Tofino Xenon Tofino Configurator 2 - Industrial Networking · Tofino Xenon Tofino Configurator 2.0 ... •IEC 61850 / IEEE 1613 for Substation ... Next Gen Hardware Platform –strong

© 2013 Belden Inc. | belden.com | @Belden Inc. 1

Tofino Xenon

Tofino Configurator 2.0


Today's Discussion

What is the Tofino Configurator?

Tofino Configurator Philosophy

Tofino Configurator Work Flow

Advanced Configuration Topics

Questions


• Industrial firewall appliances with easy-to deploy

configuration management software designed for

automation systems:

Focused on securing ICS protocols and devices

Designed not to disrupt critical operations

Easy to use by control systems professionals

What is the Tofino Industrial Security Solution?

Helps make control systems and industrial networks

more reliable


The Tofino Configurator (TC) is part of the Tofino

Xenon family of industrial cyber security devices and

management tools with innovative features:

Intuitive user interface

Simple deployment process – plug & protect

Fast

Flexible, powerful rule creation with built-in templates

Expert system – Firewall rule validation

Enhanced change management and audit controls

Easy integration into 3rd party security products

What is the Tofino Configurator?


History of the Tofino Configurator2008: Tofino

Central Management

Platform (CMP) released.

Designed to be an easy-to-use

firewall configuration tool

2010: Tofino, working with

Exxon, develops next generation

management tool

Tofino Configurator (TC)

2011: TC 1.0 released to

Exxon

2012: Tofino expands TC

features.Releases

ConneXiumTC 1.1 with Schneider

2013: Tofinoreleases

ConneXium TC1.2 with Schneider

Electric

2014: General market

release of TC 2.0 (Tofino Xenon)

Tofino Xenon – built on consistent innovation in

industrial cyber security


• Tofino Xenon Security Appliance: Industrially hardened

devices for securing zones of HMIs, DCS, PLCs, RTUs and other

industrial control devices.

• Tofino Loadable Security Modules (LSM): Software modules

providing security services such as Firewall and Event Logger.

• Tofino Configurator: Windows-based management software for

the configuration of each Tofino SA.

Key Components


New Tofino Xenon Appliance

Redundant power and

alarm relay connector

USB Connector for

external memory

Screw connector for ground

connection

LED status indicators

Wiring diagram - power &

alarm connector

Load/Save/ Reset button

ID Label

Digital input feature

• Real Time Clock & Digital Input

• Extended temp range -40/70°C

• Added Certifications : • ATEX / HazLoc for Oil&Gas (pending)

• GL for Shipbuilding & offshore (pending)

• IEC 61850 / IEEE 1613 for Substation

• EN50121-4 for Train & Transportation

Identical specifications (form/fit) to

current hardware (EAGLE 20 TOFINO) +

these added features:

Next Gen Hardware Platform – strong life cycle


Loadable Security Modules (LSM)

Current Release: TC 2.0

• NetConnect – provides secure remote configuration over networks

• Firewall - compares network traffic against a set of rules

• Event Logger - logs security events and sends alarms to appliance memory and external alarm management (SIEM) systems

• Modbus TCP Enforcer - content inspection for Modbus TCP and UDP communications

• EtherNet/IP Enforcer - content inspection for EtherNet/IP (CIP) communications

• OPC Classic Enforcer – content inspection and connection tracking for OPC DA, HDA

and A&E communications

Future Release: TC 2.1− Advanced Secure Asset Management – Asset detection and automated rule

generation (will be included with Firewall LSM)

− Additional DPI Protocols - e.g. DNP3, GOOSE, IEC-104,etc.


Tofino Configurator Philosophy

• Simple Work Flow

− A GUI Familiar to Any Windows User

− Product Templates for Common Systems

− Assisted Firewall Rule Generation

• Expert System for Firewall Rule Validation

• Ready to Use Out-of-the-Box


Simple Work Flow

Start Project

Define Tofinos

Define Assets

Define Rules

Apply Config

Verify Config

• Simple work process

• Allows validation of configuration results

• Configuration by either network or encrypted USB drives

• Uses existing Windows user authorization system

Step-by-step work flow – easy and reliable deployment


A GUI Familiar to Any Windows User

• Designed to look and operate just like Windows Explorer

− Project Explorer View : Shows all items in a familiar tree style

− Details View: Shows details of selected items

• Can cut and paste just like Windows Explorer

Control Engineers/Technicians

understand Tofino Configurator immediately


Device Templates for Consistent Rule Sets

Built-in Templates – easily define equipment and rules


Assisted Firewall Rule Generation

Tofino Configurator creates rules

that match your equipment’s communications needs

1. Select Equipment

2. Select “Use Rule Profiles”

3. Rule Auto Generated


Expert System - Firewall Rule Validation

Tofino Configurator checks for missing or invalid rules

and suggests solutions


Ready to Use “Out-of-the-Box”

• Tofino Xenon Firewall shipped with factory installed licenses:

Firewall LSM

Event Logger LSM

User selected Enforcer LSMs – e.g Modbus, NetConnect, etc

• Tofino Configurator

License Activation Key (LAK) included with every firewall

Latest TC software available for download at no charge

Ready to install on any Windows XP, 7, Server 2003 or Server

2008 computer

On-line license activation (24/7) –

Setup Tofino the minute you receive it


Tofino Configurator Work Flow


Tofino Configurator Objects

© 2013 Belden Inc.


A Tour of Tofino Configurator


Step 1: Install Tofino Configurator


Step 2: Create Project


Step 3: Define Tofino Security Appliances


Step 4: Define Assets

• "Assets“ include physical devices (such as PLCs and

computers), as well as "virtual" assets such as a network

• Provides flexibility and ease in creation of firewall rules


Step 5: Define Firewall Rules


Step 6: Configure Event Logger

• The Event Logger LSM provides alarm and event logging.

• Two methods for saving event logs:

− Via syslog protocol to a remote Syslog server

− To local long-term memory in the Tofino SA for later offloading


Step 7: Apply Configuration to Tofino SAs

• Configurations can be applied over the network (if the

NetConnect LSM is licensed) or via encrypted USB drive


Step 8: If Applying Configurations via USB

1. Power on the Tofino SA for at least one minute.

2. Insert the USB storage device containing the prepared files

into one of its USB ports.

3. Press the Save Load Reset button twice.

4. Both the 1/S and the 2/L LEDs will illuminate to indicate a

Load.

5. After a few seconds, the

LEDs will move from

right to left to indicate a

USB Load is in progress.

6. When the flashing sequence

stops remove the USB

storage device.

USB Port for

Configuration

Loading

S/L/R LED Status

Indicators

Save/Load/Reset

Button


Step 9: Verify Configuration

• Verify confirms that the configuration as been successfully

applied and records important status information


Questions?

Tofino Xenon Tofino Configurator 2 - Industrial Networking · Tofino Xenon Tofino Configurator 2.0 ... •IEC 61850 / IEEE 1613 for Substation ... Next Gen Hardware Platform –strong

Documents