S 2.4 Server room
Description
A server room is used primarily to accommodate servers, for example a LAN server, a Unix host computer, or a server for a PBX system. In addition, server rooms may also contain documentation for the servers, small numbers of data media, or other hardware (star couplers, log printers, air conditioning systems).
A server room usually does not have a permanently manned workplace, since it is only used sporadically and for short times. It must be noted, though, that much more damage can be caused in a server room than in a normal office, for example, due to the high concentration of IT devices and data.
Threat scenario
The following typical threats to the IT-Grundschutz of a server room are assumed to exist:
Force Majeure
| T 1.4 | Fire |
| T 1.5 | Water |
| T 1.7 | Inadmissible temperature and humidity |
| T 1.16 | Failure of patch fields due to fire |
Organisational Shortcomings
| T 2.1 | Lack of, or insufficient, rules |
| T 2.6 | Unauthorised admission to rooms requiring protection |
Technical Failure
| T 4.1 | Disruption of power supply |
| T 4.2 | Failure of internal supply networks |
| T 4.6 | Voltage fluctuations / overvoltage / undervoltage |
Deliberate Acts
| T 5.1 | Manipulation or destruction of equipment or accessories |
| T 5.2 | Manipulation of information or software |
| T 5.3 | Unauthorised entry into a building |
| T 5.4 | Theft |
| T 5.5 | Vandalism |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
When selecting and designing a server room, a host of infrastructural and organisational safeguards must be implemented that are described in S 1.58 Technical and organisational specifications for server rooms. In doing so, it is necessary to follow different approaches for certain safeguards depending on whether the server room will be set up in a new building to be constructed, in an existing building, or in a building that will be
leased. When using or leasing an existing building, the ability to implement adequate information security is often much more limited. The steps to take when designing a server room as well as the safeguards to implement in each step are listed in the following.
Planning and design
When planning server rooms, a host of safeguards regarding the installation of the power supply installation, the air conditioning system which may be required, and regarding fire control must be implemented to ensure that sufficient physical security is provided. It is also necessary to ensure that no water-carrying pipes run through the server room (if this is possible), since leaks may cause large-scale damage and may even lead to the failure of the entire information system. If there are high availability requirements, then sufficient redundancy should be planned into technical infrastructure of the server rooms to compensate for failures in individual rooms.
Implementation
Only those persons who need direct access to servers and other devices installed in the server room such as communication distributors, firewalls, etc., to perform their tasks should be granted access to a server room. It should be taken for granted that smoking is prohibited in server rooms.
Operation
Server rooms should generally be locked when unoccupied.
The bundle of security safeguards for the "server room" area is presented in the following:
Planning and design
| S 1.3 | (A) | Appropriate segmentation of circuits |
| S 1.7 | (A) | Hand-held fire extinguishers |
| S 1.10 | (Z) | Safe doors and windows |
| S 1.18 | (Z) | Intruder and fire detection devices |
| S 1.24 | (C) | Avoidance of water pipes |
| S 1.26 | (W) | Emergency circuit-breakers |
| S 1.27 | (B) | Air conditioning of the technology / in technology rooms |
| S 1.28 | (B) | Local uninterruptible power supply |
| S 1.31 | (Z) | Remote indication of malfunctions |
| S 1.52 | (Z) | Redundancy, modularity, and scalability in the technical infrastructure |
| S 1.58 | (A) | Technical and organisational requirements for server rooms |
| S 1.62 | (C) | Fire protection of patch panels |
Implementation
| S 2.17 | (A) | Entry regulations and controls |
| S 2.21 | (A) | Ban on smoking |
Operation
| S 1.15 | (A) | Closed windows and doors |
| S 1.23 | (A) | Locked doors |