This reflective journal covers approximately the first 50 hours of my internship with NIWC Atlantic. Much of the first two weeks consisted of gaining access to systems and understanding the inner workings of Naval network systems. I spent my time reading policy documents and learning how the public sector of cybersecurity operations was different than the private sector.
In the first week, I met with the team lead for the IPT I would be working on – Network Security – and learned about what I would be doing this summer. My internship will largely consist of auditing Naval ship network systems and sites to ensure they are compliant with Naval cybersecurity policies. As this could include performing vulnerability scans, I took some time to review the Nessus skills used briefly in CYSE 301. I used a vulnerable Virtual Machine (Kioptrix) from vulnhub.com as my practice machine and analyzed the results using various scans. I reviewed some of the policies we made using pfSense firewalls in that class, as it could potentially prove helpful.
In the second week, I had the chance to review some previous policy suggestions created by the Network Security IPT, alongside other teams with similar functions, aimed at Naval Afloat networks and systems. One of the main challenges that I came across was the abundance of acronyms. Often, if I found a definition for an acronym, it would turn out to be something completely different. Thankfully, my team lead was willing to answer any of the questions I had regarding terminology and the functions of the IPT. I found it interesting that many of the methods being used in this environment were similar to methods I had learned of in the classroom (i.e. changing default passwords, preventing remote access, etc.). I was even encouraged to make some suggestions and, while they could not be implemented for various reasons, my team lead was impressed.
My experience has been informative and fruitful so far, and I look forward to learning more as the summer progresses.