Physical IT security
The physical IT security deals with the measures to avoid danger by direct, physical (physical) effect on computer systems. The area of physical IT security begins with simple means such as locked computer housings and extends to locking systems in data centers .
Physical IT security is differentiated from security against logical errors ( program errors ), against unauthorized data access or modification (see firewall , virus protection ) or against the unavailability of data or computer systems (see availability ).
Protective measures
All physical protective measures aim to isolate the systems from sources of danger such as:
- mechanical impact from people
- technical defects (water ingress, fire)
- Introduction of pollutants (dust, aerosols )
- electromagnetic influence (e.g. from nearby lightning strikes)
- gaseous, corrosive air pollution
For data centers, the isolation is usually achieved by IT security rooms and cells , mostly for fine technology (active components, servers, etc.), often also for rough technology / infrastructure (air conditioning, power distribution, etc.). The separation between fine engineering and rough engineering has several reasons:
- Coarse engineering systems often emit interference radiation that can affect the fine engineering.
- The UPS battery packs generate extremely high temperatures and corrosive gases in the event of a fire (short circuit in the battery pack).
- No access to the server room is necessary for regular maintenance of the coarse technology systems.
Concrete is mostly used for the structural design of the data centers, although it is the least suitable material due to its crystalline residual moisture. The disadvantages caused by the use of concrete must then be compensated for by means of vapor barriers and heat protection coverings.
A data center should always be located in the middle of a building. A shell principle is used here. At its core, the A-Zone has strict guidelines on access, storage of materials and the use of electronic devices (cell phone ban). In the surrounding B zone, IT offices will be located, as well as preparation and assembly rooms for servers and other systems to be used in the data center. Here, too, restrictions apply to the access and storage of flammable substances (e.g. cardboard boxes). In the C-Zone, every employee can be allowed access, but there are still increased fire protection and property security regulations. It is important that fires above the data center are virtually ruled out so that the data center is not endangered by extinguishing water. However, a data center should not be placed directly under the roof in order to prevent rainwater from entering if the roof is damaged. Under no circumstances should a data center be set up in a basement, as the water from the floors above collects there with every incident (extinguishing, pipe break, roof damage, flooding).
In addition to protection against the ingress of water and dust, the quality of the ambient air, due to increasing air pollution, must also be given more attention. In particular, the introduction of H 2 S must be monitored and reduced if necessary. Various methods are available here, e.g. B. chemisorptive filtering with positive pressure ventilation. In the past, the influence of corrosive contamination in the circulating air was underestimated in many places. However, it can be easily determined using standardized measurements.
Overview of hazard standards
There are some central standards / classifications for the prevention of physical dangers in the data center from independent testing institutes and at DIN or EN standard level. These physical hazards can be divided into the following hazard areas:
| danger | standard | description |
|---|---|---|
| Fire | EN-1047-2 |
The IT brand norm
Classification and methods for testing fire resistance - Part 2: IT data rooms and data storage containers; German version FprEN 1047-2: 2008 This standard was specially developed for the special requirements in the event of a fire in a data center. The most important key data are a maximum internal temperature of approx. 70 ° C and a maximum rel. Air humidity of 85% in a fire test over 24 hours (active flame application at over 1000 ° C for 60 minutes). In addition, the IT security cells are tested as a complete system as part of a system test. |
| Fire | EN-1363 / DIN 4102-2 |
The standard for fire resistance of components
Fire resistance tests - Part 1: General requirements; German version EN 1363-1: 1999 This standard is only partially meaningful in the IT environment. |
| water | EN-60529 |
The IP standard
Degrees of protection provided by enclosures (IP code) (IEC 60529: 1989 + A1: 1999); German version EN 60529: 1991 + A1: 2000 This standard classifies the penetration of water (e.g. extinguishing water), the level of protection is given by the second digit x : IPx X |
| dust | EN-60529 |
The IP standard
Degrees of protection provided by enclosures (IP code) (IEC 60529: 1989 + A1: 1999); German version EN 60529: 1991 + A1: 2000 This standard also classifies the penetration of dust (e.g. construction dust or, in some cases, smoke gas), the level of protection is given by the first digit x : IP X x |
| Electronics corrosion | ANSI / ISA 71.04-2013 |
ASHRAE Datacom Series Book 8, ISBN 978-1-936504-78-7 , Copyright ASHRAE
Detection by corrosion coupons, according to ANSI / ISA specification (Annex C, the above-mentioned ANSI / ISA standard) Chemical dry granulate filtering of the supplied / circulated data center air, acc. of the two above Norms, with the aim of a limit of the air pollution of "G1" acc. of the two above Standards not to be exceeded. |
| External access | EN-1627 / EN-1630 |
The burglary norm
Windows, doors, shutters - Burglar resistance - Test methods for determining the resistance to manual burglary attempts; German version ENV 1630: 1999 / Burglar-resistant construction products (not for precast concrete elements) - Requirements and classification; German version prEN 1627: 2006 This standard defines the level of security against break-ins. Data centers are mostly implemented in resistance classes 2 to 4 (WK 2–4). The higher the WK value, the safer. Although the standard does not provide for a system test, attention should also be paid here to an entire test, i. H. the door has the same value as z. B. Cable bulkheads or walls. |
literature
- Article in "Zeitschrift für Informations-Sicherheit", Vol. 30, No. 4, August 2014, p2ff "Echt Ätzend"