If you want to keep your IT infrastructure up and hopping, you better make sure that you don't let your electronics get too hot or too wet. And that's why I want to talk about heating, ventilation and air conditioning better known as h vac. No, I'm not going to turn you into an H vac expert, but I as the security person for an IT infrastructure are very interested in making sure that all my computers are running in a happy happy, good temperature, good humidity environment. Now, the number one rule when it comes to Electronics is that pretty much the cooler you run a piece of electronics, the happier it is, and hv AC is the tool by which we make that happen. Now hv AC has two very different kinds of worlds. The first hv AC world is the office environment, the same office environment that you and I are walking around and taking care of.
In that case, we're trying to set up an H VA system that's designed to be good for human beings, which is going to be Some type of room temperature, I'm not going to get into what that number is, and a good relatively humidity so that people can be comfortable. The second type of hbic are what I'm going to just call server rooms. In this type of situation, we're talking about super powerful, super sophisticated, super expensive, hv AC systems whose only job is to keep those racks and racks and racks of servers nice and cool and running in a 24 seven environment. Now, luckily for us, we don't have to go into tons and tons of detail on HVDC. What we do have to be aware of are some fairly scattered terms that you'll see on the exam that I want you to be comfortable with. And probably the first one is going to be an infrared camera.
Infrared cameras are an important design element for any age HVAC system. with infrared cameras, also known as thermal imagers, whatever it might be. These guys are sensors that look in the infrared range for heat sources, using tools like this We can determine leaks, we can determine big heat emitters and then we can use shielding, or insulation or whatever we need to do to be able to make our HDA systems better. Next is zone based hv AC zone based hv AC. Well, you know what, let me just show you a pitcher. So here's a little diagram of three offices.
Now if you look carefully, you'll see that each one of these offices has its own thermostat. However, we only have a single hv AC system. Now, if you look very carefully, you'll see we have little louvers on everything little doors. So really what's happening here even though we have a single system, people can control the relative heat or cool for their one little zone simply by adjusting their thermostat which will then open and close louvers, which will control the amount of air going into each one of these systems. The last thing I want to cover and probably the big one for the exam are hot and cold aisles if you think About a regular office in a regular office, we usually have AC coming up from the floor. And then we have some type of return air that's up in the plenums in the ceiling.
Now for a regular office environment, that's great. But let's take a look at this diagram. And I could show you some of the challenges we run into when we start going into the server rooms. Now if you take a look at this diagram, we basically have an edge on look at all of these rows and rows and rows of server systems and they generate a lot of heat. So what we typically do is we have cold air coming up from the plenum on the floor, and it usually comes up between two rows, we call this the cooled aisle. Now from the cold aisle, it will then go ahead and take that heat and push it out to the opposite aisles on either side of the cold aisle and then pull that up through the roof itself and what we call warm aisles.
In fact, in most systems today, we We have what we call a contained system. And in this case, what really takes place is the cold air comes up through the plenum, but it's actually pulled out through the real racks themselves. And in that case, the whole idea of cold aisle and warm aisle kind of disappears because the air is all contained within the electronics itself. One of the cool things about today's age HVAC systems is that they're pretty much in and of themselves, their own little networks. A standard HDA system is going to have some type of controller system that's running an operating system. Even the individual little thermostats are often PCs, if not PLCs that have their own little operating systems and controls and interface and everything.
The bottom line is, is that today's h HVAC systems need their own security. So if you're going to be dealing with an H vac system, here's a couple of things I want you to think about. Number one, if at all. Possible do an air gap, keep your h HVAC system completely separated from the rest of your network. And when I say separated, I mean an air gap, no connectivity whatsoever. If you can't do that, at the very least consider putting in a VLAN to isolate your HVAC system from the rest of your network.
This is actually fairly common because it a lot of H HVAC systems, you'll see stations all over the place where technicians can go up to do controls to the H HVAC system, not talking to a thermostat, I'm talking about big control systems. Now, if that is the case, this is one place I'm not a big fan of MAC filtering. But here's one place where MAC filtering can actually work by setting up your MAC filtering so that only those workstations that are known to be supposed to be operating the system have access. MAC filtering can be a real plus in that type of scenario. The last one is well a bit of a problem. The reality is is that none of us take care of our own systems in very We have third parties well to certainly install them.
But on top of that, to maintain them, and to keep them up and running and keep everything happy. And unless you actually want to pay for a third party technician to be in your location 24 seven, we usually have remote monitoring, which is a very common thing to do. And unfortunately, there have been some fairly public security breaches as a result of bad guys using third party remote monitoring functions to get into a primary network. So if you're going to be having that type of stuff, work out with your service level agreements to make sure that your vendors, your suppliers, your maintainers, whoever it might be, at the very least are using VPN access to get into your h vac system. And if you can really do it right, throw in 802 dot one x. All right.
So we've covered a couple of very basic points here. Keep in mind the exams not going to hit you very hard on h back, it expects you as a security person to have an understanding that there can be issues that come Up. However, when it comes to actually keeping these things up and running, leave it to the pros.