MODULE 31
Environmental Security and Controls
Environmental security is not one of those things that IT professionals typically think about; it’s one of those things that the facility folks usually take care of, right? Au contraire! As a security professional, the environment that your systems are housed in affects their security in at least one very important way: availability. Remember earlier in the book where we discussed the CIA triad, which consists of confidentiality, integrity, and availability? Availability is one of the key concerns for security professionals, and both environmental and physical security directly affects system availability for your users.
In this module, we are going to discuss environmental controls and how to secure systems with different environmental factors in mind. We’ll take a look at issues such as temperature, humidity, and interference, among others. You’ll need to know how these things affect the availability of your systems, both for the exam and, more importantly, for your real-life role as a CompTIA Security+ certified professional.
Environmental Controls
Over the course of the next two modules, we’ll compare and contrast the different environmental and physical security issues and controls, starting with the environmental controls necessary to keep equipment running at peak efficiency. Another important aspect of environmental controls in general is that your facility must adhere to national and local laws and codes (building, fire, and electrical codes in particular), so managing these controls not only provides for the availability of your systems, but also for compliance with laws and regulations. The controls that directly affect the environment your systems live in include electrical interference controls, HVAC controls, temperature and humidity controls, and fire suppression. We’re going to take a look at how each of these affects availability, some issues that can occur with them, and the measures you can take to ensure that potential issues don’t adversely affect your systems.
EMI and RFI Shielding
Electromagnetic interference (EMI) and radiofrequency interference (RFI) are two types of electrical interference that can cause issues with the electrical power that flows into your systems. Either can result from power entering your facility or supplying your systems that is not considered “clean” power. In other words, it’s incoming power that has electrical interference and voltage fluctuations (sometimes referred to as line noise). These two types of interference can cause issues with power that could affect your systems, causing them occasionally to freeze, reboot arbitrarily, or do other weird things.
EMI can be created by all kinds of sources, including lightning, electrical motors or generators, and even fluorescent lighting that’s been installed too close to power or data cables. Some of these issues can be taken care of in advance with good facility design, but you don’t always get that luxury if you’ve moved into an existing facility that has these problems. And even if you can spend a lot of money, you can’t always tear apart walls or ceilings and rip out and rerun cabling, any more than you can control the type of power the power company supplies to your facility. However, there are some things you can do to help prevent and minimize EMI.
The first preventative measure is to use specially shielded Ethernet cable (Figure 31-1) that can prevent outside interference from causing line noise. This type of cable reduces the amount of EMI in both data and power cabling. It can allow cleaner data transmissions, as well as cleaner power, to get to your systems. The second thing you can do is to use power conditioners, uninterruptible power supplies (UPS), and other devices that clean up power before it gets to your systems, ensuring that a consistent and constant source of clean power is delivered to your computer equipment. These special devices are also known as voltage regulators or line conditioners. Most modern data centers have this type of equipment, as well as robust power cabling and construction, so that they can deliver clean power to equipment.
Figure 31-1 Shielded Ethernet cable
Fire Suppression
It goes without saying that fire is a serious issue that can affect the safety of personnel as well as that of equipment and facilities. To protect against fires, you first should know how to prevent them, then how to detect them, and finally how to suppress them when they do occur. Prevention is your best insurance policy against fire damage; make sure that the work space is free of combustible materials and that all hazards that could cause a fire are minimized as much as possible. Prevention also means educating people on the different causes of fires and how they can help prevent them.
Absent prevention, detecting a fire is also important. Quick detection means that you can save lives and prevent damage to facilities and equipment. Detection methods include heat, smoke, light, and gas detection. Obviously, simple smoke detectors located throughout the facility will help, but you also may need more advanced detection systems in large operations or data centers. Some detectors are smoke activated, others are heat activated. You also may need to install temperature sensors throughout areas that are hard to see or reach, where there may be a lot of equipment that heats up easily, or where there are major power outlets or connections. Photoelectric devices detect changes in light intensity, so they can detect smoke or intense light from flames. Other types of fire detection equipment include devices that can detect hazardous fumes or gases that may result from fires burning plastics and other noxious materials.
There are four basic classes of fire, and each has its own preferred method of suppression. Because fire reacts differently to different materials, there are some suppression methods you would not want to use with certain fires. For example, you would not want to spray water on an electrical fire because of electrical shock hazards. You also might not want to spray water on a flammable liquid fire, because it can cause a fire to spread uncontrollably.
Although some data centers have sprinkler or sophisticated water suppression systems (wet and dry pipe, and deluge systems) to put out large fires, water can pose several disadvantages. First, as mentioned in the case with electrical fires or flammable liquids, this can actually cause the fire to be worse or can cause other hazards. Second, even if water can put out the fire, it’s likely going to damage electrical equipment, furniture, and facilities, especially if it’s a large amount of water dumped onto a huge fire. Earlier data centers also used Halon gas, which was shown to be extremely dangerous to humans (it removes all of the oxygen out of the room, not only putting out the fire, but also potentially suffocating any of the survivors), as well as harmful to the ozone layer in the atmosphere. Halon was banned in 1987, however, and it hasn’t even been manufactured in several decades.
For those of you who are A+ or Network+ certified: Do these fire extinguisher examples sound familiar? They should, because they are on all three exams.
Most modern data centers these days, instead of having some type of water or Halon fire suppression systems, have foam fire suppression systems, such as FM-200 or another approved chemical foam. This type of system is not only very effective for putting out large fires, but is also typically safe for humans and equipment. It may be a real pain to clean up the mess afterward, though! Fortunately, if the fire is caught early enough, it can be extinguished with ordinary hand-held fire extinguishers that should be located throughout the facility (by law). It’s best to use the type of fire extinguishers that are appropriate for the type of fire you have. Table 31-1 lists the different classes of fires, their characteristics, and the different materials that are in the appropriate fire extinguishers for those types:
Table 31-1 Types of Fires and Appropriate Fire Extinguishers
HVAC
Heating, ventilation, and air conditioning (HVAC) systems are designed to make sure that the environments that humans work in, and that equipment functions in, are kept comfortable, at the right temperature and well ventilated, and that the air quality in them is at a consistently good level. These systems are an important part of any business, to be sure, but they are that much more important in an operations or data center that has a lot of hot equipment and requires controlled temperature and humidity levels. Most large data centers may even have their own dedicated HVAC systems that are separate from the rest of the facility, since computing equipment tends to draw a lot of power and requires very sensitive, specialized equipment to keep it within an acceptable range. Most HVAC controls are automated and can be controlled from a centralized facility, such as a physical plant or operator console.
Temperature and Humidity Controls
As part of the HVAC system within a facility, temperature and humidity controls are of critical importance in a data center. Most people find that data centers are cooler than they find comfortable, so it’s not unusual to see people dressed in sweaters or light jackets inside of a data center, even on a hot August day in Alabama or Texas. This is because equipment tends to heat up a great deal during its normal operation, and when you have a great deal of equipment crammed into what may be a small room, the temperature can rapidly increase. To that end, temperature controls are designed to keep room temperatures cool. In addition to breaking down and simply not operating properly, overheated equipment can also be permanently damaged and can occasionally start fires.
Humidity, the amount of moisture in the air, is also an issue in data centers, regardless of the season. If the weather or climate is dry, the air contains less moisture, and this can cause a lot of static electricity. Static electricity in a data center is a bad thing, because if two components touch, or even if a person touches a piece of sensitive electronic equipment, static electricity can damage that equipment. On the other hand, in high humidity areas or seasons, there’s more moisture in the air, which of course can adversely affect electrical equipment. Moisture can cause condensation, which means that water can drip into electrical components, damaging them or causing them to short out and possibly start a fire. Either way, too much humidity or not enough humidity is a bad thing for computing equipment.
Devices that monitor humidity in a data center are called hygrometers, or sometimes, if the device can measure both temperature and humidity at the same time, hygrothermographs. Like automated temperature controls and other HVAC equipment, these devices can be centrally monitored through a remote console and alert operators whenever the temperature or humidity changes from certain levels. HVAC controls can be automatically or remotely adjusted based upon information received from these monitors.
Hot and Cold Aisles
Hot and cold aisles are a concept that relates to designing the layout of data centers intelligently and efficiently. In this type of setup, aisles of equipment racks are set up such that there are alternating hot and cold aisles, enabling cooler air to be blown into equipment as hotter air is pulled away from them. This involves not only arranging equipment in certain ways by aisle (usually with the different pieces of equipment in the different aisles facing each other), but also using ventilation and air ducts appropriately within these hot and cold aisles, both in the floors and ceiling. Figure 31-2 illustrates how hot and cold aisles work.
Figure 31-2 An example of hot and cold aisles
Environmental Monitoring
Even if all of the controls we’ve discussed so far in this module are installed and working, monitoring the environmental controls is still very important, because things can occasionally happen—equipment can break, power cabling can go bad, HVAC systems can break down, humans can fiddle with temperature and humidity controls, and so on. Environmental monitoring ensures that your systems maintain a constant state of ideal temperature, humidity, and power. Environmental monitoring is also used to detect smoke and heat that would indicate the early stages of a fire, and it is a very effective preventative control in this aspect.
Environmental monitoring can be part of your networking facility monitoring systems; you can place environmental sensors throughout a facility that automatically report their status to operator consoles on the same systems that help you monitor other aspects of the network, such as device status, throughput, bandwidth, network traffic, and so on.
Module 31 Questions and Answers
Questions
1. All of the following are causes of electromagnetic interference (EMI), except:
A. Lightning
B. Electrical motors
C. Fluorescent lighting
D. Broadcast storms
2. Which of the following are possible indications of a fire that can be detected through monitoring and detection equipment? (Choose all that apply.)
A. Heat
B. Smoke
C. Light variation
D. Smell
3. Which of the following types of fires is most likely the result of faulty computer equipment?
A. Flammable liquid
B. Electrical
C. Flammable metal
D. Ordinary combustible
4. Your manager wants you to make sure that enough fire extinguishers are available in the data center to take care of possible electrical fires. Which class of fire extinguishers should be used in the data center?
A. Class A
B. Class B
C. Class C
D. Class D
5. Heating, ventilation, and air conditioning (HVAC) systems control all of the following environmental factors in a data center, except:
A. Power
B. Temperature
C. Humidity
D. Air filtration
6. Too much humidly can cause __________, and too little humidity can cause __________. (Choose two.)
A. evaporation
B. condensation
C. static electricity
D. electrical ground issues
7. Which of the following devices would be used to measure humidity levels in a data center?
A. Power conditioner
B. Voltage regulator
C. Thermometer
D. Hygrometer
8. Which of the following describes how equipment racks are set up in a hot and cold aisle design?
A. With the front sides of equipment facing each other
B. So cold air blows into all aisles
C. With the front sides of one row facing the back sides of another
D. So hot air blows into all aisles
9. Which of the following may be centrally monitored by environmental monitoring systems?
A. Bandwidth
B. Humidity
C. Throughput
D. Transmit/receive errors
10. Which of the following problems would environmental monitoring systems be able to detect and correct automatically?
A. Decrease in air quality due to smoke from smoldering electronics
B. Failed power supplies in equipment
C. Temperature increases due to manual thermostat changes
D. Humidity decreases due to failed HVAC equipment
Answers
1. D. Broadcast storms are the result of excessive broadcast traffic on the network; they do not cause and are not related to EMI.
2. A, B, C. Heat, smoke, and light variation can be detected as indications of a fire by modern monitoring equipment. Although the smell of burning materials cannot be detected by fire detection equipment, harmful gases that result from burning certain materials can be detected.
3. B. Electrical fires are most commonly associated with faulty computer equipment.
4. C. Class C fire extinguishers are the appropriate type used in electrical fires.
5. A. Power is not controlled by HVAC systems.
6. B, C. Humidity levels can cause condensation or static electricity issues with electrical equipment.
7. D. A hygrometer is used to measure humidity levels.
8. A. Equipment racks are set up in a hot and cold aisle design with the front sides of equipment facing each other.
9. B. Humidity is monitored by centralized environmental monitoring systems.
10. C. Temperature increases due to manual thermostat changes can be corrected by automatic environmental monitoring systems, if they are configured to do so.