B Layer Infrastructure

(1)

B 2.12

IT cabling

Description

The IT cabling consists of all communication cables and passive components (terminal blocks, splice distributors, patch panels) for which the institution is responsible for operation. It is also the physical basis of the communication network in an institution. The IT cabling extends from the connection points of external networks (e.g. the ISDN connection of a telecommunications provider, DSL connection of an Internet provider) to the terminal points of the network subscribers.

Active network components (routers, switches, etc.) are

not dealt with in this section. The subject of WLAN is also excluded. Both subjects are treated in separate modules in the IT baseline protection catalogues. In this module, IT cabling refers to the physical basis of a manufacturer and application independent communication network, i.e. a Local Area Network (LAN). This section does not differentiate between IT cables for transporting data and cables for telecommunication services.

The IT cabling, as part of the technical infrastructure of buildings and properties, is divided into primary, secondary, and tertiary areas according to the established approaches and procedures for structured cabling systems.

The primary area is the area consisting of the cable routes connecting separate buildings. The primary area spans large distances at high data transmission rates between just a few connection points. For this reason, only institutions located on large properties with several buildings own their primary cabling. If there is only one building, then the main power distribution in the building is logically considered the primary area.

The secondary area includes the cables between the main distribution in the building and the distributions on each floor or wing of the building. These cables are found in many large buildings. Tertiary cabling designates the cables connecting the terminal devices to a central distribution point (on the same floor, for example). These cables are present in all buildings.

A commonly used combination of structured cabling systems is present when the terminal devices are connected directly to a central point in the server room or a room containing technical infrastructure (often called the "Network" or "Technology" room). In this case, the secondary cabling consists only of the connection cables between the switches. The tertiary cabling extends from the central distribution point in the building to the connection sockets in the rooms.

Threat Scenarios

The following typical threats to the IT baseline protection of the IT cabling are assumed to exist: Force majeure:

- T 1.6 Cable fire Organisational shortcomings:

- T 2.11 Insufficient route dimensioning - T 2.12 Insufficient documentation on cabling - T 2.32 Inadequate line bandwidth

Human error:

(2)

- T 3.5 Inadvertent damaging of cables Technical failure:

- T 4.4 Impairment of lines due to environmental factors - T 4.5 Crosstalk

- T 4.21 Transient currents on shielding Deliberate acts:

- T 5.7 Line tapping - T 5.8 Manipulation of lines Recommended security safeguards

To secure the IT assets examined, other modules must be implemented in addition to these modules according to the results of the IT baseline protection modelling.

In particular, module B 3.302 Routers and switches is highly pertinent to the IT cabling and must be applied in harmony with this module. If a wireless network is used with the IT equipment examined, then module B 4.6 Wireless LAN also applies.

A series of safeguards must be implemented to ensure secure cabling starting in the planning phase, continuing through the implementation phase, and up to operation and contingency planning. The steps to be followed for secure IT cabling as well as the security safeguards to take in each step are listed in the following. It must be taken into account in this case that you have much less ability to influence the safeguarding of IT cabling when moving to an existing building than when constructing a new building.

Planning and design

The basis for high-performance, well-secured IT cabling is formed already in the planning phase. The starting point is a requirements analysis (refer to S 2.395 Requirements analysis for IT cabling) in which the current needs are estimated and an overview of the upcoming developments, including a follow-up assessment of the consequences for the IT cabling, is performed in the institution.

Based on the requirements plan, the network structure is specified (refer to S 5.2 Selection of an

appropriate network topography) and adapted to the building (refer to S 1.21 Sufficient dimensioning

of lines). The mechanical and electrical properties of the cables are determined by the types of the

cables selected for use. During the planning phase, it should also be ensured that the lines and the control cabinets distributed throughout the building are suitably physically protected against misuse wherever possible.

Implementation

A major component of fire protection is the proper installation of cable channels, which can then be a significant source of risk when not shielded from fire. When installing the cables, detailed and correct documentation (refer to S 5.4 Documentation on, and marking of, cabling) must be produced since it is almost always very difficult, if not impossible, to determine how a cable is routed or what it connects after all cables have been installed. The IT cables must be installed properly for trouble-free operation (refer to S 1.68 Professional installation).

(3)

of connections and sockets activated matches the actual number required (refer to S 2.20 Monitoring

of existing connections). Furthermore, it must be ensured that the documentation is kept up to date

(refer to S 5.143 Ongoing update and review of network documentation). Disposal

When IT cabling components are not required any more, they must be removed (refer to S 5.144

Removal of IT cabling).

Contingency planning

If high availability requirements are demanded, then the cables must be installed redundantly, possibly including the external connections, so that damage to a single location will not lead to the failure of all subscriber connections. To accomplish this, redundant cable connections should be installed, if necessary, between buildings (refer to S 6.103 Redundancies for the primary cabling) and inside of each building (refer to S 6.104 Redundancies for the secondary and tertiary cabling).

In the following, the bundle of security safeguards for the "IT cabling" are presented: Planning and design

- S 1.20 (A) Selection of cable types suited in terms of their Physical/mechanical properties - S 1.21 (A) Sufficient dimensioning of lines

- S 1.22 (A) Physical protection of lines and distributors - S 1.65 (A) Renewal of IT cabling

- S 1.66 (A) Compliance with standards for IT cabling - S 2.395 (A) Requirements analysis for IT cabling

- S 2.396 (A) Specifications for documentation and labelling of IT cabling - S 5.2 (A) Selection of an appropriate network topography

- S 5.3 (A) Selection of cable types appropriate in terms of communications technology Implementation

- S 1.9 (A) Fire sealing of trays

- S 1.67 (C) Dimensioning and use of cabinet systems - S 1.68 (A) Professional installation

- S 1.69 (A) Cabling in server rooms

- S 2.19 (B) Neutral documentation in distributors - S 5.4 (A) Documentation on, and marking of, cabling - S 5.5 (A) Damage-minimising routing of cables - S 5.142 (C) Technical approval of IT cabling Operation

- S 1.39 (C) Prevention of transient currents on shielding - S 2.20 (C) Monitoring of existing connections

- S 5.1 (B) Removal, or short-circuitting and grounding, of unneeded lines - S 5.143 (B) Ongoing update and review of network documentation

Disposal

- S 5.144 (B) Removal of IT cabling Contingency planning

- S 6.103 (A) Redundancies for the primary cabling

(4)

T 1.6

Cable fire

When a cable catches fire, either by spontaneous ignition or exposure to flames, there can be a variety of consequences:

- When the wire insulation is destroyed, short circuits and arcing can occur, which then triggers the corresponding protection devices (circuit breaker or fuse) and disrupts the supply of power.

Short circuits

- Individual wires or the entire cable can break and disconnect. Especially critical is when only the ground conductor (PE) is broken while the live wires (L and N) are still in operation. The protective safeguards will have no effect in this case. An immediate threat is when the PEN conductor fails in a TNC network. The housings of Protection Class 1 devices would suddenly be live in this case. This obviously results in a shock hazard. - Aggressive gases can form. Such gases can be corrosive and adversely

affect the IT and communications equipment. They can also be toxic and lead to personal injury (e.g. poisoning). Corrosive gases can also attack structural components of the building in the concrete walls and floors, causing problems with the statics of the building when repairing the damage done by the burning cables.

"Aggressive" gases

- Cables with non fire-resistant or self-extinguishing insulation material may help to spread the fire. Even fire sealing cannot prevent this completely and merely delays the spreading of the fire.

Spreading through cable ducts

- In tightly packed cable channels and trays, smouldering fires can ignite and remain undetected for a long time, causing the fire to spread long before the fire breaks out. The conductivity of a cable decreases as it gets warmer, which in turn increases the loop resistance. This can generate additional heat that then promotes the continuation of the critical processes.

Burning cables often only cause a slight increase in the temperature while the fire is forming. This then creates a risk of generating significant amounts of "cold" smoke before the smoke detectors mounted on the ceiling are triggered. Example:

- In an administrative building, the existing electrical cables were not replaced for cost reasons and were overloaded instead, in spite of knowing better. The necessary modifications were not made as the staff were expecting to relocate soon to a new administrative building.

- The overloaded lines heated up, and because they were packed so tightly together, heat accumulated and then caused a smouldering fire. The fire was only discovered after the lines failed due to the intense heat. It took several days to restore the workstations affected by the fire to proper

(5)

T 2.11

Insufficient route dimensioning

When planning networks, server rooms or computer centres, the mistake is often made of basing the functionality, capacity, or technical security design on the current requirements only. This fails to take the following into account, though:

- the capacities of the network and computers will have to be expanded as the volume of data increases or new services are added,

- changes in technical standards may make architectural or technical security modifications necessary,

- the network will need to be expanded as the operational requirements change, and

- new requirements imposed on a network may make it necessary to lay different cables.

Examples:

- Networks can only be expanded to the extent permitted by the existing cables installed or by the amount of space available for additional cables. Especially in closed cable routes (conduits, screed-covered underfloor channels, etc.), it is often impossible to pull additional cables through without damaging the new or old cables, even there is still space available. The only alternative then is to pull the existing cables out of the route and re-install all cables, both old and new, at the same time. The resulting costs and disruptions of operation can be considerable.

Impossible to swap individual cables

- In the early stages of planning a computer centre, the only criteria considered were aesthetic aspects. Infrastructural and security technical requirements were given less priority and were only specified after the basic construction work was complete. The completion of the building was delayed extensively because required routes were not available and the cable channels and trays were not in the right location or not large enough to handle the required number of cables. Changes during operations later on were very difficult to implement.

Route not planned

- After ten years of operation, one company planned a completely new network structure and new IT cabling. Upon inquiry, it turned out that the replacement of the private branch exchange and the PBX cabling, which up to now had followed the same routing as the IT cabling, was planned for the following year. Without co-ordinating these two safeguards, routing work would have been duplicated, and the routes planned may not have had enough capacity.

(6)

T 2.12

Insufficient documentation on cabling

If the precise locations of any cables are not known due to inadequate documentation, these cables could be damaged when construction work is done inside or outside the building. It cannot be assumed that all cables and lines in the installation zones were installed according to DIN 18015-3 "Electrical installations in residential buildings - Part 3: Wiring and disposition of electrical equipment", or similar standards. In particular, when cable conduits are produced or cables are laid during the concrete construction phase, cables can change position while the concrete is being poured due to changes in the surrounding system. Uncoordinated cabling also often occurs in gypsum board stud constructions. When cables and lines are installed in floors or ceilings, geometric or direct cable routing can be selected. Random cable routes are also possible, so it may be impossible based on the location of the electrical equipment (lamps, switches, tanks, etc.) to determine where cables are routed in the floors and ceilings. Failure due to damaged cables can result in prolonged downtimes, or under some circumstances even in life-threatening hazards, e.g. due to electric shock.

Insufficient documentation can also make it more difficult to test, maintain and repair lines.

(7)

T 2.32

Inadequate line bandwidth

A common mistake when planning networks is to base the bandwidth of the network design only on the current requirements. This overlooks the fact that the network are subject to ever-increasing bandwidth requirements, for example when new IT systems are integrated into the network or when the amount of data transmitted increases.

When the bandwidth of the network is no longer sufficient, the transmission rate in the network, and eventually the availability in the network, is severely limited for all users. File access in remote IT systems is slowed down considerably, for example, when the network is heavily in use by other users at the same time.

Example:

Additional PC workstations were added to a building by converting several small offices at a time to open-plan office spaces. The terminal devices were connected to simple hubs and switches in each office and using exposed cables. With the introduction of new system and application software that constantly downloaded updates from the Internet or the organisation¿’’s management servers, normal operation was seriously disrupted because the volume of data in the updates exceeded the available line bandwidth.

(8)

T 3.4

Inadmissible connection of cables

When unauthorised cable connections are made between IT systems or other technical components, there is a risk of security problems or disruptions to operation. For example, unauthorised access to networks, systems, information, or applications can be gained through such unauthorised cable connections. Information or copies of information could also be transmitted to the wrong recipients due to unauthorised cable connections. The normal connection can be disrupted.

Unauthorised cable connections can have various causes and effects, for example:

- Technical defects

- Incorrect cabling of patch panels, terminal blocks, or splice distributors - Incorrect cabling of active network components

- Unauthorised connection of external IT systems to a network connection in the LAN

Inaccurate documentation and inadequate labelling of cables often results in unintentional connection errors and hampers the detection of deliberate, unauthorised connections.

(9)

T 3.5

Inadvertent damaging of cables

The less protection afforded to cables when installed, the greater the risk of inadvertent damage. Such damage does not necessarily result in the immediate failure of connections. It is also possible that unauthorised connections could be established accidentally, for example when cable sheathing or insulation is not completely intact any more after being damaged. The following are typical examples of such damage to cables within buildings:

- When cables are placed loosely on the floor and are exposed, employees can trip over the cables and disconnect the devices.

- Conductors can break in a device connection cable when office furniture is rolled over the cable.

- Concealed cables can be damaged by drilling or hammering nails in the wrong location.

- Water can cause damage, for example when water permeates into the cable ducts in window sills or floors due to cleaning crews or an open window when it¿’’s raining.

- Surface-mounted cables can become damaged when transporting heavy, bulky objects.

- Cables can become damaged when they are unplugged from the socket by pulling on the cable instead of the plug.

- Equipment can become overloaded when, for example, the total load placed on a power distributor by the connected devices exceeds the permissible limit.

Outside of buildings, cables can become damaged by the following events, for example:

- Cables can be damaged during excavation work, either by shovels when excavating manually or by an excavator.

- Water can penetrate into underground cable ducts or buried cables. - Rodents can chew on cables and damage them.

- Ducts and cables can be damaged by roots (tree roots are strong enough to crush cables).

- The permissible traffic load limits can be exceeded (this can cause broken conduits or sheared cables).

- Vehicles can drive over the plug connections of cables laid temporarily for tools and machines.

Example:

In a pedestrian zone, the cleaning person employed by a small shop had a habit of pouring waste water into the cable inspection manhole outside directly in front of the shop door. The water always evaporated with time, but it took a lot of time and effort to remove the dirt and soap residue deposited on the cables whenever there was work to be done on the cables.

(10)

T 4.4

Impairment of lines due to environmental

factors

The transmission characteristics of cables transmitting electric signals can be adversely affected by electric and magnetic fields. Whether this will actually lead to a disruption in the transmission of the signal depends mainly on the following factors:

- the frequency range, intensity, and duration of exposure to the fields, - the cable shielding, and

- the safeguards implemented for data transmission (redundancy, error correction).

Many causes of impairment can be identified in advance:

- Strong magnetic fields are generated along high-voltage lines and in the vicinity of large engines (railroad, production plant, elevator).

- Electromagnetic fields (radio, police/fire department, service radio, paging systems, wireless networks) can be generated in the vicinity of transmitter installations.

- In some cases, the transmitting power of mobile telephones exceeds the electromagnetic susceptibility limits of IT systems.

- Cables can influence each other through mutual induction.

Environmental factors other than just electrical or magnetic fields can also have an effect on a cable:

- high temperatures (in industrial production areas, for example), - aggressive gases, and

- high mechanical stresses (e.g. on lines to portable devices or when temporarily laying cables on floors).

(11)

T 4.5

Crosstalk

Crosstalk is a special type of line impairment. Crosstalk is not usually generated in the environment, but by the currents and voltages of signals transmitted over adjacent lines. The intensity of this effect depends on the cable design (shielding, cable capacity, insulation quality) and on the electrical parameters of the data transmission signal (current, voltage, frequency). Not every line affected by crosstalk will necessarily have an effect on other lines. Checking one’’s own lines for coupled external signals does not provide any information on whether one’’s own signals cause crosstalk in other lines and thus allow your signals to be listened in on.

The main difference from other types of line faults is that, apart from disruption of signal transmission on adjacent lines, readable information may be available on external lines due to crosstalk.

(12)

T 4.21

Transient currents on shielding

When IT devices supplied by electricity via a TN-C network are connected using double-shielded data cable, the result may be transient currents on the shielding (an explanatory diagram can be found in S 1.39 Prevention of

transient currents on shielding).

The reason for this is that in TN-C networks, the protective (PE) and neutral (N) conductors are routed together to the individual distribution points as a single PEN conductor. The separation into N and PE conductors only takes place first in the distribution. This installation is permissible according to VDE 0100, "Erection of power installations with rated voltages up to 1000 V"!

If shielded data lines whose interface shields are connected to PE are used to connect devices and these devices are connected to different distribution points, then the result is two parallel PEN conductors; one between the distributors and one on the shielding between the interfaces. The transient current flowing over the shielding can lead to damage on the interfaces and to a risk of personal injury when working on the data lines.

No transient currents flow over the shielding of data lines between devices connected to the same distribution in a TN-C network or between devices connected to different distributions in a TN-S network.

In TN-CS networks, some sections are designed as TN-C networks, others as TN-S networks. When the double-shielded data lines are only routed inside sections of the same network type, then the operating conditions in the corresponding network applies. However, if IT devices in different sections are connected using double-shielded data lines, then transient currents can also flow in the TN-S section!

(13)

T 5.7

Line tapping

Due to the low risk of detection, line tapping is a potential threat to IT security which should not be overlooked. Basically, there is no such thing as a tap-proof cable, and the only difference between the cable types is the amount of effort needed to tap the cables. Whether a line is actually being tapped can only be determined using sophisticated instruments.

The decision to tap a line basically depends on whether the information that could be obtained is worth the technical and financial expenditure and the risk of detection. This question can only be answered by knowing what capabilities the attacker has and what his or her particular interests are. It is therefore impossible to know for sure what information, and therefore which lines, could be targets for tapping.

Capabilities and interests of the attacker

It can be very easy to tap a line. With some types of LAN cabling, access to a LAN socket may be sufficient to eavesdrop on all the network traffic in the local network. The risk is greater when an attacker has access to passive or perhaps even active connection elements of an IT network. It is even easier to intercept network traffic on wireless networks (wireless LAN / radio LAN, IEEE 802.11). Furthermore, the risk of being detected while listening in on a wireless network is virtually nil.

The insecure transmission of authentication data using plaintext protocols like HTTP, ftp, or telnet is especially critical since it is easy in these cases to determine the position in the transmitted packet of the data entered by the user thanks to the simple structure of the protocols (see also T 2.87 Use of insecure

protocols in public networks). It is therefore relatively easy to automatically

analyse such connections.

Automatic analysis of connections for plain text protocols

For example, in the first step, password sniffer programs could be used to collect passwords when they are transmitted to a system. This would then enable the attacker to gain access to this IT system and then carry out further attacks locally on the computer.

Examples:

- It is wrong to assume that messages sent by e-mail are the equivalent of letters in the classical sense. Since e-mail messages can be read anywhere along their journey through the Internet, it is much more realistic to compare them to postcards.

- Some manufacturers supply sniffer programs along with their operating systems to debug networks, but these programs can also be used to intercept data.

(14)

T 5.8

Manipulation of lines

Lines may be manipulated for reasons other than intercepting data (see T 5.7

Line tapping):

- Frustrated employees could manipulate lines so that unauthorised connections could be established inside and outside the organisation’s own IT systems. The goal in these cases is often simply to disrupt IT operations.

Unauthorised connections

- Lines can be manipulated so that they can be used privately at the expense of the network operator. In addition to the costs incurred from using communication lines which are subject to fees, lines and resources would be blocked by private use as well.

Private use

- The destruction of IT lines can result in significant financial damage to an organisation.

The primary cabling on large pieces of property and the lines connecting the IT or telecommunication systems to the providers often require a high level of protection in terms of availability.

Example:

- During construction of an expansion on the grounds of a large company, attackers were able to open an inspection manhole in an area with poor access protection. A optical fibre bundle was cut using a tree pruner. Since several production buildings were disconnected from the IT network, there were operational disruptions and stoppages that caused millions in damage.

(15)

S 1.9

Fire sealing of trays

Initiation responsibility: Head of facility management, Fire Protection Officer

Implementation responsibility: Facility management, Fire Protection Officer Electrical and IT cables are usually concentrated in installation trays. Trays are often found along escape and rescue routes, going through underground car parks, warehouses, workshops, or are used as transit trays to go through areas used for other purposes.

In buildings with several fire zones, the routing of electrical and IT cables is subject to fire protection regulations. This applies especially to cables crossing through fire zones, walls, or ceilings, or traffic routes. Additional requirements for maintaining the functionality of electrical cables in case of fire must be met, especially when the trays are used for emergency lighting or fire alarm, burglar, or extinguishing systems. For this reason, the fire protection officer should be consulted whenever planning the trays. The trays must provide fire protection as well as protection against sabotage. Both can be achieved through proper sealing of the trays.

When electrical cables are tightly packed in a separate cable channel with fire protection, large increases in temperature can arise. This can lead to an increase in the electrical resistance of the wiring with the accompanying additional heat. This problem can be alleviated either by reducing the number of cables or by providing sufficient ventilation. For this reason, the guidelines in DIN-VDE 0100-520 "Erection of low-voltage installations - Part 5:

Selection and erection of electrical equipment - Chapter 52: Wiring systems"

(the English version of IEC 60364-5-52) must be followed depending on how the cables are laid. This is the responsibility of the electrical planner.

The commonly used ventilation methods and techniques, for example using ventilation bricks, have the disadvantage that they do not provide sufficient protection against acts of sabotage. This means that lines requiring high or very high levels of protection which are routed through unprotected areas such as underground car parks are barely protected against deliberate acts when these methods are used. Custom planning safeguards are required in this case. This can mean using sufficiently large channels, making ventilation of the channel in risky areas unnecessary, or using a special ventilation concept that is designed to meet the specific security requirements.

Openings through walls and ceilings must be sealed to conform to the fire resistance class of the wall or ceiling after the lines have been laid. To make installing additional cables later on easier, suitable materials such as soft fire stops or fire protection cushions can be used as a temporary safeguard. The corresponding standards and guidelines, such as DIN 4102 "Fire behaviour of

building materials and elements", must be followed. Cable trays expand when

heated, e.g. due to a fire, and can destroy a soft fire stop or a fire protection cushion when the tray goes through a wall.

Sealing openings

For this reason, trays should not be routed through the fire protection element, but should end at least 10 cm before the wall on both sides. This also makes it

(16)

easier to fan out the lines and cables, which now must be routed individually and not as a bundle through the fire protection.

Often a variety of cables, e.g. telephone, LAN, and building services cables, are conveyed in a single tray. If any changes need to be made to the cabling, it should be clarified already in the planning phase if any other cable systems are scheduled for replacement in the foreseeable future. Combining projects correspondingly minimises downtime and can save additional costs entailed by repeated fire sealing.

Coordination of tray usage

If the route planned is not possible due to fire protection regulations, then an alternative route must be investigated. Furthermore, the fire seals should be inspected at regular intervals, for example annually, after the installation work is completed.

Additional controls:

- Was the fire protection officer consulted with regard to route planning? - Were the plans and design of the routes with electrical cables checked by

an electrical planner?

- Were possible alternative routes examined?

- Will the fire seals be checked regularly after the installation work is completed?

(17)

S 1.20

Selection of cable types suited in terms of their

Physical/mechanical properties

Initiation responsibility: Planner, Head of facility management, Head of IT, IT security management

Implementation responsibility: Facility management, Head of IT

When selecting cables, technical transmission requirements as well as the environment the cables will be routed through and operated in must be taken into account. To meet this wide variety of requirements, cable manufacturers offer different types of cable on the market or develop corresponding solutions.

The following criteria must be taken into account in terms of the cable sheathing when routed inside or outside:

- temperature

- surrounding medium (water, waste water, acids, gas, light)

- rodent protection, impact and shovel penetration resistance, falling rock impact resistance, water pressure resistance

- maintenance of circuit integrity in areas exposed to fire hazards; and

- special pulling forces arising through the use of overhead lines, for example.

Furthermore, the tray systems planned for use such as cable platforms, cable ladders, cable channels, cable conduits, moulded bricks for cables, tray sections, and overhead line constructions must also be taken into account. The following cable design factors must be taken into account as well:

- pulling forces arising from installing cable using machines, e.g. from cable draw winches or cable blower systems, or from manual installation

- bending radius and lateral pressure stability according to the installation method and final resting state during operation

- water-blocking protection for damp or wet areas

- special pulling forces in the installed state that arise from large span lengths or securing distances when overhead lines are used or from extremely steep rises; and

- strong electrical and inductive interference fields using shielded cables. The proper selection of electrical cables in accordance with the regulations and compliance with the relevant standards and regulations (DIN VDE 0100 "

Erection of power installations with rated voltages up to 1000 V", DIN 4102 "Fire behaviour of building materials and elements") and the generally

accepted state of the art form the foundation of contingency planning for the electrical installation.

The individual requirements for the selection of cables may not be defined by the IT department alone, especially for operating environments in which environmental influences or special structural situations must be taken into account. In particular, employees in Facility management, who are familiar

(18)

with the operating procedures and other special conditions, must participate in the determination of the relevant influences on the planned cable route, and therefore in the determination of the special requirements placed on the cable design.

- Have all regulations and requirements from the fire protection organisation and the organisation responsible for the operational safety of the electrical power system been followed in full?

- When selecting the cables, was the person responsible for operating technology asked if there are any adverse environmental conditions known or anticipated?

(19)

S 1.21

Sufficient dimensioning of lines

Initiation responsibility: Planner, Head of IT, Head of facility management

Implementation responsibility: Facility management

Sufficiently large cable trays and channels (e.g. underfloor channels, window sill cable ducts, trays, outside cable conduits) must be planned. On one hand, there must be enough space available to accommodate an eventual expansion of the network. On the other hand, minimum distances between the cables may need to be maintained to prevent crosstalk (coupling of signals between cables). In particular, when power and IT cabling are routed together in a common channel, it must be ensured that the channels are separated by a centre rail. Interference with the IT cables can usually be avoided simply by routing the power and IT cables separately.

If it is not possible to install trays and channels with enough reserve space, then it should at least be ensured that there is enough space in the trays and channels to accommodate expansions. If the sizes specified for the openings through walls and ceilings are sufficiently large, then noisy, dirty, and expensive work will be unnecessary later. When fire seals are used that can be installed after the cables are installed, then the openings can be equipped so that protection against smoke and fire is always ensured while enabling the trouble-free installation of additional cables at any time.

It must be noted that in order to obtain effective sealing of wall openings in walls with a fire resistance class, the openings may only be filled up to 60%. If necessary, openings should be made for later expansions, and these openings should be sealed for the time being using soft fire stops or fire protection cushions.

It is important that the sizes of the cable trays and channels are always specified depending on the type of cable selected (see S 1.20 Selection of

cable types suited in terms of their Physical/mechanical properties and S 5.3

Selection of cable types appropriate in terms of communications technology).

For example, space can be saved by using a few multiwire cables instead of many small cables. Crosstalk can be prevented through the use of shielded cables or fibre optic cables. This then ensures problem-free operation, even in cable channels with little space.

- Was the possibility of saving space and preventing crosstalk by selecting other types of cables examined?

(20)

S 1.22

Physical protection of lines and distributors

Initiation responsibility: Planner, Head of facility management, Head

of IT

In rooms visited by the general public or in parts of buildings that cannot be easily monitored, it may be wise to protect lines and distributors. These items can be protected in various ways:

- installing concealed wiring or concealed cable channels, - installing the lines in armoured pipes,

- installing the lines in mechanically sturdy and lockable channels, - locking distributors, and

- electrically monitoring distributors and channels.

In any case, the number of locations in which the cable routed can be accessed must be kept to a minimum, and lengths of the cable connections to be protected against unauthorised access must be kept as short as possible.

The protection of main routes and cables of the electrical power network and the IT cables must be adapted along the entire cable path to the corresponding threat scenarios. In areas such as underground car parks and in corridors used as transportation paths, appropriate protection against accidental mechanical damage and, if necessary, against acts of sabotage, must be provided using a stable casing around the channel or cable.

If distributors are locked, then rules are needed to determine who has the right to access the distributors, how the keys are distributed, and the terms of access. These rules must specify, in addition to other things, what must be done before modifying cables or distributors and what must be done after such work is complete. It must be ensured that changes are coordinated and approved, and that the documentation reflects these changes.

- Has the number of places where the cable is accessible been reduced to a minimum?

- Were the lengths of routes requiring protection kept as short as possible? - Are access rights granted restrictively? Were personnel changes and

possible substitutes taken into account?

- Are access rights being regularly reviewed in terms of their justification and necessity?

(21)

S 1.39

Prevention of transient currents on shielding

Initiation responsibility: Head of IT

The standards for IT infrastructures (DIN EN 50173, DIN EN 50174-2 "Cabling installation") describe the shielded and unshielded data cabling as well as the grounding and shielding requirements for these systems. When shielded data lines are used, the standards differentiate between areas used for technology (e.g. server rooms and computer centres) and areas used for general IT purposes. In areas used for technology, the standards specify that the shielding must be connected on both ends and that the system and components are tightly intermeshed. In areas generally used for IT infrastructure such as the cables on a floor in a building, the standards specify connecting only one end of the shielding. Connecting both ends of the shielding is optional.

If network operations are disrupted due to transient currents, then the cause of their formation should be analyzed first. Since the frequencies used in IT transmission methods are constantly increasing, the systems become more sensitive to high-frequency interference. In addition, the systems themselves can also become emitters of high-frequency interference under some circumstances and disrupt neighbouring equipment and systems. If operational disruptions are detected, then the proper solution must be worked out depending on the local conditions. Since a lot of specialised knowledge is required to do this, it is generally recommended to contract a specialised company to evaluate and analyse the situation and work out a solution.

There are various ways of preventing transient currents on, for example, the shielding of data lines:

Transient currents can be avoided in the TN-C network by only using shielded data lines to link those IT devices connected to a common electrical distribution system. This must be checked and ensured each time the data network is expanded.

Connecting data line shielding at one end only is often suggested as a safeguard for preventing transient currents in TN-C and TN-CS networks. This method is actually effective in terms of transient currents, but it should only be used when absolutely necessary and as a exception to the rule for the following reasons:

- Shielded cables whose shielding is only connected at one end are much more strongly affected by radiated interference. At the same time, they radiate higher levels of interference than unshielded balanced lines. It must therefore be assumed that there will be more interference in the data transmission (e.g. in terms of availability or integrity) in cables where only one end of the shielding is connected than in all other cables.

The higher level of emission of exploitable signals from lines connected in this manner represents a security risk in terms of the confidentiality of the information transmitted.

- Even when all technical disadvantages of connecting only one end of the shielding are deemed acceptable, the problem of consistent implementation

(22)

remains. Thorough inspections of all work performed on the data network must be performed to ensure that the shields of those cables where the shield is only connected at one end are not inadvertently connected at both ends. It is very difficult and time-consuming to find these types of connections later on.

In terms of safety, it is best to design the power distribution network in the entire building as a TN-S network. In this case, the PE and N conductors are routed separately after the potential equalisation bar (PEB). It is generally not necessary to take individual safeguards on IT devices in this case any more. However, note the information in section S 1.28 Local uninterruptable power

supply (ups) about the formation of a new TN-S network for the connected

devices.

To ensure and maintain the effectiveness of the TN-S network design, it must be ensured that the only connection between the PE and N conductors in the entire network is on the PEB (ground). In actual practice, though, accidental creation of another connection between the PE and N conductors when a new device is connected or when working on the network cables cannot be ruled out. For this reason, changes to the data network should always be coordinated with facility management. Furthermore, a TN-S network should be checked at regular intervals for proper grounding. This can be done whenever performing the inspections of the power supply network required anyway and when problems are suspected (for example if intermittent disruptions in the data network occur over a longer period of time). Ideally, a TN-S network is equipped with a differential current monitor.

The following diagrams show how transient currents can form on shielding as well as possible countermeasures:

(23)

Figure 1: Formation of transient currents on shielding and possible countermeasures for a TN-C network

Figure 2: Formation of transient currents on shielding and possible countermeasures for a TN-S network

- Which type of network is used in the building?

- Are there rules specifying when to check if the power supply network is properly grounded?

- Are the measured values monitored daily by an existing, permanent differential current monitor?

(24)

S 1.65

Renewal of IT cabling

Initiation responsibility: Planner, Head of facility management, Head of IT

The rapid progress in information technology, and in particular the requirements placed by new IT applications, often results in considerations to modernise or completely replace existing IT cables in buildings containing older IT cabling.

The time and expense needed to replace the existing IT cabling with completely new secondary and tertiary cabling should not be underestimated. Experience has shown that after an initial examination of the financial expense and organisational difficulties associated with a comprehensive modernisation project, the decision to use the existing IT cabling as long as possible is usually made.

The IT cabling should only be completely renewed when it can be assumed with complete security that the business processes in the organisation will not be provided enough support using the existing IT cabling. Examples of clear indications that the existing IT cabling cannot be used any more are:

- Installing cables to connected additional users results in constant disruption of network operations.

- The existing network suffers from frequent network failures due to short circuits in a token ring or the formation of loops from loose contacts on IBM IVS Type-1 Ethernet cables, for example.

- The existing cabling cannot meet the capacity demands any more because, for example, entire floors are connected using IBM IVS Type-1 cabling, which has a maximum transmission rate of 10 Mbit/sec.

When the IT cabling is to be renewed, all planning steps required for an initial installation must be followed (see S 2.395 Requirements analysis for IT

cabling). The requirements analysis and the assessment of the growth in

demand are performed at the beginning in this case as well.

Note that when replacing older Type-1 cables, the cable routes must be examined to determine if they can be used as is with the new cables, especially in the tertiary area. Since Type-1 cables permit a maximum cable length of only 150 meters, it may be necessary to install an additional floor distributor at a suitable location to limit the connection length of category 5 or higher cables to a maximum of 100 meters. In this case, the connection length is calculated as the sum of the length of the tertiary cable plus the length of the patch cable. If an empty building is modernised, then only a technical services plan needs

(25)

- Is a written requirements analysis available to plan the modernisation? - Have the lengths of the cable routes of the existing cables been checked?

(26)

S 1.66

Compliance with standards for IT cabling

Implementation responsibility: Head of IT

A standard titled "Generic cabling systems" was published in 1995 that described for the first time the topology and classification of communication links with defined properties as well as a uniform interface for connecting terminal devices. These requirements apply not only to cabling used in office buildings, but can also be applied to other areas of application.

Under the responsibility of the European Committee for Electrotechnical Standardization (CENELEC), the standards are monitored, coordinated with the international committees (ISO/IEC), and, if necessary, advanced and refined.

The standards provide users with support in the building planning, cabling design, planning, implementation, and operation phases of communication cable systems.

In addition to EN 50173-1 - Generic cabling systems, General requirements and Part 2 Office premises, Part 3 Industrial premises, Part 4 Residential

premises, and Part 5 Data centres, which were available as a draft at the time

this document was written, there are other standards used in planning and installing IT cabling.

When translated to the phase model of the IT Grundschutz Protection catalogues, the standards can be categorized as follows:

Building planning

- EN 50310 - Application of equipotential bonding and earthing in buildings with information technology equipment

5.2: Common bonding network (CBN) within a building

6.3: AC distribution system and bonding of the protective conductor (TN-S)

Cabling design

- EN 50173-1 - Generic cabling systems, General requirements and Office premises

4: Topology

5: Transmission route capacity 7: Cable requirements

8: Connection technology requirements 9: Cord requirements

(27)

4: Safety requirements

5: General installation practices for metallic and optical fibre cabling 6: Additional installation practice for metallic cabling

7: Additional installation practice for optical fibre cabling

- EN 50174-3 - Cabling installation, Installation planning and practices outside buildings

Implementation

- EN 50174-1 - Cabling installation, Specification and quality assurance 6: Documentation

7: Cabling administration

- EN 50174-2 - Cabling installation, Installation planning and practices inside buildings

4: Safety requirements

5: General installation practices for metallic and optical fibre cabling 6: Additional installation practice for metallic cabling

7: Additional installation practice for optical fibre cabling

- EN 50174-3 - Cabling installation, Installation planning and practices outside buildings

- EN 50346 - Cabling installation, Testing of installed cabling 4: General requirements

5: Test parameters for balanced cabling 6: Test parameters for optical fibre cabling Operation

- EN 50174-1 - Cabling installation, Specification and quality assurance 5: Quality assurance

7: Cabling administration 8: Repair and maintenance

(28)

S 1.67

Dimensioning and use of cabinet systems

Implementation responsibility: Head of IT

To improve the operational safety of servers and of active and passive network components, these devices should be installed or mounted in cabinet systems. Cabinet systems are often referred to as 19-inch racks, server cabinets, or even network cabinets, depending on the type of application.

System cabinets are standardised according to DIN IEC 60297 and DIN 41494

"Mechanical structures for electronic equipment". This makes it possible to

install devices from any manufacturer as long as the device complies with these standards. Components complying with the standards mentioned above can frequently be recognized by the phrase "19-inch installation".

Cabinet systems are available with various inside and outside dimensions. The most widely used cabinets have space for a total of 42 rack units (42 U). Depending on whether the cabinet systems are installed in closed distribution rooms or in rooms accessible to the general public, the cabinet systems must be equipped with doors, side panels, and closing devices appropriate to the corresponding protection requirement. Pedestals under the cabinets make it easier to insert the required cabling. Another advantage of using a pedestal is that there is extra space between the floor of the room and the IT systems. In this case, minor flooding will not automatically lead to damage of the IT systems since the devices are positioned higher. When the distribution room is correspondingly secured and ambient conditions permit, the cabinets do not necessarily need doors and side panels.

The internal design of the cabinet absolutely must take maintenance aspects into account. For example, modules must be able to be swapped as quickly as possible in a patch switching system without adversely affecting neighbouring systems. This requires the components to be installed accordingly to anticipate this as well as a corresponding patch cable management. It is therefore advantageous when it is possible to route the electrical cabling and the IT cabling stably and with protection. Many cabinet system manufacturers offer components that can be used to adapt the cable routing inside the cabinet to the specific requirements and desires of the user. Excessively long patch cables are to be avoided.

When planning the equipment to be installed in the cabinet, note that the capacity of cabinet is usually limited by the amount of heat dissipated by the installed devices and not by the available installation dimensions. Problems with heat dissipation can arise when the thermal load of the devices installed is too high.

(29)

warm air flowing out of a component absolutely must not be allowed to adversely affect the flow of cold air to neighbouring components. Sealing each of the cabinets in the row of cabinets can counteract this problem.

The cabinets must be equipped so that the active components can be operated within the prescribed temperature range. In the simplest case, passive cooling of the cabinet will suffice when there is enough cool ambient air available in the room. Fan systems can be used in closed cabinets to support passive cooling of the cabinet. If the thermal load is to high, active cooling systems of various design can be used. There are two types of active cooling: room cooling and cooling systems that can be attached to the cabinets.

To be able to operate compact IT components with very high heat dissipation, the use of special cabinet systems with independent climate control systems can be considered. Such cabinets, which usually use a liquid coolant internally, should only be used after performing a requirements and risk analysis.

All types of climate control require exact planning that takes all possible influencing parameters into account, including a corresponding examination of the cost-effectiveness. When using cabinets containing their own climate control units, it must also be noted that climate control devices mounted on side panels or doors can reduce the opening angle of cabinet doors and may project out into escape routes under some circumstances. Wherever possible, the room layout should be planned so that climate control technology can be added to the cabinets if necessary.

It is recommended to create uniform specifications in the organisation for the equipping and use of cabinet systems. The cabling running between cabinets must also be planned carefully (see also S 1.69 Cabling in server rooms). Additional controls:

- Are the cabinets set up and equipped so that all IT systems installed in the cabinet are easy to reach for maintenance purposes?

(30)

S 1.68

Professional installation

Initiation responsibility: Head of IT Implementation responsibility: Head of IT

The installation of IT cabling requires specialised knowledge and extreme thoroughness. When manufacturers of cables and passive components offer warranties whose coverage extends beyond the minimum legal requirements, the warranty is often only valid when a company with certified qualifications performs the installation.

The critical criteria used to determine if the IT cabling was installed properly should be inspected in all phases by the client.

The delivery of the material must be inspected first to check if the right cables and connection components were delivered. The first step in the inspection is to check if the cables and connection components (e.g. shielding) categories match.

If the cables and accompanying material will not be installed immediately, then they must be stored appropriately. The storage location must be dry and provide protection against strong climatic influences.

It is recommended to leave the stored material in the original packaging until it is installed.

When laying IT cabling, special care must be taken to ensure that no damage occurs during installation and that the cable routes are chosen so that damage to the installed cable due to normal use of the building is impossible.

In addition, it must be ensured in general that the IT cabling is routed separately from the electrical cabling. Even a centre rail in a channel carrying both types of cable will usually help to prevent the power cables from affecting the IT cables.

The protective safeguards and load limits must be observed when laying the cable:

- Before laying the cables, all wall openings or similar openings must be rounded out and smoothened to prevent mechanical damage to the cable sheathing when pulling and securing the cables.

- The cables must not be bent past the minimum bending radius during installation and operation. If the bending radius is not marked on the cable, then EN 50173 applies, which means that the smallest permissible bending radius may not be less than 8 times the outer diameter of the cable. Correspondingly, it must be ensured that the cables in the cable channels and cable trays are not bent past the permissible bending radius.

(31)

- When pulling cable, only suitable lubricants may be used as pulling aids. Lubricants free of grease and oil (e.g. talcum powder) must be used.

- Cables may not be pinched or crushed in any way when securing them on a cable tray with cable ties or cable clips.

Cables should be concealed or installed in cable channels or on cable trays. Open installation of cables is permissible, of course, but it must be ensured that the cables cannot be damaged when run over by office furniture or transportation equipment, for example.

- Were the manufacturer specifications for pulling and installing the cable checked and followed?

- Will compressive loads on the cable be avoided when securing and using the cable?

(32)

S 1.69

Cabling in server rooms

Implementation responsibility: Planner, Head of IT

The principles of structured cabling systems in EN 50173-1 "Information

technology - Generic cabling systems - Part 1: General requirements" must

also be followed, especially in server rooms and computer centres. An extension, EN 50173-5, has been developed and published as a draft standard especially for computer centres. This makes implementation of the requirements in the standard easier for the user.

The requirements from the existing or planned network concept for the organization form the basis for structured IT cabling in server rooms and computer centres. The structure specifies how the servers will be networked and how they are connected to the LAN, external networks, and providers. Possible expansions of systems such as terminal servers, KVM switches, and SAN/NAS (Storage Area Network, Network Attached Storage) currently in use or in planning to support operations in the organisation must be taken into account accordingly. The basis for the structure of the access and concentration areas of the IT cabling, analogous to the building structures with floor distributions and building distributions, is therefore specified as well. In large installations, groups of cabinets in which servers are set up are often assigned to one "network cabinet". Permanent cables or special system cables for server rooms are installed between the network cabinets and the server cabinets assigned to them. The network cabinets are also connected to each other corresponding to the requirements of the organisation.

To optimally utilize the area available in the server room or computer centre, it is necessary to develop a room layout that meets the demands and requirements. In this room layout, the areas needed for the cabinets containing the systems operated by the organisation (storage systems and active and passive components as well as servers) must be specified with space reserved for future use. Safety aspects such as the layout of the escape routes, operational aspects such as the layout of the transportation paths, and climate control issues must all be taken into account. The planning of the electrical power supply and the cable routes can then be performed based on this room layout.

It is recommended to use heavy-duty raised floors in server rooms and computer centres (see S 1.49 Technical and organisational requirements for

the data centre). If the raised floor is used to supply air to the climate control

systems in the cabinets, then the tray systems must also be taken into account. Too many trays crossing each other between the fresh air supply in the raised floor and the cabinets with high thermal loads located further away can result

(33)

It is recommended to fasten all cables in place wherever possible. This requires proper installation of the cables in the tray systems in the raised floor or under the ceiling. Servers should not be connected to server switches located in the middle of the room using patch cables but without an additional tray system, even if this type of cable installation is commonly encountered in practice. Such "exposed cabling" is hazardous, particularly when cables are installed later.

Cabinet systems meeting the requirements of the organisation in which there are pre-mounted systems for routing cables and holding surplus cables permit organised and easy-to-maintain cable routes in the cabinet.

Even if only a few cabinets are networked, it still useful to install patch panels in the cabinet systems to connect the servers, and to install a permanent connection from these patch panels to the network nodes in the server room. If a completely new design is to be made, then one patch panel per cabinet for category 6 or 7 copper cable (CAT 6 or CAT 7, suitable for 10 Gigabit connections) should be considered and, if necessary, equipping them with a fibre optic cable patch panel. The latter can be used, for example, to connect the servers to the storage network. Of course, the equipping of cabinets must be coordinated with the planning entity in the organisation.

If there are no constructional issues speaking against it, then routing the cables over cable trays installed under the ceiling of the server room is to be preferred to routing the cables through the raised floor. Routing the cables through the raised floor can adversely affect the required supply of cool air, especially when the space under the raise floor is used for climate control. Furthermore, experience has shown that laying the cables in the raised floor also increases the risk of not being able to remove unneeded cables any more. When the cables are routed through easily accessible trays on the ceiling, then it is generally much easier to remove old cables.

- Are the principles of structured cabling also followed in the server room? - Will the specifications and plans from the organisation be taken into

(34)

S 2.19

Neutral documentation in distributors

Initiation responsibility: Head of facility management

Implementation responsibility: Head of facility management, Planner

There should be documentation in every distributor reflecting the current terminal block and line assignments. This documentation must be kept as neutral as possible. Only existing and used connections should be listed in the documentation. Unless explicitly required (e.g. for fire alarm lines), no information regarding the use of the lines should be specified. In many cases, the line, distributor, and room numbers will suffice. Any further information must be provided in review documentation.

- How will it be ensured that the documentation is always up to date?

- How will it be ensured that the documentation does not contain any unauthorised information?

(35)

S 2.20

Monitoring of existing connections

Initiation responsibility: Head of facility management, Head of IT Implementation responsibility: Head of facility management, Planner

All distributors and duct boxes for the cabling must be visually inspected (spot checks at a minimum) at regular intervals. You must check the following during an inspection:

- for traces of attempts to open locked distributors by force, - if the documentation in the distributors is up to date,

- if the actual line and terminal block assignments match the information in the documentation,

- the integrity of the short-circuits and grounding of unused lines, and - for inadmissible installations or modifications.

A functional check can be performed in addition to the purely visual inspection. In this case, the necessity of existing connections is to be reviewed, and the connections must be checked for compliance with the technical parameters. For connections located in areas without access protection, it is recommended to perform this check in two cases:

- on connections used very seldomly and on which manipulations cannot be detected immediately, and

- on connections used frequently and regularly to transmit particularly sensitive information.

All irregularities found during a visual inspection or functional control must be documented immediately, and the organisational unit responsible must be informed immediately so that the necessary safeguards can be initiated in a timely manner. It is also important not only to eliminate the irregularities found, but also to determine their cause.

- At what intervals are existing connections checked?

- How are the irregularities found documented and followed up on? - Who is to be informed of the irregularities found?

(36)

S 2.395

Requirements analysis for IT cabling

Initiation responsibility: Planner, Head of IT, Head of facility management

Implementation responsibility: Planner, Head of IT, Head of facility management

Various questions need to be answered when analyzing the requirements that can affect the economic efficiency of the IT cabling installation and its ability to meet all current and future requirements.

The question usually given the most prominence is the question of what data throughput is required. To answer this question, the planned level of usage in the short term in the organisation is estimated first, and then the development of the IT usage over a longer term is estimated based on this.

Two developments must be taken into account when answering this question: On the one hand, the price of bandwidth is continually dropping. The result is that services offered by third parties and that need to be obtained from these third parties place constantly higher demands on the capacity of the IT cabling. In addition to the typical IT services such as e-mail and the Internet, services ranging from voice and video transmissions to digital television are now being added to IT network services. The resulting increase in bandwidth demand must be taken into account when selecting the quality of the IT cabling.

On the other hand, IT networks are becoming carriers for more and more applications. All applications able to use the protocols and standards of the IT world will probably also use them. This means that in the future, an IT network, and therefore the IT cabling, will not only serve as a communications carrier between computers. Telephony and applications previously dependent on having their own application-specific network technology will be developed further to utilize standardised IT technology. The results of these foreseeable developments are that the number of connections needs to be planned accordingly and that no part of the building can be left out when planning for IT cabling. Furthermore, the cabling inside in a building must be designed to be flexible and expandable since a change in the usage of a room or a part of a building also means a change in the requirements placed on network connections.

In spite of the standardisation of the technology, it is necessary in some cases to plan different or separate cables for certain applications. In especially sensitive areas of application such as alarm signalling technology or machine and plant control technology, it is appropriate or even necessary to use separate cables and switching technology for such applications. If the areas of

(37)

for through well thought out, redundant cable routing (see S 6.103

Redundancies for the primary cabling, S 6.104 Redundancies for the

secondary and tertiary cabling).

Integrity

Shielding against external influences is of the uppermost priority to ensure the integrity of the data transported. This means, above all, that the IT cabling is to be routed separately from the electrical cabling. In addition, it must be determined which cable types are suitable to meet the usage demands (see S 5.3 Selection of cable types appropriate in terms of communications

technology).

Confidentiality

If the confidentiality of the data transported, i.e. the security of the cable, is an important aspect, then fibre optic (FO) cables are the first choice. Fibre optic cables require the potential eavesdropper to use much more complicated technology than copper-based solutions.

Even more important is the protection of distributors and connection sockets to prevent normal IT devices from being connected to the local network to attempt to tap into the network. This also applies, of course, to fibre optic cabling.

In many cases, the confidentiality and integrity of the transported data can be protected using cryptographic methods as an alternative or as a complement, provided that the terminal devices connected and transmission protocols used support encryption. However, cryptographic methods only provide additional protection for the availability in special cases.

Additional requirements

Note also that power can or must be supplied to active components such as IP telephones or WLAN access points through the IT cabling. Copper cabling must be used wherever these types of devices will be connected because power can only be supplied through copper cables.

- Were future users asked for their thoughts about the planning of the IT cabling?

- Is a documented analysis of the protection requirements for the IT cabling available?