Tofino Modbus TCP Enforcer LSM

Content Inspector for Modbus

  • Pre-emptive threat detection
  • Threat termination
  • Threat reporting

Tofino Modbus TCP Enforcer diagram - provide deep packet inspection for Modbus security.

Did you know that any device with a network connection to a Modbus controller can potentially change any of the controller’s I/O points or register values? Many controllers can even be reset, disabled, or loaded with new logic or firmware code.

The Tofino Modbus TCP Enforcer Loadable Security Module (LSM) is a content inspector for Modbus communications, checking every Modbus command and response against a list of ‘allowed’ commands defined by your control engineers. Any command that is not on the ‘allowed’ list, or any attempt to access a register or coil that is outside the allowed range, is blocked and reported.

The Tofino Modbus TCP Enforcer LSM makes sure that the only Modbus commands your control devices receive are approved commands from approved computers. Accidents involving remote programming are prevented and corrupted messages are blocked, making your control system safer and more reliable.

Summary

Saves You Money Through:

  • Simplifying compliance to safety and security standards
  • Reduced down time and production losses
  • Lower maintenance costs
  • Improved system reliability and stability

Features

  • First-ever application of deep packet inspection technology for industrial protocols
  • Control specialists defines list of allowed Modbus commands, registers and coils
  • Automatically blocks and reports any traffic that does not match the rules
  • Protocol ‘Sanity Check’ blocks any traffic not conforming to the Modbus standard
  • Supports multiple master and slave devices
  • Simple configuration using the Tofino Configurator grahpical user interface
  • Certified Modbus compliant by Modbus-IDA

Applications

  • Oil & gas custody transfer
  • Safety instrumentation systems
  • Managing PLC programming stations
  • Display-only HMI panels
  • Partner access to telemetry data

Specifications

Supports Multiple Connections

Multiple master and slave Modbus devices are supported, with a unique set of inspection rules and options for each master/slave connection

Default Filter Policy

Deny by default: any Modbus function code, or register or coil address, that is not on the ‘allowed’ list is automatically blocked and reported

Modbus Function Codes Supports functions 1-8, 11-17, 20-24, 40, 42, 43, 48, 66, 67, 91, 100, 125, 126

User-Settable Options

The following options may be set on a per-connection basis:

  • Permitted Modbus function codes
  • Permitted register or coil address range
  • Sanity check enable/disable
  • State tracking enable/disable
  • TCP Reset on blocked traffic (utilizing TCP transport protocol)
  • Modbus exception reply on blocked traffic

Transport Protocols

Both Modbus/TCP and Modbus/UDP supported

Configuration Method Simple configuration using the Tofino Configurator
Throughput 1000 packets per second with full content inspection

Operating Modes

All standard Tofino modes supported:

  • Test: all traffic allowed; alerts generated as per user rules
  • Operational: traffic filtered and alerts generated as per user rules

Security Event Logging ?

Configure Tofino Security Appliances to report security alerts simultaneously to remote syslog servers and local non-volatile memory for later retrieval

Certifications

Certified Modbus-compliant by Modbus-IDA

System Requirements

Ordering Information

Tofino™ Modbus TCP LSM:Part number 942 016-112

Additional information:

Downloadable PDF Data sheet for the Modbus TCP Enforcer - describes features and benefits for modbus securityTofino Modbus TCP Enforcer Data Sheet