eagle tofino
TRANSCRIPT
-
8/8/2019 Eagle Tofino
1/4
New Product Bulletin
NP 310
Belden Introduces theHirschmann EAGLE TofnoLine o Switches
The Ultimate Zone Level
Security Switch for your control
network
You may not be attacked by a serious hacker,but conventional control networks are extremelyvulnerable to simple day to day security issues.Poor network segmentation, unprotected pointso entry into the network, sot targets such asunpatched PCs and vulnerable PLCs, and human
error can result in signicant production lossesand even saety issues.
The Tono Industrial Security Solution is adistributed security solution that quickly andcost-eectively implements cyber securityprotection within your control network.
Tonos fexible architecture allows you to createsecurity zones - Zone Level Security - throughoutyour control network to protect critical systemcomponents. Tono helps you meet and exceedNERC CIP requirements and ANSI/ISA-99Standards. And best o all, it helps you avoidexpensive down time and achieve optimalperormance in your plant.
EAGLE Tofno Key Benefts
No IT knowledge required
Enhanced security and saety
- Extend Cyber Security down into the
control network
Simplied regulatory and standardscompliance
- FERC / NERC CIP
- ANSI / ISA-99
- IEC 62443
Protect Your Control System
Against Network Problems
and Cyber Threats
-
8/8/2019 Eagle Tofino
2/42
Design your security system inour easy steps
Step One:
Determine where to place Tofno Security
Determine where Tono Security Appliancesneed to be placed to create Zone LevelSecurity or the devices in your network.
Note: the ANSI/ISA-99 Standards recommendcontaining communication in control sub-systems known as zones.
Step Two:
Determine which Tofno LSMs are requiredto secure each hardware location
Do you require radar sweeping your networkto track every existing and incoming devicecommunicating through a specic TonoSecurity Appliance? Then load the Tono SecureAsset Management LSM.
Do you require a trac control copor industrial networks checking allcommunications against a list o trac rulesand blocking and reporting trac that does not
match the rules? Then load the Tono StateulFirewall Module.
Do you require a border guard inspectingevery Modbus command and response, blockingand reporting unction codes or registeraddresses not on the allowed list? Thenload the Tono Modbus TCP Deep PacketInspection LSM.
Do you require secure communicationstunnels over your corporate network or theInternet? Then load the Tono VPN Client andServer LSMs.
Step Three:
Choose the best server or workstation orthe Tofno Central Management Platorm
The Tono Central Management Platormsotware enables conguration, managementand monitoring o all your Tono SecurityAppliances rom one workstation.
Step Four:
For product and ordering details, go towww.hirschmann.com
Central Management Platorm and Loadable Security Modules
EAGLE TofnoCentral Management Platorm
Confgure and manage security or your
entire control network rom one location
Traditional security devices orce you tocongure them one at a time. This quicklybecomes un-manageable as the number odevices increases. Whats worse, this device-centric view provides no way to see what ishappening at the system level, so diagnosingand correcting security issues is time-
consuming, error-prone, and expensive.The Tono Central Management Platorm (CMP)sotware enables conguration, managementand monitoring o all your Tono SecurityAppliances rom one workstation.
Using the Tono CMP you can quickly createa model o your entire control network. Visualdrag-and-drop editing tools help you create,edit, and test your Tono conguration. And,ater you commission your security system, theTono CMP lets you see the status o the entiresystem at a glance and respond to cyber threatsin a coordinated manner.
Saves you money through:
Increased network availability
Rapid network security deployment
Fast ault nding
Lower training and stang costs
Features
Congure, manage and monitor all TonoSecurity Appliances rom one workstation
Built-in Network Editor to quickly modelyour control network
Visual drag-and-drop editors or quick andeasy conguration o security rules
Pre-dened templates or more than 50industrial communication protocols and over25 amilies o industrial controllers
Applications
Process control
SCADA systems
Discrete control
EAGLE Tofno Firewall
Take control o your network trafc
The vast majority o control networks have littleor no isolation between dierent subsystems.I a device misconguration, hardware ailure,or virus causes a problem in one part o thenetwork, it can spread throughout the entirenetwork in seconds and bring your whole plantdown. Even redundant backup systems can ailsimultaneously i their network connections are
not protected.The Tono Firewall LSM is a trac controlcop or industrial networks, checking allcommunications on your control networkagainst a list o trac rules dened by yourcontrol engineers. Any communication that isnot on the allowed list will be blocked andreported by the Tono Firewall.
Trac rules are created using terms andconcepts that are already amiliar to controlspecialists. And, the unique test mode oTono lets you test your rules without any riskto plant operation.
Saves you money through:
Simpliying compliance to saety and securitystandards
Reduced down time and production losses
Improved system reliability and stability
Features
Trac rules are dened by your controlengineer, speciying which devices maycommunicate using what protocols
Rule denition is simple using a graphicaldrag-and-drop editor
Trac that does not match the rules isautomatically blocked and reported
Over 50 pre-dened IT and industrialcommunication protocols
Over 25 pre-dened controller templates
Pre-dened special rules or advancedtrac ltering and vulnerability protection
Applications
Isolate critical devices rom threat sources
Separate control network into securityzones, restricting communications betweenzones
Protect controllers with known vulnerabilities
-
8/8/2019 Eagle Tofino
3/4
EAGLE TofnoSecure Asset Management
Securely track network devices and easily
create frewall rules
Beore you can protect a control system,you need to know exactly what devices areon the network and how they communicatewith each other. Seems obvious - but withtodays complex systems, getting completeand accurate inormation about the installeddevices and protocols can consume a huge
amount o eort.Like radar, Tonos Secure Asset Management(SAM) and Loadable Security Module (LSM)tracks every device that communicates throughyour Tono Security Appliance. However, itdoes it without using traditional scanningtechniques. Tono SAM identies devicesso you can easily create trac rules usingdenitions rom the Tono CMPs database. Iyou need to modiy trac rules during testing,Tono SAMs rule wizard guides you using datagathered rom Tonos security alerts.
Saves you money through:
Increased reliability due to improved security
Simplied regulatory and security standards
Reduced time and eort to get up-to-dateinventory lists
Lower engineering and IT costs due to ease orewall rule creation
Reduced commissioning time
Features
Locates network devices without any processdisruption using Passive Asset Discovery
Identies equipment and suggests rewallrules using a built-in control device database
Guides the creation o rewall rules usingblocked trac reports and the AssistedRule Generation wizard
Reports newly-discovered assets as securityalerts
Provides current and detailed inventory lists
Applications
Tono installation, deployment and testing
ISA-99 and NERC compliance via assetinventory lists and continuous monitoring
Detection o non-approved devices (e.g.laptops) on the control network
EAGLE TofnoSecure Asset Management
Advanced cyber threat and saety protection
or your Modbus devices
Did you know that any device with a networkconnection to a Modbus controller canpotentially change any o the controllers I/Opoints or register values? Many controllers caneven be reset, disabled, or loaded with newlogic or rmware.
The Tono Modbus TCP Enorcer is a contentinspector or Modbus communications,checking every Modbus command and responseagainst a list o allowed commands dened byyour control engineers.
Saves you money through:
Simpliying compliance to saety and securitystandards
Reduced down time and production losses
Lower maintenance costs
Improved system reliability and stability
Features
First-ever application o content inspectiontechnology to industrial protocols
Control specialist denes list o allowedModbus commands, registers and coils
Automatically blocks and reports any tracthat does not match your rules
Protocol Sanity Check blocks any trac notconorming to the Modbus standard
Supports multiple master and slave devices
Simple conguration and monitoring usingthe Tono CMP
Certied Modbus compliant by Modbus-IDA
Applications
Oil & Gas custody transer
Saety instrumentation systems
Managing PLC programming stations
Display-only HMI panels
Partner access to telemetry data
Quickly and saely identiy network devicesand dene trac rules
EAGLE Tofno VPN Server and Client
A VPN system that is easy to deploy and doe
not risk industrial processes
Industrial acilities oten want to utilizehigh-speed Internet connectivity in order tointegrate control systems and/or people rommultiple locations. How can you take advantageo this cost-eective technology withoutrisking viruses or inappropriate access to yourcontrol and SCADA systems?
The Tono VPN solution creates secure tunnelso communication over untrusted networks,such as the Internet or corporate businessnetworks. Unlike other VPNs, the Tono VPN iseasy to deploy, test, and manage. This ensuresthat good security is not compromised becauseo conguration errors.
The Tono VPN also supports legacy automationdevices and protocols, and is industriallyhardened. Best o all, it can be combined withother Tono LSMs, such as the Tono FirewallLSM or the Tono Modbus TCP Enorcer LSM, toprovide a comprehensive security solution.
-
8/8/2019 Eagle Tofino
4/4
www.hirschmann-usa.com
Copyright 2009 Belden, Inc.
Printed in U.S.A
NP 310-EAGLE Tofno 122009
EAGLE20 Tofno Security Appliance
Protect your control system against network
problems and cyber threats
The electrical, environmental and operationalrequirements o SCADA and control systemsmake IT-ocused security solutions unsuitableor use in industrial networks. As a result, thevast majority o these systems are operatingwith little or no protection against accidentalor malicious cyber attacks. Even a singleinected USB key can shut down an entireplant.
The EAGLE20 Tono Security Applianceprovides leading-edge Zone Level Security -
tailored protection or groups o PLCs, DCSs,RTUs and HMIs, as recommended in ANSI/ISA-99 Standards. Tono can be installed andimplemented in a live network with no specialtraining, no pre-conguration, and mostimportantly, with no system downtime.
Tono is designed rom the ground up with arugged environment, sta skills and needs oindustry in mind, and it protects better andis easier to install than IT rewalls and othersecurity products.
EAGLE20 Tofno Security Appliance
Central Management Platorm
Order Inormation
Designation Part No. Product Description
EAGLE Tofno Central Management Platorm 943 987-900 Central management platorm or EAGLE Tofno
EAGLE Tofno Firewall LSM 943 987-910 Firewall Loadable Security Module or EAGLE Tofno
EAGLE Tofno Security Asset Management LSM 943 987-911 Security Asset Management Loadable Security Module or EAGLE Tofno
EAGLE Tofno Modbus TCP Enorcer LSM 943 987-912 Modbus TCP Enorcer Loadable Security Module or EAGLE Tofno
EAGLE Tofno VPN Serve r LSM 94 3 9 87-913 V ir tual Pr ivat e Net work Serve r Loadab le Secur it y Modu le or EAGLE Tofno
EAGLE Tofno VPN Cl ien t LSM 94 3 9 87-914 V ir tual Pr ivat e Net work Cl ient Loadable Secur it y Module or EAGLE Tofno
EAGLE Tofno Even t Logge r LSM 94 3 9 87-915 Even t Logge r Loadab le Secur it y Module or EAGLE Tofno
EAGLE Tofno VPN PC Cl ient License 943 987-916 Virtual Pr ivate Network PC Cl ient license or EAGLE Tofno
EAGLE20 Tofno TX/TX 943 987-501 EAGLE20 Tofno: Untrusted port - TX, trusted port - TX
EAGLE20 Tofno TX/MM 943 987-502 EAGLE20 Tofno: Untrusted port - TX, trusted port - MM
EAGLE20 Tofno MM/TX 943 987-504 EAGLE20 Tofno: Untrusted port - MM, trusted port - TX
EAGLE20 Tofno MM/MM 943 987-505 EAGLE20 Tofno: Untrusted port - MM, trusted port - MM
Always the Right Solution
Belden is the worlds leading supplier osignal transmission solutions includingcable, connectivity and active componentsor mission-critical applications rangingrom industrial automation to data centers,broadcast studios, and aerospace. Belden oersan extensive and highly specialized productportolio o signal transmission solutions orinormation, control and eld levels, whichthe company produces and markets under itsproprietary Belden, Hirschmann and LumbergAutomation brands.
We welcome the opportunity to speak withyou about our extensive industry portolio andBeldens worldwide service. Further inormationand technical data are available online atwww.hirschmann-usa.com
You can also contact our sales team directly at1-717-217-2299.
4