalam Technical
Signature Signature
Date:
ii
CSE AIML
ACKNOWLEDGEMENT
I would like to express my gratitude towards Mr. Tushar Singhal and Saurabh Sir for their
guidance, support and constant supervision as well as for providing necessary information
during my internship.
My thanks and appreciations to respected Teachers, for their motivation and support
throughout.
iii
CSE AIML
ABSTRACT
As a Associate Software Engineer at Zscaler, my journey has been one of continual learning
and growth, delving into the intricate realm of Unix/Linux systems and mastering the art of
automation through Ansible. This report serves as a comprehensive overview of my
experiences and progress thus far.
Starting from grasping the foundational principles of Unix/Linux systems, such as file
systems, processes, and user management, I've gained a deeper appreciation for their
robustness and flexibility. With each command executed and configuration tweaked, I've
honed my skills in troubleshooting and system optimization, essential for maintaining reliable
systems.
Throughout this journey, I've embraced the importance of adaptability in the face of constant
change. Whether navigating system outages or scaling demands, an adaptive mindset has
been crucial. It has enabled me to approach challenges with resilience and creativity, driving
continuous improvement in our reliability engineering efforts.
In this report, I'll delve into specific projects and initiatives undertaken, sharing both
successes and lessons learned along the way. Moreover, I'll outline future avenues for
exploration and improvement, as I continue to navigate the dynamic landscape engineering at
Zscaler.
iv
CSE AIML
TABLE OF CONTENTS
Page No.
▪ Declaration
▪ Certificate from the institute
▪ Certificate from industry
▪ Acknowledgement
Abstract
o CHAPTER 1: INTRODUCTION
▪ ORGANIZATION OVERVIEW
▪ MISSION AND SCOPE
▪ UNDERSTANDING ASE QA
1
CSE AIML
CHAPTER 1
INTRODUCTION:
Leadership:
Zscaler operates the world's largest security-as-a-service (SaaS) cloud platform to provide the
industry's only 100% cloud-delivered web and mobile security solution. The highly scalable,
global, multi-cloud infrastructure features three key components: the Zscaler Central
Authority, ZIA Public Service Edges (formerly Zscaler Enforcement Nodes or ZENs), and
Nanolog clusters.
1
CSE AIML
2
CSE AIML
3
CSE AIML
4
CSE AIML
Through its mission-driven approach, guided by core values of innovation, customer focus,
integrity, and teamwork, Zscaler empowers organizations to securely embrace the
transformative potential of the cloud. By championing the Zero Trust model, Zscaler redefines
cybersecurity, ensuring that organizations can securely connect users to applications and
services in an increasingly interconnected and dynamic digital world.
Future Prospects:
Looking ahead, Zscaler is poised for continued growth and success in the rapidly evolving
cybersecurity landscape. As organizations increasingly rely on cloud computing and digital
technologies to drive innovation and growth, the demand for cloud-native security solutions is
expected to surge. Zscaler is well-positioned to capitalize on this trend, thanks to its scalable
cloud platform, comprehensive product portfolio, and global reach.
5
CSE AIML
- Creating test plans, test cases, and test scripts based on requirements and specifications.
- Executing manual and automated tests to verify software functionality, performance, and
security.
- Reporting and tracking defects using tools like Jira, ensuring timely resolution.
- Participating in requirements analysis and design reviews to provide input on testability
and quality.
- Conducting regression testing to ensure that software changes do not introduce new defects.
- Collaborating with cross-functional teams to improve overall software quality and release
processes.
4. Best Practices in Quality Assurance: Several best practices are crucial for effective QA:
- Test Automation: Automating repetitive test cases using tools like pytest to increase
efficiency and coverage.
- Continuous Testing: Integrating testing throughout the software development lifecycle to
catch defects early and ensure continuous improvement.
6
CSE AIML
7
CSE AIML
CHAPTER 2
INTERNSHIP EXPERIENCE
8
CSE AIML
Use Cases:
FreeBSD is primarily used in server environments for tasks such as web hosting, file serving,
network routing, and firewalling. It is also used in embedded systems, storage appliances, and
virtualization platforms. FreeBSD is favoured by system administrators, network engineers,
and developers for its stability, scalability, and security.
Advantages:
Networking Performance: FreeBSD is renowned for its networking performance and
scalability, with support for advanced networking features such as packet filtering, network
address translation (NAT), and quality of service (QoS).
Security: FreeBSD includes robust security features, including mandatory access controls
(MAC), role-based access controls (RBAC), and filesystem encryption, which help protect
against unauthorized access and mitigate security risks.
ZFS Filesystem: FreeBSD features the Zettabyte File System (ZFS), a powerful and scalable
filesystem that provides features such as data integrity verification, snapshotting, and
transparent compression, making it well-suited for data storage and archival.
Limitations:
Hardware Support: While FreeBSD has broad hardware support for server-class hardware,
compatibility issues may arise with certain desktop and laptop components, particularly
wireless adapters and graphics cards.
Software Availability: Although FreeBSD has a comprehensive ports collection and package
management system, some commercial software may not be available for FreeBSD-based
systems, limiting compatibility with certain proprietary applications.
Desktop Usability: FreeBSD's focus on server and network infrastructure deployments may
result in a less polished desktop experience compared to other operating systems, such as Linux
and macOS.
Example:
An example of FreeBSD usage is in network appliances. Many commercial networking
appliances, such as routers.
9
CSE AIML
10
CSE AIML
11
CSE AIML
Zscaler Enforcement Nodes (ZENs): ZENs act as gateways between users and the internet,
intercepting and scrutinizing inbound and outbound traffic for potential security risks. They
enforce security policies, such as URL filtering, application control, and threat prevention, to
safeguard users from malicious content and cyber attacks.
Zscaler Central Authority (ZCA): ZCA serves as the nerve center of the ZIA deployment,
orchestrating policy enforcement, configuration management, and reporting across the entire
infrastructure. It provides administrators with centralized visibility and control over network
traffic and security posture, facilitating efficient management and compliance monitoring.
Zscaler Nanolog Streaming Service (NSS): NSS facilitates the real-time streaming of security
logs and telemetry data from ZENs to external Security Information and Event Management
(SIEM) systems. By analyzing and correlating this data, organizations can identify security
incidents, detect anomalies, and respond promptly to emerging threats, bolstering their cyber
defense capabilities.
Within the Zscaler Nanolog Streaming Service (NSS), two integral components are the Clear
Log Receiver (CLR) and the Stream Meta-data and Sessionization Module (SMSM). Both
components play vital roles in processing and analyzing security logs and telemetry data
streamed from Zscaler Enforcement Nodes (ZENs) to external Security Information and Event
Management (SIEM) systems. Let's delve into each component's functions and significance:
12
CSE AIML
The Clear Log Receiver (CLR) serves as the primary entry point for receiving and processing
security logs and telemetry data from ZENs. Its key functions include:
Data Ingestion: CLR ingests raw log data streams generated by ZENs as a result of security
events, policy enforcement actions, and network activity monitoring. These logs contain
valuable information about user activities, application usage, traffic patterns, and security
incidents occurring within the network.
Normalization and Parsing: CLR normalizes and parses incoming log data to extract relevant
information, such as source IP addresses, destination IP addresses, URLs, user identities,
timestamps, and event types. This process involves standardizing log formats, parsing log
fields, and enriching log entries with contextual metadata.
Data Enrichment: CLR enriches log data with additional context and metadata, such as
geolocation information, threat intelligence indicators, and user attributes, obtained from
external sources or internal databases. This enrichment enhances the quality and relevance of
log data for subsequent analysis and correlation.
Routing and Forwarding: CLR routes processed log data to downstream components within
the NSS architecture, such as the Stream Meta-data and Sessionization Module (SMSM), for
further processing, analysis, and storage. It ensures timely delivery of log data to SIEM systems
and other security analytics platforms for real-time monitoring and incident response.
2. Stream Meta-data and Sessionization Module (SMSM):
The Stream Meta-data and Sessionization Module (SMSM) is responsible for analyzing and
sessionizing security logs and telemetry data received from CLR, enabling advanced
correlation, analysis, and visualization of network activities. Its key functions include:
Sessionization: SMSM aggregates and organizes individual log entries into logical sessions
based on network flows, user sessions, or application transactions. This sessionization process
groups related log entries together, allowing analysts to analyze network activities and security
events in the context of complete sessions.
Meta-data Enrichment: SMSM enriches sessionized data with additional meta-data, context,
and behavioral analytics derived from advanced analytics engines, threat intelligence feeds,
and machine learning algorithms. This enrichment enhances the depth and accuracy of security
insights, enabling better detection and response to emerging threats.
13
CSE AIML
14
CSE AIML
interception. Adhering to data privacy regulations and industry standards to ensure compliance
with legal and regulatory requirements governing the collection, storage, and processing of
personal and sensitive information.
By actively contributing to the implementation of these general security precautions, I gained
firsthand experience in addressing cybersecurity challenges and fostering a culture of resilience
and vigilance within the organization.
- Zscaler Enforcement Nodes (ZENs): These nodes serve as the frontline defense, intercepting
and inspecting all internet-bound traffic from users, regardless of their location or device. ZENs
enforce security policies, such as URL filtering, application control, and threat prevention, to
safeguard users from malicious content and cyber attacks.
- Zscaler Central Authority (ZCA): Acting as the centralized management and control plane
for ZIA deployments, ZCA orchestrates policy enforcement, configuration management, and
reporting across the entire infrastructure. It provides administrators with centralized visibility
and control over network traffic and security posture, facilitating efficient management and
compliance monitoring.
- Zscaler Nanolog Streaming Service (NSS): NSS enables the real-time streaming of security
logs and telemetry data from ZENs to external Security Information and Event Management
(SIEM) systems. It allows organizations to analyze and correlate security events, detect
anomalies, and respond promptly to emerging threats, bolstering their cyber defense
capabilities.
15
CSE AIML
Throughout my internship, I gained hands-on experience with ZIA, exploring its architecture,
configuration options, and operational best practices. By working closely with experienced
SREs, I developed a deep understanding of ZIA's role in enhancing cybersecurity posture and
ensuring secure internet access for organizations worldwide.
2. Cyber Precautions:
- Access Control and Authentication: Implementing robust access control measures to restrict
unauthorized access to sensitive systems and data. This involved enforcing strong
authentication mechanisms, such as multi-factor authentication (MFA), to verify the identity
of users and mitigate the risk of credential theft and unauthorized access.
- Patch Management: Regularly applying security patches and updates to operating systems,
software applications, and network devices to address known vulnerabilities and security flaws.
This proactive approach to patch management helps reduce the attack surface and minimize
the risk of exploitation by cyber adversaries.
16
CSE AIML
Exploring the architecture of Unix and Linux operating systems, I gained a comprehensive
understanding of their modular design and underlying components. Unix and Linux
architectures comprise several key elements, including:
- Kernel: Serving as the core component, the kernel is responsible for managing hardware
resources, providing essential services such as process management, memory allocation, and
device drivers, and facilitating communication between software applications and hardware
components. The kernel plays a crucial role in ensuring the stability, reliability, and
performance of the operating system.
- Shell: Acting as the interface between users and the operating system, the shell interprets
user commands and executes them. Unix and Linux offer various shell options, such as Bash,
Zsh, and KornShell, each with its unique features and capabilities. The shell provides users
with a powerful command-line interface (CLI) for interacting with the system, performing
system administration tasks, and automating routine operations through shell scripting.
- Utilities: Unix and Linux systems come bundled with a rich set of command-line utilities
for file manipulation, text processing, system administration, networking, and more. These
utilities provide users with powerful tools for managing files and directories, searching and
processing text data, configuring system settings, monitoring system performance, and
troubleshooting issues.
- Applications: In addition to the core operating system components, Unix and Linux support
a vast ecosystem of applications and software packages tailored for various use cases and
industries. From web servers and databases to development tools and productivity applications,
Unix and Linux platforms offer a wide range of software options to meet diverse needs and
requirements.
By gaining insights into Unix and Linux architecture, I developed a solid foundation in system
administration, shell scripting, and application deployment, essential for supporting the
company's infrastructure and ensuring its reliability and performance.
17
CSE AIML
Unix and Linux are widely regarded as preferred choices for server environments due to their
numerous advantages, including:
- Stability and Reliability: Unix and Linux operating systems are renowned for their stability,
reliability, and robustness, making them ideal platforms for hosting critical services and
applications. Their mature and battle-tested architectures, coupled with extensive community
support and continuous development efforts, ensure dependable performance and uptime for
server deployments.
- Scalability and Performance: Unix and Linux platforms offer excellent scalability and
performance capabilities, allowing organizations to scale their server infrastructure to meet
growing demand and handle increasing workloads effectively. Their efficient resource
management, multi-user support, and optimized kernel design enable superior performance and
responsiveness, even under heavy loads.
- Security: Unix and Linux systems are inherently secure by design, with built-in security
features and mechanisms to protect against common threats and vulnerabilities. Their privilege
separation model, discretionary access control (DAC), mandatory access control (MAC), and
robust authentication mechanisms contribute to a strong security posture, reducing the risk of
unauthorized access and data breaches.
-Open-Source Ecosystem: Unix and Linux benefit from vibrant open-source ecosystems,
comprising a vast array of software packages, tools, and utilities freely available for use and
customization. This rich ecosystem fosters innovation, collaboration, and community-driven
development, empowering organizations to leverage cutting-edge technologies and solutions
to address their unique server requirements.
By leveraging the advantages of Unix and Linux for server deployments, organizations can
achieve greater flexibility, scalability, performance, and cost-effectiveness, driving business
growth and innovation in today's dynamic digital landscape.
18
CSE AIML
Exploring FreeBSD, a Unix-like operating system renowned for its performance, reliability,
and advanced networking capabilities, I discovered its unique features and advantages.
FreeBSD offers several key features that make it well-suited for server environments,
including:
Networking Stack: FreeBSD boasts a highly optimized and scalable networking stack, capable
of handling high volumes of network traffic
19
CSE AIML
CHAPTER 3
Conclusion:
In wrapping up my internship, I've gained invaluable insights and practical skills in quality
assurance, cybersecurity, infrastructure automation, and server management, all tailored to my
role as an Associate Software Engineer in Quality Assurance (ASE QA). Through hands-on
exploration and guided learning, I've deepened my understanding of technologies such as
Zscaler Internet Access (ZIA), Unix and Linux architecture, FreeBSD cybersecurity best
practices and automation techniques, directly relevant to my responsibilities in ensuring the
quality and reliability of our software products.
During my internship tenure, I've delved into the intricacies of Zscaler Internet Access (ZIA),
comprehending its pivotal role in furnishing secure internet access while bolstering defenses
against cyber threats. My exploration extended to understanding ZIA's architecture,
configuration options, and operational best practices, granting me hands-on experience with
core components like Zscaler Enforcement Nodes (ZENs) and Zscaler Central Authority
(ZCA). This knowledge equips me to contribute effectively to cybersecurity initiatives and
fortify our organization's security posture from a QA perspective, ensuring the integrity of our
software products.
Additionally, I've gained practical experience in leveraging pytest and selenium, an automation
tool, which are crucial for ensuring the quality and reliability of our software products.
Overall, this internship has been a transformative experience, furnishing me with a solid
foundation in site reliability engineering, cybersecurity, and infrastructure automation, all of
which are directly pertinent to my role as an ASE QA. I've cultivated valuable skills and
competencies that hold relevance in today's dynamic and evolving IT landscape, positioning
me to effectively ensure the quality, functionality, and reliability of our software products from
a quality assurance standpoint.
Future Work:
20
CSE AIML
Looking ahead, I'm enthusiastic about exploring several areas of future work and development,
building on the knowledge and skills acquired during my internship:
1. Advanced Cybersecurity Training: Given the evolving nature of cyber threats, I aim to
undergo advanced cybersecurity training tailored to my role in quality assurance. Specialized
certifications in areas such as ethical hacking, incident response, and threat intelligence
analysis will equip me with the expertise to detect, mitigate, and respond to cyber threats
effectively, thereby ensuring the security and integrity of our software products from a quality
assurance standpoint.
3. Cloud Computing and DevOps Practices: With the escalating adoption of cloud computing
and DevOps methodologies, I'm keen on enhancing my proficiency in cloud platforms like
AWS, Azure, and Google Cloud Platform (GCP), alongside DevOps practices and principles.
Practical exposure to cloud-native technologies, microservices architectures, and automated
deployment pipelines will enable me to spearhead digital transformation initiatives and
expedite software delivery cycles, thereby ensuring the quality, functionality, and reliability of
our software products from a quality assurance standpoint.
By pursuing these avenues of future work and development, I aim to further expand my
expertise, advance my career, and make meaningful contributions to the realms of IT operations
and cybersecurity, all of which are directly relevant to my role as an ASE QA. I'm excited
about the opportunities that lie ahead and remain steadfast in my commitment to continuous
learning and professional growth in pursuit of excellence.
21
CSE AIML
REFERENCES
1. Zscaler. (n.d.). Zscaler Internet Access (ZIA). Retrieved from
https://www.zscaler.com/products/zscaler-internet-access
2. Zscaler. (n.d.). Zscaler Nanolog Streaming Service (NSS). Retrieved from
https://www.zscaler.com/products/nanolog-streaming-service
3. Stallings, W. (2015). Operating Systems: Internals and Design Principles (8th
Edition). Pearson.
4. FreeBSD. (n.d.). Introduction to FreeBSD. Retrieved from
https://www.freebsd.org/doc/en_US.ISO8859-
1/books/handbook/introduction.html
5. Ansible. (n.d.). Ansible Documentation. Retrieved from
https://docs.ansible.com/
6. Red Hat. (n.d.). What is Ansible? Retrieved from
https://www.redhat.com/en/topics/automation/what-is-ansible
7. Nishanth, S. (2021). Mastering Ansible - Third Edition. Packt Publishing.
8. National Institute of Standards and Technology (NIST). (n.d.). NIST Special
Publication 800-53 Revision 5: Security and Privacy Controls for Information
Systems and Organizations. Retrieved from
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
9. Zscaler. (n.d.). Zscaler Private Access (ZPA). Retrieved from
https://www.zscaler.com/products/zscaler-private-access
22