Securing Control Networks with the Tofino™ VPN
Version 1.4 of the Tofino Industrial Security Solution introduced a new set of Tofino Loadable Security Modules (LSMs) that enable the creation of Virtual Private Network (VPN) connections in control networks. The Tofino VPN is designed specifically for use within an industrial environment, so it has some unique features tailored for use within SCADA and control systems:
- The Tofino VPN is simple to configure and manage without specialized IT knowledge. In addition, the Tofino VPN uses SSL/TLS (Secure Sockets Layer/Transport Layer Security), avoiding the interoperability issues that plague other VPN technologies.
- The Tofino VPN can transport legacy non-IP protocols (such as GOOSE) over IP networks, so low-cost broadband Internet connections may be used to replace expensive dial-up and leased-line services.
- The Tofino VPN can be combined with other security features such as the Tofino Firewall and Modbus TCP Enforcer to ensure only authorized traffic enters and exits the VPN tunnel.
Securing Control Networks with the Tofino VPN Application Note (340kb)