S 2.6 Technical infrastructure room
Description
As a rule, technical infrastructure rooms house those devices and equipment items and facilities which require no, or infrequent, human attendance. Usually, these will be distributors of internal supplies (e.g. PTT cable lead-in room, voltage transfer room, medium-voltage transfer room, low-voltage main distributor). In some instances, these rooms may also house the fuses for power supply. Installation of other equipment (uninterruptible power supply, star coupler, etc.) is also conceivable. Even a network server might be accommodated here if a specific room (module S 2.4 Server room) is not available.
Threat scenario
The following typical threats to the IT-Grundschutz of a technical infrastructure room are assumed to exist:
Force Majeure
| T 1.4 | Fire |
| T 1.5 | Water |
| T 1.7 | Inadmissible temperature and humidity |
Organisational Shortcomings
| T 2.1 | Lack of, or insufficient, rules |
| T 2.6 | Unauthorised admission to rooms requiring protection |
Technical Failure
| T 4.1 | Disruption of power supply |
| T 4.2 | Failure of internal supply networks |
| T 4.6 | Voltage fluctuations / overvoltage / undervoltage |
Deliberate Acts
| T 5.1 | Manipulation or destruction of equipment or accessories |
| T 5.3 | Unauthorised entry into a building |
| T 5.4 | Theft |
| T 5.5 | Vandalism |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
A series of safeguards need to be implemented for infrastructure rooms, from planning the infrastructure rooms to their live operation. The steps to take to accomplish this as well as the safeguards to implement in each phase are listed in the following.
Planning and design
When planning infrastructure rooms, a series of safeguards must be implemented for the power supply installation, the air conditioning system (when needed), and for fire protection to ensure that sufficient physical security is provided. This also includes
ensuring that no water pipes run through such a mostly unoccupied room (if this is possible) since leaks can cause large amounts of damage and can even lead to the failure of the entire information system. When higher security requirements apply, infrastructure rooms should also be protected against forced entry by specially secured doors and windows, as they often represent preferred targets for attack.
Implementation
Only those persons entrusted with the corresponding maintenance tasks should be granted access to the infrastructure room, and it should be taken for granted that smoking is prohibited in this room.
Operation
Rooms for technical infrastructure should always be locked, if the equipment installed there is not locked in cabinets in such a way that unauthorised use is not possible.
The bundle of safeguards for technical infrastructure rooms is presented in the following:
Planning and design
| S 1.3 | (A) | Appropriate segmentation of circuits |
| S 1.7 | (A) | Hand-held fire extinguishers |
| S 1.10 | (Z) | Safe doors and windows |
| S 1.18 | (Z) | Intruder and fire detection devices |
| S 1.24 | (C) | Avoidance of water pipes |
| S 1.26 | (W) | Emergency circuit-breakers |
| S 1.27 | (B) | Air conditioning of the technology / in technology rooms |
| S 1.31 | (Z) | Remote indication of malfunctions |
Implementation
| S 2.17 | (A) | Entry regulations and controls |
| S 2.21 | (A) | Ban on smoking |
Operation
| S 1.15 | (A) | Closed windows and doors |
| S 1.23 | (A) | Locked doors |