1

Transfer and Security of Confidential Research Data

Name of student

Institution affiliation

Name of lecturer

Course

Date of submission
 2

Transfer and Security of Confidential Research Data

Introduction

Network design is an essential step in the process of setting up and maintaining IT

infrastructure. The current case study features Green College, which currently operates a

chain of higher educational colleges located in England. The institution is planning to expand

to Ireland in the next year. The management of the institution is planning to open several new

campuses in Ireland starting with a campus in Dublin. They then hope they will be able to

further expand to Galway and Donegal. Once the organization manages to expand into

several markets, it will need a reliable market that will enable proper communication among

the campuses. The current task therefore involves designing a network for Green College. It

consists in conducting the necessary research and coming up with a prototype network design

that will allow the transmission of data over a network between two servers in the research

department.

Part 1: Secure Data Communications

Part 1 involves installing the network, and setting up the research department network

infrastructure and configuring security for the research department.

Task 1: Specific requirements for constructing the virtualized network:

Network configuration

The first step was to install two virtual machines using a virtualization software using

the Server 2022. Each server had two network adapters where adapter one was configured to

NAT and adapter two was configured to internal.

 3

Figure 1: Setting the adapter 1 of Windows server 1 to NAT

The next step was to set adapter 2 in the same machine to internal, as shown in the screenshot

below:
 4

Figure 2: Configuring Adapter 2 of Windows Server 1 to the internal network

I replicated the step-in windows server2 as shown below:

Figure 3: Setting Adapter1 in Windows Server2 to NAT

 5

Adapter 2 in the same VM was set to Internal Network

Figure 4: Setting Adapter2 in Windows Server2 to internal network

Renaming the servers

Renaming server1

The command line interface was used to rename the servers. The first server was assigned a

name in the format of “Research1-the last three digits of the author’s student number,” i.e.,

Research1-059, as shown below:

 6

Figure 5: Assigning the relevant name to Server1

Renaming server2

Figure 6: Assigning a name to Server2

 7

Assigning static IP addresses to the servers

Step 1: Configure Static IP for Research1-059

I opened Microsoft PowerShell as an admin and then identified the network adapter name

using the command shown in the screenshot below:

Figure 7: checking the network adapter that was being used

I identified the network adapter in use as Ethernet. I then set the static IP address, subnet

mask, default gateway, and DNS servers, as shown in the screenshots below:
 8

Figure 8: Setting the static IP address, subnet mask, default gateway

I then set the DNS client server address as shown in the screenshot below:

Figure 9: Setting DNS servers

I then verified the configuration, as shown in the screenshot below:

 9

Figure 10: Verifying that the IP address has been set

I then verified the DNS server, as shown in the screenshot below:

Figure 11: Verifying that the DNS has been set correctly

Step 1: Configure Static IP for Research2-059

I logged in to Research2-059 and then opened PowerShell as an administrator. The first step

was to check the network adapter in use:

 10

Figure 12: Checking the network adapter in use

The output shows that Ethernet and Ethernet 2 are in use. We focused on the Ethernet adapter

in the current lab. The next step was to set the static IP address, subnet mask, default gateway,

and DNS servers, as shown in the screenshot below:

Figure 13: Set the static IP address, subnet mask, default gateway

The next step was to set the DNS server, as shown in the screenshot below:

Figure 14: Setting the DNS server

 11

After setting the static IP address, subnet mask, default gateway, and DNS, the next step was

to determine whether the configuration had worked as expected.

Figure 15: The static IP address, subnet mask, default gateway

I then verified if the DNS server configuration had been done the best way possible.

Figure 16: Verifying DNS server configuration

Testing the connectivity using the ping command showed that there is no connection, as

shown in the screenshot below:

 12

Task 2: Firewall configuration

The task involved configuring the host firewalls using security best practices to allow ICMP

(Echo on Port 7) through the firewalls, as shown in the screenshot below:

Figure 17: Allowing ICMP traffic for IPv4 for Research1-059

 13

Figure 18: Allowing ICMP traffic for IPv4 for Research2-059

I then tested the connectivity between the two servers using the ping command, as shown in

the screenshot below:

 14

Figure 19: Ping Research2-059 from Research1-059

Figure 20: Ping Research1-059 from Research2-059

The output showed a connection between the two servers, which had not yet been established.

I verified whether the firewall rules had been added to both servers:
 15

Figure 21: The rule was successfully added to Research1-059

Figure 22: The rule was successfully added to Research1-059

 16

There was network connectivity after the setup.

Task 3: Website for Green Colleges

I followed several steps to set up a website for Green Colleges (www.greenclleges.abc) using

IIS on Server 2 and configuring DNS on Server 1, follow these steps.

Install IIS and Set Up the Website on Server 2

I installed IIS on Research2-059, as shown in the screenshot below:

Figure 23: Installing IIS on Research2-059

The installation was completed, and I got the notification shown in the screenshot below:
 17

Figure 24: IIS installation complete

I then verified the installation, as shown in the screenshot below:

Figure 25: The installation was successful

Create the Website Directory:

I created the directory for the Green Colleges website.

Figure 26: The folder was successfully created

 18

I then created the index.html file which is the landing page of Green Colleges website.

Figure 27: Creating the Index.html file

It is important to note that the path “C:\inetpub\wwwroot” is the default directory of IIS.

I added the content of the website to html file as shown in the screenshot below:

Figure 28: Addition of contents to the index.html

I then confirmed that the content is written as expected, as shown in the screenshot below:

Figure 29: The content was as expected

 19

The next step was to create the website after creating the website files, as shown in the

screenshot below:

Figure 30: Website created successfully

Task 4: Data securely stored on the network

I recommend two methods to be used in securely storing data for the research department.

First, the organization should encrypt data at rest to ensure that it remains protected even

when unauthorized person access it. The IT department in the institution can use BitLocker

on Windows Server to encrypt the storage drive.

The first step is to install BitLocker, as shown in the screenshot below:

Figure 31: BitLocker Installation

The next step is to run the command manage-be -on F: -RecoveryPassword -RecoveryKey

E:\ on the terminal to set up BitLocker and receive a Key and a password, as shown in the

screenshot below:
 20

Figure 32: Setting up BitLocker and carrying out the encryption process

The data will be encrypted. They should ensure that strong password policies are maintained

and the recovery key should be secured in the best way possible. Tools such as EFS

(Encryption File System) should be used for file level encryption. The service can be

accessed by going properties>advanced then electing “Enable Encryption.” Using BitLocker

is advantageous because data is encrypted and unreadable without proper credentials and it is

supported natively on Windows, thereby it simplifies deployment.

Second, the company can use access control and permissions by using role-based permissions

and secure file sharing. Windows uses Access Control Lists (ACLs) to manage permissions.

The first step is to check the existing permissions as shown in the screenshot below:
 21

Figure 33: Accessing permissions

Permissions can be modified to ensure that the data store is a secure as possible. The

command $AccessRule = New-Object

System.Security.AccessControl.FileSystemAccessRule("<UserOrGroup>", "<Permission>",

"Allow") can be used to define new permissions. Replace < UserOrGroup> with the user or

group name and <Permission> with the desired permission that the user group should have

when using the system.

The next step will be to apply the permissions by getting the current ACL for the file or folder

using the command $Acl = Get-Acl -Path "C:\Path\To\FileOrFolder" the adding a new access

rule to the ACL using the command $Acl.SetAccessRule($AccessRule). The updated ACL

should be applied back to the file of folder using the command Set-Acl -Path "C:\Path\To\

FileOrFolder" -AclObject $Acl. The last step will be to verify the permissions to ensure that

they have been set as expected.

Task 5: Securely Transferring Data

To securely transfer data between a host machine and a virtual machine (VM) or between two

VMs in VirtualBox, begin by configuring the network settings. For communication between a

host and a VM, use bridged networking, which connects the VM directly to the local

network. For VM-to-VM communication, set the network type to internal and ensure both
 22

VMs share the same network name. To transfer files securely, use Secure File Transfer

Protocol (SFTP). Install the OpenSSH server on the Windows Server VM and use an SFTP

client like WinSCP or FileZilla to connect to the VM's IP address, logging in with appropriate

user credentials. This method encrypts the data during transmission for security.

Alternatively, data can be transferred over HTTPS by setting up an IIS web server on the VM

with an SSL certificate. Access the secure site from a browser using the VM’s IP address with

https://. Both methods ensure secure data transfer, protecting sensitive information from

unauthorized access.
 23

Part 2: Networking Technologies - Configuration of Green Colleges network and

research questions

Task 1: Specific Requirements for proof-of-concept Dublin site

As part of the Green College specifications, they provided an example of their new

Dublin site topology. The network needs to be configured as per specifications supplied. The

requirements are outlined in the respective packet tracer file. My main role in the networking

process was to configure the necessary configurations based on the Packet Tracer Network

Simulator for network technology element.

Task 2: Subnetting Analysis for the Green Colleges Network

The network uses the Class C IP address range e.g. 192.168.1.0/25. The subnet mask /25 is

equivalent to 255.255.255.128.

Subnet calculation

The A/25 subnet mask divides the class C network into two equal subnets, each with

128 total addresses (since 2^(32-25) = 128).

It then results in 2 subnets in that each subnet will have 128 IP addresses. It is

important to note that each subnet will have 126 usable IP addresses, meaning that we

subtract the network address and the broadcast addresses from the list of addresses.

Subnet breakdown

The first subnet used the IP range 192.168.1.0 – 192.168.1.127. The network address

is 192.168.1.0, the first usable IP will be 192.168.1.1 and the last usable IP address is

192.168.1.126. The network also has a broadcast address 192.168.1.127.

 24

The second subnet has the IP range 192.168.1.128 – 192.168.1.255. The network address is

192.168.1.128, the first usable IP address is 192.168.1.129 and the last usable IP address is

192.168.1.254. The broadcast address in the second subnet is 192.168.1.255.

In a nutshell, with the /25 subnet mask, the original 192.168.1.0/24 network is split into 2

subnets, which makes it possible for the network to be divided into two equal parts. Subnet 1

(192.168.1.0/25) could be used for the administration department, whereas subnet 2

(192.168.1.128/25) could be used for classrooms or faculty.

Task 3: Explanation of RFC 1918 and Its Importance in Modern Networking

RFC 1918 defines the specific ranges of IP addresses that are reserved for use within

private networks. Such IP addresses cannot be routed on the public internet, which means that

they cannot be used to communicate with devices that are connected outside the private

network. They are designed to only be used in private networks in homes, organizations, or

other local area networks. The private ranges that RFC 1918 specifies include; Class A:

10.0.0.0 to 10.255.255.255 (10.0.0.0/8); Class B: 172.16.0.0 to 172.31.255.255

(172.16.0.0/12); and Class C: 192.168.0.0 to 192.168.255.255 (192.168.0.0/16).

RFC 1918 is important because it helps in conserving public IP addresses by allowing

organizations to use private addresses internally. It also improves security because the private

IP addresses cannot be routed to the public internet, thereby preventing cyberattacks on the

private network. RFC 1918 is also important because it facilitates flexibility within a network

(Seidel & Wei, 2019). Organizations are able to reuse the same IP addresses across different

networks without conflicts provided that they remain isolated or use Network Address

Translation (NAT) when connecting to the internet.

RFC 1918 is related to DHCP and NAT. DHCP (Dynamic Host Configuration

Protocol) simplifies the management of private IP addresses through the process of

 25

dynamically assigning IP addresses to devices within the network hence eliminating the need

for manual IP configuration. NAT on the other hand makes it possible for devices that have

the private IP addresses to communicate with the external networks such as the internet. The

NAT device translates private IP addresses into single public IP address for outbound traffic.

For inbound traffic, the NAT device maps it back to the appropriate private address (Seidel &

Wei, 2019). RFC 1918 is important in modern networking because it ensures scalability, it is

cost effective and can be universally adopted across several networks.

Task 4: TCP/IP Protocol Stack Report

The TCP/IP is the foundation of the modern internet. It has four distinct layers that

include Application, Transport, Internet, and Network Access. Each of the layers has specific

protocols and responsibilities that enable reliable communication between devices. The four

layers have made it easier for people to communicate around the world through the World

Wide Web (Rahouma et al., 2020). It has also been applied extensively in the development of

the social media networks that have enabled people to connect with each other around the

world.

The application layer

The application layer is the interface between the user and the network; hence it

provides high-level services that make it possible for applications to communicate over the

network. The key protocols in the application layer include HTTP/HTTPS that facilitates web

browsing and data transfer to the World Wide Web; SMTP makes possible for servers to share

emails; DNS translates domain names into IP addresses and FTP is used for file transfers

between computers.

HTTP makes it possible for users to access a website using a browser. The HTTPs is a

secure version of HTTP that uses encryption for secure communication over a computer
 26

network and is widely used on the internet. The Transport Layer Security that was formerly

known as the Secure Sockets Layer encrypts the communication protocol. SMTP allows users

to send emails through platforms such as outlook or Gmail. It allows computers to share

emails regardless of the hardware. All that is required for the emails to be shared is access to

the internet. HTTP and additional protocols like RTSP have made it possible for people to

enjoy video and audio streaming, making it possible for platforms such as Netflix, Sportify

and YouTube to be in business. FTP has also made it possible for people to download files

from the internet (Bansal, 2020). For instance, it has made it possible for people to download

several program files that they can install in their computers, then use them for several

purposes.

Transport layer

The main purpose of the transport layer is to ensure reliable communication between

devices by providing flow control, error detection and retransmission. The layer segments the

data that should be transmitted into packets then reassembles them once the data reaches the

destination. The key protocols that are found in the transport layer include Transmission

Control Protocol (TCP) and User Datagram Protocol (UDP). The TCP provides reliable,

connection-oriented communication that makes sure that the integrity of data is kept though

out the data transmission process. On the other hand, UDP offers connectionless, fast and

lightweight communication for time sensitive applications such as online gaming and video

streaming. It is mostly useful to companies such as YouTube and Netflix that thrive on the

ability of their customers to access video streaming services (Polese et al., 2019). UDP is

particularly important in reducing delays during video conferencing.

Internet layer
 27

The internet layer is important in the connection between several computers in the

network. According to Tiwari et al., (2024), it is responsible for addressing, routing as well as

delivering packets across networks. Ensures that there is a path that data will take from the

source to the destination hence making the communication process successful. The key

protocols in the internet layer include IP (Internet Protocol), ICMP (Internet Control Message

Protocol), as well as ARP (Address Resolution Protocol). The IP protocol defines the

addressing and routing of packets. The IP protocol is may be IPv4 or IPv6. IPv4 is the

commonly used protocol whereas IPV6 was created to address limitations of IPv4 such as the

exhaustion of addresses.

ICMP is used troubleshooting and diagnosis to ensure that the network is functioning

in the best way possible. According to Goralski (2017), it is also used for error reporting to

inform the network administrators and other people working on the internet about the

limitations of the internet. ARP on the other hand maps IP addresses to MAC addresses in a

local area network.

Network Access Layer

The purpose of the Network Access Layer is to define how data will be physically

transmitted over a network including the hardware and protocols that will be involved in the

process. It handles the packets that are transmitted in a network. The key protocols in the

internet access layer include Ethernet, Wi-Fi and PPP. The Ethernet is widely used in wired

connections to ensure that their data is transmitted from one place to the other. Wi-Fi on the

other hand is a protocol that enables wireless internet connections. PPP is an acronym for

Point-to-Point protocol that enables the point-to-point connections to be successful such as

dial-up modems (Liu, 2024).

 28

Most homes and companies have implemented Wi-Fi that enables them to access the

internet in the best way possible. It is important to note that the internet has made

communication easier in different parts of the world. It has also made it easier for people to

work remotely and earn real incomes. One of the major challenges that many people face is

cybercrime (Márquez et al., 2020). Fortunately, various measures have been put in place to

ensure that cybersecurity is guaranteed in the best way possible.

RFC Items Critical to the Internet

Request for Comments (RFCs) guided the design and development of the internet.

The RFC 791 defined IPv4 including its packet structure and addressing scheme. It also

introduced the mechanisms of error handling and fragmentation. On the other hand, RFC 793

provided a reliable connection-oriented communication protocol and also introduced

sequence numbers, acknowledgements and retransmissions for error handling (Carpenter &

Liu, 2020). The concept of RFCs has therefore been important in the modern technology.

Task 5: Subnetting

A subnet must accommodate at least 50 hosts. Since a subnet's usable IPs are

calculated as 2n-2, the smallest power of 2 greater than 50 is 64. Thus, each subnet requires

64 addresses, which corresponds to a subnet mask of /26 (64 addresses = 26).

A /26 subnet provides:

Total IP addresses: 26 = 64

Usable IP addresses: 64− 2 = 62 (excluding network and broadcast addresses)

Subnet Breakdown

1. HR Subnet:
 29

o Network Address: 192.168.1.0

o First Usable IP: 192.168.1.1

o Last Usable IP: 192.168.1.62

o Broadcast Address: 192.168.1.63

2. Sales Subnet:

o Network Address: 192.168.1.64

o First Usable IP: 192.168.1.65

o Last Usable IP: 192.168.1.126

o Broadcast Address: 192.168.1.127

3. IT Subnet:

o Network Address: 192.168.1.128

o First Usable IP: 192.168.1.129

o Last Usable IP: 192.168.1.190

o Broadcast Address: 192.168.1.191

4. Management Subnet:

o Network Address: 192.168.1.192

o First Usable IP: 192.168.1.193

o Last Usable IP: 192.168.1.254

o Broadcast Address: 192.168.1.255

 30

References

Carpenter, B., & Liu, B. (2020). RFC 8799: Limited Domains and Internet Protocols.

Márquez, D. G., Fernández, C. M., Pinos, P. R., & Piotrowski, K. R. Z. Y. S. Z. T. O. F.

(2020). Networking layer specification. EU Horizon, Málaga, Spain, Rep. Deliverable, 5.

Liu, H. (2024). Network and Communication Protocols in Cyber-Physical Systems. In A

Practical Guide on Security and Privacy in Cyber-Physical Systems: Foundations,

Applications and Limitations (pp. 25-88).

Goralski, W. (2017). The illustrated network: how TCP/IP works in a modern network.

Morgan Kaufmann.

Tiwari, M. K., Pal, R., Singh, R., Singh, A. K., Kumar, V., Sharma, S., & Zaib, N. (2024).

The Comprehensive Review: Internet Protocol (IP) Address a Primer for Digital

Connectivity. Asian Journal of Research in Computer Science, 17(8), 34-45.

Polese, M., Chiariotti, F., Bonetto, E., Rigotto, F., Zanella, A., & Zorzi, M. (2019). A survey

on recent advances in transport layer protocols. IEEE Communications Surveys &

Tutorials, 21(4), 3584-3608.

Bansal, M. (2020, January). Application layer protocols for internet of healthcare things

(IoHT). In 2020 fourth international conference on inventive systems and control

(ICISC) (pp. 369-376). IEEE.

Rahouma, K. H., Abdul-Karim, M. S., & Nasr, K. S. (2020). TCP/IP network layers and their

protocols (A Survey). In Internet of Things—Applications and Future: Proceedings of ITAF

2019 (pp. 287-323). Springer Singapore.

 31

Seidel, E. J., & Wei, S. (2019, June). ‘The ZNSL Network’: A Novel Approach to Virtual

Networking. In 2019 International Symposium on Networks, Computers and

Communications (ISNCC) (pp. 1-4). IEEE.