01.

INTRODUCTION
The primary purpose of this technical report is to design a robust and secure
network infrastructure for Ford which is a rapidly expanding American
enterprise headquartered in New York. The company’s growth trajectory
includes expansion into other cities such as Los Angeles and New Jersey, as
well as Sydney, Australia.The report will provide the right network topology
and detail the implementation of a subnetting scheme using Variable Length
Subnet Masking (VLSM) to efficiently assign subnet addresses to the
networks and their links across all branches. The report will also address the
need for connectivity between the large company headquarters in New York
and other branches in the United States and Sydney. Cost-effectiveness will
be a key consideration throughout this process.Given the recent wireless
attacks, annual ransomware attacks, and insider threats faced by the
company, this report will propose solutions to mitigate these types of attacks.
This comprehensive network design aims to provide Ford Company with a
secure, efficient, and scalable infrastructure that supports its current
operations and future growth.

02. NETWORKING REQUIREMENTS

a. Subnetting and VLSM: The company has four branches with varying
numbers of users. The private IP address provided (172.45.83.0/16) can
be subnetted using Variable Length Subnet Masking (VLSM) to
efficiently allocate IP addresses to each branch based on the number of
users. This will ensure optimal use of IP addresses and reduce
wastage.
b. Building Levels and Internet Access: Each branch has 7 levels, and
internet access is crucial for each office. This requires a robust and
reliable network infrastructure within each building to ensure
connectivity across all levels. The infrastructure should also support
inter-branch networking.
c. Server Location: The servers are located on the fourth floor of each
branch. This central location within the building can facilitate efficient
data access and management. However, it also necessitates robust
security measures to protect these critical assets.
d. Connectivity: The headquarter is in New York, and the new subnets
must have connectivity from New York and other cities in the United
States and Sydney. This requires a wide area network (WAN) that can
support high-speed, secure, and reliable inter-city and international
connectivity.
 e. Cost-effectiveness: While designing the network, cost-effectiveness
should be a key consideration. This involves choosing affordable yet
reliable networking equipment, optimizing bandwidth usage, and
minimizing operational costs.
f. Intranet and VPN: The company aims to create an intranet for its
branches in the United States and Sydney. A Virtual Private Network
(VPN) can be set up for this purpose to ensure secure and private
communication across the internet.
g. Security: The company is facing wireless attacks, ransomware attacks
annually, and insider attacks. This calls for a comprehensive network
security strategy that includes wireless security measures,
ransomware protection, intrusion detection systems, strict access
controls, regular network audits, employee training, and a strong
incident response plan.
03. NETWORK TOPOLOGY
The star topology is the most appropriate for Ford’s situation due to several
reasons:
a. Simplicity: In a star topology, each device (including servers,
workstations on each floor) is connected to a central device, such as a
switch or a router. This makes it easy to set up, manage, and
troubleshoot123.
b. Scalability: It’s easy to add or remove devices in a star topology
without disrupting the entire network123. This is beneficial for Ford as
they plan to expand their business.
c. Performance: In a star topology, data packets don’t have to pass
through many devices before reaching their destination. This can lead
to better performance and less network congestion, especially when
dealing with a large number of users in each branch12.
d. Isolation of devices: If one device fails or is taken down for
maintenance, it doesn’t affect the rest of the network12. This is crucial
for maintaining network uptime and ensuring business continuity.
e. Ease of monitoring: Network administrators can easily monitor and
manage the network through the central device12. This can aid in quick
identification and resolution of any potential issues.
04. LOCAL AREA NETWORK

There are 4 LANs: one for each branch.

For each branch, the 3rd and 5th floor are demonstrated.
The 5 servers in the server room are connected using a switch, the PCs in
each floor are connected through a switch. These switches are connected
through another switch which has a connection to the internet through an
access point hub and a connection to the other branches (subnets).

The first and last addresses are reserved for network usage. Usable IP
address range:
New York: 172.45.0.1 - 172.45.63.254
Los Angeles: 172.45.64.1 - 172.45.127.254
New Jersey: 172.45.128.1 - 172.45.191.254
Sydney: 172.45.192.1 - 172.45.223.254

05. IP ADDRESSING AND SUBNETTING

a. The private IP address provided (172.45.83.0/16) is a class B address
whose default subnet mask is 255.255.0.0
b. Convert the default subnet mask to binary:
11111111.11111111.00000000.00000000
c. Note the number of hosts required per subnet and find the subnet
generator (S.G) and octet position (O.P). Start from the city that
 requires the highest number of hosts.

New York = 16, 000, approx 2^14 = 16, 384.

No. of zeros from right in the default binary mask representation = 14.
11111111.11111111.11000000.00000000
255 255 192 0
New York’s Subnet Mask = 255.255.192.0 or /18 in slash notation.
New York’s Octet Position = 3
New York’s Subnet Generator = 2^6 = 64

Los Angeles’ = 13, 000, approx 2^14 = 16, 384.

No. of zeros from right in the default binary mask representation = 14.
11111111.11111111.11000000.00000000
255 255 192 0
Los Angeles’ Subnet Mask = 255.255.192.0 or /18 in slash notation.
Los Angeles’ Octet Position = 3
Los Angeles’ Subnet Generator = 2^6 = 64

New Jersey = 9, 200, approx 2^14 = 16, 384.

No. of zeros from right in the default binary mask representation = 14.
11111111.11111111.11000000.00000000
255 255 192 0
New Jersey’s Subnet Mask = 255.255.192.0 or /18 in slash notation.
New Jersey's Octet Position = 3
New Jersey’s Subnet Generator = 2^6 = 64

Sydney = 7, 400, approx 2^13 = 8, 192.

No. of zeros from right in the default binary mask representation = 13.
11111111.11111111.11100000.00000000
255 255 224 0
Sydney’s Subnet Mask = 255.255.224.0 or /19 in slash notation.
Sydney’s Octet Position = 3
Sydney’s Subnet Generator = 2^6 = 64

d. Generate the new subnet mask.

New York = 255.255.192.0
Los Angeles = 255.255.192.0
New Jersey = 255.255.192.0
Sydney = 255.255.224.0
 e. Use the subnet generator to generate the network ranges (subnets) in
the appropriate octet position.
The private IP address provided is 172.45.83.0/16
Since it’s a class B address, the IP addresses that Ford owns range
from 172.45.0.0 to 172.45.255.255
The IP address range for each subnet is obtained by adding the Subnet
Generator to the value in the appropriate Octet Position. Subnet
Generator and Octet Position were calculated in step c.

New York: 172.45.0.0 - 172.45.63.255

Los Angeles: 172.45.64.0 - 172.45.127.255
New Jersey: 172.45.128.0 - 172.45.191.255
Sydney: 172.45.192.0 - 172.45.223.255

New York, Los Angeles and New Jersey new subnet masks are /18
while Sydney is /19.

06. NETWORK SECURITY

a. Wireless Attacks
Mitigation Techniques: Use strong encryption algorithms, enable MAC
address filtering, disable SSID broadcasting, regularly update firmware, and
use firewalls 5.
Policies: Regularly change Wi-Fi passwords, limit Wi-Fi password access, and
provide training to employees about safe Wi-Fi use.
b. Ransomware Attacks
Mitigation Techniques: Regularly backup data, keep systems and antivirus
software up-to-date and restrict user permissions 5.
Policies: Never open unverified emails or download untrusted software,
regularly conduct security awareness training for employees and create a
Role Based Access policy for data access.
c. Insider Attacks
Mitigation Techniques: Implement strict access controls, use a robust Identity
and Access Management (IAM) system, monitor and log all internal
activities, and regularly audit these logs.
 Policies: Implement a strict policy regarding data access and sharing,
regularly train employees on this policy and the importance of following it.
d. Attacks on server rooms, IDF (Intermediate Distribution Frame), and MDF
(Main Distribution Frame) rooms.
To enhance physical security, implement strict access controls to these rooms.
Only authorized personnel should have access. Install CCTV cameras and
alarm systems for monitoring.
To fortify the networks, use firewalls, intrusion detection systems (IDS), and
intrusion prevention systems (IPS) to monitor and block suspicious network
traffic.
To improve system security, keep all systems up-to-date with the latest
security patches. Use strong, unique passwords for all systems.
To ensure data security, regularly backup data and ensure it’s encrypted both
at rest and in transit.
e. Cyber-attacks Mitigation Techniques
Create an Access Control Policy which defines who has access to what
information and systems. Implement the principle of least privilege, where
users are given the minimum levels of access necessary to complete their job
functions5.
Develop a Password Policy that enforces the use of strong passwords.
Passwords should be complex, regularly changed, and never shared.
Create security awareness by regularly training employees on security best
practices, how to spot potential threats, and what to do in the event of a
security incident.
Develop an Incident Response Policy which outlines clear steps to take in
case of security incidents. This should include steps for identifying,
containing, eradicating, recovering from, and documenting the incident.
Conduct regular audits to identify potential vulnerabilities and ensure
compliance with all security policies.

07. HARDWARE
a. Routers. Routers are used to connect different networks together. In
this case, they would be used to connect the Local Area Network (LAN)
of each branch to the Wide Area Network (WAN), allowing for
inter-branch communication and internet access4.
b. Switches. Switches are used within each branch’s LAN to connect
computers on each floor and servers in the server room. They allow for
efficient and fast communication within the LAN.
 c. Servers. Servers are located on the fourth floor of each branch in the
server room. They provide services such as file storage, email, and
intranet applications which are important for data storage and
processing4.
d. Wireless Access Points (WAPs): WAPs are used to provide wireless
internet access to devices on each floor.
e. Ethernet Cables: Ethernet cables are used to connect devices like
computers and servers to switches within the LAN. They provide
high-speed, reliable, and secure wired connections.
f. Fiber Optic Cables: Fiber optic cables are used for connections that
require high bandwidth and long distances, such as the connection
between routers in different branches over the WAN. They provide
faster speeds and are less susceptible to interference compared to
traditional copper cables4.

08. CONCLUSION
The geographical locations of the four Ford’s branches provided a unique
challenge since every design choice has tradeoffs and impact on the day to
day operation of the network. The design work started at choosing the most
appropriate network topology. A star topology was chosen for each branch’s
LAN due to its simplicity, scalability and performance. The next step was to
use the provided IP address range to efficiently allocate IP addresses to each
branch based on the number of users usingVLSM. The following step was to
set up an intranet using 5 local servers in each branch, and provide internet
access through an ISP. A VPN was also set up for secure inter-branch
communication through the internet. Network security is a cornerstone of
network design right now due to the prevalence of cyber attacks from various
bad actors in the ecosystem. Measures were implemented to mitigate wireless
attacks, ransomware attacks, insider attacks, and attacks on server rooms,
IDF and MDF rooms.

I recommend updating and patching systems regularly to stay on top of

emerging and evolving security threats.Conducting regular security audits
and training network users on best practices will help Ford a long way to
stem and mitigate attacks.

I learnt that network design is a complex process that utilizes critical

thinking and problem solving skills to solve unique business problems. Every
network design requires careful planning and consideration of various factors
 such as the number of users, physical layout of the building, specific
networking requirements of each branch, and budget constraints. Security is
a pillar of every network.

09. REFERENCES
1
: GeeksforGeeks. (2022). Advantages and Disadvantages of Star Topology.
2
: Javatpoint. (n.d.). Star Topology Advantages and Disadvantages.
3
: Online Tutorials Library. (2023). Advantages and Disadvantages of Star
Topology.
4
: O’Reilly Media. (2010). Top-Down Network Design, Third Edition
5
: SpringerLink. (2017). Ransomware Revealed: A Beginner’s Guide to
Protecting and Recovering from Ransomware Attacks