Modbus/TCP
| Description | Modbus Protocol is a messaging structure developed by Modicon in 1979 originally over serial links. Today its most common form is over Ethernet and TCP/IP and is known as Modbus/TCP. Modbus is used to establish master-slave/client-server communication between intelligent devices. It is a de facto standard, truly open and one of the most widely used network protocols in the industrial manufacturing environment. It has been implemented by hundreds of vendors on thousands of different devices to transfer discrete/analog I/O and register data between control devices. Industry analysts have reported over 7 million Modbus nodes in North America and Europe alone. |
| Protocols Standards Group | Modbus Organization |
| Approvals for Tofino Products | Tested and certified by the Modbus Organization |
Modbus Security Summary
While Modbus is an excellent ICS protocol, it was created before security was a consideration. As a result, it currently has no capability for authentication or authorization control. Any device with a network connection to a Modbus controller can potentially change any of the controller’s I/O points or register values. Many controllers can even be reset, disabled, or loaded with new logic or firmware code.
Known Security Issues and Vulnerabilities
Open Sourced Vulnerability Database (OSVDB)
Tofino Security Products for Improving Security
| Tofino Modbus TCP Enforcer LSM | A loadable security module that provides content inspection for Modbus communications, checking every command and response against a list of ‘allowed’ commands defined by your controls engineer. |  |
| ConneXium Tofino Firewall TCSEFEA | An industrial Modbus/TCP security appliance that uses deep packet inspection technology to restrict network traffic based on user defined rules permitting only authorized devices, communication types and services. |  |
| Honeywell Experion Modbus TCP | A preconfigured security appliance that allows only Modbus/TCP traffic to pass and ensures that the master initiates all communications. |  |
| Honeywell OneWireless | A preconfigured security appliance that filters bi-directional network traffic between the Experion control network and the OneWireless™ sensor data network, blocking any unnecessary traffic or threats. |  |
| Honeywell Modbus Read-only Firewall | A preconfigured security appliance that filters network traffic between the Experion control network and the Safety System, allowing the Experion to only read SIS data and to respond to time synchronization requests. |  |
Application Notes
- Defense in Depth Protection for Honeywell Experion
- Securing Redundant Links to Safety Shutdown Systems
- Use of Tofino SA with HIMA Products
Articles
- Cyber Wars
- Network Security Matures
- Wolves at the Security House Door(s) , Part 2
- ANSI / ISA99 security standards and the Tofino Industrial Security Solution
- Wolves at the Door(s) of the House of Straw
Blog Posts
- Securing Offshore O&G Platforms - Advanced Threats need Advanced Firewalls
- SCADA Security Basics: Why are PLCs so Insecure?
- Using Modbus PLC's? Here's How To Protect Them
- Easy-to-use Schneider ConneXium Tofino Firewall Advances SCADA Security
- Making SCADA Security Simple with the Schneider ConneXium Tofino Firewall
- Why SCADA Firewalls Need to be Stateful – Part 1 of 3
- SCADA Security & Deep Packet Inspection – Part 1 of 2
- Fixed Configuration Firewalls, Safety Systems and Reduced Human Error
- Securing SCADA systems from APTs like Flame and Stuxnet – Part 2
- Getting Started on ICS and SCADA Security (Part 1 of 2)
- SCADA Security and Deep Packet Inspection – Part 2 of 2
- Securing Industrial Protocols – It Can Be Done
- PLC Security Risk: Controller Operating Systems
- The Italian Job – Multiple SCADA / ICS Vulnerabilities Go Public
- Secure Industrial Networks with the Right Tools
- “Rip and Replace” Approach to SCADA Security is Unrealistic
- Digital Bond Testing Proves Tofino Hardens Vulnerable SCADA Protocols
- Awesome SCADA Security Operations Centre
- Why SCADA Firewalls Need to be Stateful – Part 3 of 3
- Why SCADA Firewalls Need to be Stateful – Part 2 of 3
- Defense in Depth: Layering Multiple Defenses - Part 2 of 2
- A Truly Portable SCADA Security Simulator
Press Releases
- Belden Assists Schneider Electric to Secure Critical Industrial Automation Systems
- Belden Helps Schneider Electric Secure Critical Industrial Infrastructure
- Tofino Undergoes Advanced Cyber Security Testing Performed By Digital Bond
- Honeywell selects Tofino™ Modbus Read-only Firewall to Secure Critical Safety Systems
- Tofino to be used in Honeywell OneWireless Firewall
- Tofino™ Enforcer revolutionizes Modbus TCP/IP security
Videos and Presentations
- DigitalBond Podcast: January Edition of This Month In Control System Security
- Video: Securing Industry from Cyber Threats
- TV203: Tofino Modbus Enforcer LSM
- Modbus TCP Enforcer Deep Packet Inspection
- AusCERT 2011: Eric Byres demonstrates SCADA protection