Tofino Xenon Security Appliance
A versatile, extremely ruggedized device that ensures maximum data protection for production systems
- Pre-emptive threat detection
- Threat termination
- Threat reporting
The electrical, environmental, and operational requirements of SCADA and process control systems can make traditional IT-focused security solutions unsuitable for industrial networks. As a result, many critical systems operate with little protection against accidental or malicious cyber events. Entire plants have been shut down by an infected USB key or a misconfigured network device.
The Tofino Xenon Security Appliance (Tofino SA) is ideal for control professionals because it is a Plug-n-Protect™ product, designed to be installed in a live network with no pre-configuration, no network changes, and no plant downtime. It provides a simple and cost-effective way to create zones of security − tailored protection for groups of PLCs, DCS, RTUs, IEDs, and HMIs − as recommended by ISA/IEC-62443 Standards.
Tofino is designed with the environments, staff skills, and needs of industry in mind. It protects better and is easier to install than IT firewalls and other security products.
Summary
Saves You Money Through:
- Improved system reliability and stability
- Reduced down time and production losses
- Lower maintenance costs
- Simplified regulatory and security standards compliance
- Plug-n-Protect installation requires no pre-configuration, no network changes, and no disruption to the control system
- Simple configuration over the network using the free Tofino Configurator software
- Unique 'Test' mode allows firewall testing with no risk to your operation
- Loadable Service Modules (LSMs) pre-installed at factory or purchased separately
- Compatible with all DCS, PLC, SCADA, networking, and software products
- Rugged hardware design for years of reliable service
Applications
- Secure networks with security zones as per NERC, ANSI/ISA, and IEC standards
- Protect connections to partner networks and wireless networks Improve
- SCADA and process control network reliability and performance
Specifications
Configuration Method
- Network: Tofino Configurator uses secure communications to configure the Tofino Xenon security appliances
- Manual: encrypted configuration files may be saved on a USB storage device and loaded into the Tofino Xenon security appliance via a secure USB port
Operating Modes
- Test: all traffic allowed; alerts generated as per user rules
- Operational: traffic filtered and alerts generated as per user rules
The operating mode is controlled remotely from the free Tofino Configurator software.
Firewall
- Stateful layer 2, 3, and 4 filtering
- Deep Packet Inspection (DPI) for SCADA and ICS protocols depending on Loadable Security Modules (LSMs) purchased
Audit Log
Audit capabilities for tracking configuration changes
Security Alerts
Simultaneous event logging to a remote syslog server and local nonvolatile memory for later download via network or USB storage device
Diagnostics
Download to the Tofino Configurator via the network or save locally to a USB storage device
- Status Indicators and Controls Status indicators:
- 'Power', 'Fault', 'Mode', 'Save/Load', 'Reset'
- Traffic indicators: link status, speed, and activity for each Ethernet port
- Pushbutton loads configuration from encrypted files or saves diagnostics to USB storage device
System Requirements
- Tofino Configurator
- Loadable Security Modules (LSM) to implement the desired security features
Interfaces
- 2 x 100BASE-TX, 1 x 100BASE-FX, 1 x 100BASE-TX, or 2 x 100BASE-FX (dependent on device variant)
- Power 12 to 48 V DC, 24 V AC redundant power supply 5-7 Watts (dependent on device variant)
- Dual redundant power inputs; 24-12AWG screw cage terminals
Environmental
- Operating temperature: 0°C to +60°C or -40°C to +70°C (dependent on device variant)
- Storage/transport temperature: -40°C to +85°C
- Relative humidity: 10% - 95% (non-condensing)
Certifications
- Declaration of Conformity: CE, FCC, EN 61131, C-TICK, EN 60950
- Safety of Industrial Control Equipment: cUL508 (dependent on device variant)
- Hazardous Locations: ISA-12.12.-01 Class 1 Div. 2 – Haz. Loc, ATEX-95 Category 3G (Zone 2) (dependent on device variant)
- Railway (norm): EN 50121-4 (dependent on device variant)
- Substation: IEC 61850-3, IEEE 1613 (dependent on device variant)
Mechanical
- Protection Class: IP20
- Mounting: 35mm DIN rail
- Dimensions (mm): 60W x 145H x 125D
- Weight: 660g
Reliability
- 5 year standard warranty on all hardware
- MTBF: 64.2 to 74.5 years (dependent on device variant)