S 2.12 IT-Cabling
Description
The IT cabling consists of all communication cables and passive components (terminal blocks, splice distributors, patch panels) the operation of which the institution is responsible for. It is also the physical basis of the communication network in an institution. The IT cabling extends from the connection points of external networks (e.g. the ISDN connection of a telecommunications provider, DSL connection of an internet provider) to the terminal points of the network subscribers.
Active network components (routers, switches, etc.) are not dealt with in this section. The subject of WLAN is also excluded. Both subjects are addressed in separate modules in the IT-Grundschutz Catalogues. In this module, IT cabling refers to the physical basis of a manufacturer- and application-independent communication network, i.e. a Local Area Network (LAN). This module does not differentiate between IT cables for transporting data and PBX cables for telecommunication services.
The IT cabling, as part of the technical infrastructure of buildings and properties, is divided into primary, secondary, and tertiary areas according to the established approaches and procedures for structured cabling systems.
The primary area is the area consisting of the cable routes connecting separate buildings. The primary area spans large distances and transmits data at high rates between a few connection points. Therefore, only institutions residing on large properties with several buildings operate their own primary cabling. If there is only one building, the main power distribution in the building is logically considered the primary area.
The secondary area includes the cables between the main distribution in the building and the distributions on each floor or wing of the building. These cables are found in many large buildings.
Tertiary cabling includes the cables connecting the terminal devices to a central distribution point (on the same floor, for example). These cables are present in all buildings.
A commonly used combination of structured cabling systems is present when the terminal devices are connected directly to a central point in the server room or a room containing technical infrastructure (often called the "network" or "technology" room). In this case, the secondary cabling may consist of only the connection cables between the switches. The tertiary cabling extends from the central distribution point in the building to the connection sockets in the rooms.
Threat scenario
The following typical threats to the IT baseline protection of the IT cabling are assumed to exist:
Force Majeure
| T 1.6 | Burning cables |
Organisational Shortcomings
| T 2.11 | Insufficient route dimensioning |
| T 2.12 | Insufficient documentation on cabling |
| T 2.32 | Inadequate line bandwidth |
Human Error
| T 3.4 | Unauthorised connection of cables |
| T 3.5 | Inadvertent damaging of cables |
Technical Failure
| T 4.4 | Impairment of lines due to environmental factors |
| T 4.5 | Cross-talk |
| T 4.21 | Transient currents on shielding |
Deliberate Acts
| T 5.7 | Line tapping |
| T 5.8 | Manipulation of lines |
Method recommendation
To secure the information system examined, other modules must be implemented in addition to this module, with these modules being selected based on the results of the IT-Grundschutz modelling process.
In particular, module S 3.2 Routers and switches is highly pertinent to the IT cabling and must be applied consistently with this module. If a wireless network is used with the IT equipment examined, module S 4.6 WLAN applies additionally.
A series of measures must be implemented to ensure secure cabling starting in the planning phase, continuing through the implementation phase, and up to operation and contingency planning. The steps to be followed in this case as well as the safeguards to implement in each phase are listed in the following. It must be taken into account in this case that the scope of influence influence regarding safeguarding of the IT cabling is much smaller when moving to an existing building than when constructing a new building.
Planning and design
The basis for high-performance, well-protected cabling is already laid in the planning phase. The starting point is a requirements analysis (see S 2.395 Requirements analysis for IT cabling) in which the current needs are estimated and an overview of the upcoming developments, including a follow-up assessment of the consequences for the IT cabling, is performed in the organisation.
Based on the requirements plan, the network structure is specified (see S 5.2 Selection of an appropriate network topology) and adapted to the building (see S 1.21 Sufficient dimensioning of lines). The mechanical and electrical properties of the cables are determined by the types of cables selected for use. During the planning phase, it should also be ensured that the lines and the control cabinets distributed throughout the building are suitably protected physically against misuse wherever possible.
Implementation
A major component of fire control is the proper installation of cable channels, which can then be a significant source of risk when not shielded from fire. When installing the cables, detailed and correct documentation (see S 5.4 Documentation and labelling of cables) must be produced, since it is almost always very difficult, if not impossible, to determine how a cable is routed or what it connects after all cables have been installed. The IT cables must be installed properly for trouble-free operation (see S 1.68 Proper installation).
Before operating for the first time, the IT cable installation must be approved (see S 5.142 Technical approval of IT cabling) and the quality of the corresponding documentation must be checked (see S 5.4 Documentation and labelling of cables).
Operation
To prevent the operation of unauthorised IT devices, only those connections and sockets actually in use should be activated. In addition, regular inspections should be performed to ensure that the number of connections and sockets activated matches the actual number required (see S 2.20 Monitoring of existing connections). Furthermore, it must be ensured that the documentation is kept up to date (see S 5.143 Ongoing update and review of network documentation).
Disposal
When IT cabling components are not required any more, they must be removed (see S 5.144 Removal of IT cabling).
Contingency Planning
If high availability requirements are demanded, the cables must be installed redundantly, possibly including the external connections, so that damage to a single location will not lead to the failure of all subscriber connections. For this, redundant cable connections should be installed, if necessary, between buildings (see S 6.103 Redundancies for the primary cabling) and inside each building (see 6.104 Redundancies for the secondary and tertiary cabling).
In the following, the bundle of security measures for the field of "IT cabling" are presented:
Planning and design
| S 1.20 | (A) | Selection of cable types suited in terms of their physical/mechanical properties |
| S 1.21 | (A) | Sufficient dimensioning of cable trays and channels |
| S 1.22 | (Z) | Physical protection of lines and distributors |
| S 1.65 | (Z) | Renewal of IT cabling |
| S 1.66 | (Z) | Compliance with standards for IT cabling |
| S 2.395 | (A) | Requirements analysis for IT cabling |
| S 2.396 | (Z) | Specifications for documentation and labelling of IT cabling |
| S 5.2 | (A) | Selection of an appropriate network topology |
| S 5.3 | (A) | Selection of cable types appropriate in terms of communications technology |
Implementation
| S 1.9 | (A) | Fire sealing of trays |
| S 1.67 | (C) | Dimensioning and use of cabinet systems |
| S 1.68 | (A) | Proper installation |
| S 1.69 | (Z) | Cabling in server rooms |
| S 2.19 | (B) | Neutral documentation in distributors |
| S 5.4 | (A) | Documentation and labelling of cables |
| S 5.5 | (A) | Damage-minimising routing of cables |
| S 5.142 | (C) | Technical approval of IT cabling |
Operation
| S 1.39 | (C) | Prevention of transient currents on shielding |
| S 2.20 | (C) | Monitoring of existing connections |
| S 5.143 | (B) | Ongoing update and review of network documentation |
Disposal
| S 5.1 | (A) | Removal or deactivation of unneeded lines |
| S 5.144 | (B) | Removal of IT cabling |
Contingency Planning
| S 6.103 | (Z) | Redundancies for the primary cabling |
| S 6.104 | (Z) | Redundancies for the secondary and tertiary cabling |