Tofino EtherNet/IP Enforcer LSM

Content Inspection for EtherNet/IP

  • Pre-emptive threat detection
  • Threat termination
  • Threat reporting

EtherNet/IP and CIP are excellent protocols for managing Industrial Control Systems (ICS). Unfortunately, they were never designed with security in mind. If an individual is allowed to read data from a controller, then chances are they can also shut down or reprogram the controller.

The Tofino EtherNet/IP Enforcer Loadable Security Module (LSM) is a content inspector for EtherNet/IP communications, checking every message against a list of ‘allowed’ objects and services. You can choose from pre-defined lists of common actions, such as Read-Only, or you can build your own custom list of objects and services. Any service that is not on the ‘allowed’ list, or any attempt to access an object that is not approved, is blocked and reported.

The Tofino EtherNet/IP Enforcer LSM makes sure that the only messages your control devices receive are approved commands from approved computers. Accidents involving remote programming are prevented and corrupted messages are blocked, making your control system safer and more reliable.

Summary

Saves You Money Through:

  • Improved system reliability and stability
  • Simplifying compliance to safety and security standards
  • Reduced down time and production losses
  • Lower maintenance costs

Features

  • Simple configuration using the Tofino Configurator’s graphical user interface
  • One-click setup for secure ‘read-only’ communications to controllers
  • Protocol ‘Sanity Check’ blocks any traffic not conforming to the ODVA standards
  • Supports multiple EtherNet/IP clients and servers
  • Control specialists can optionally define lists of allowed CIP objects and services
  • Automatically blocks and reports any traffic that does not match the rules
  • Secures all EtherNet/IP CIP Class 3 Explicit messaging

Applications

  • Mission critical automation systems
  • Protecting safety instrumentation systems
  • Managing PLC programming stations
  • Display-only HMI panels
  • Secure remote access to PLC data

Specifications

Supports Multiple Connections

Multiple client and server EtherNet/IP devices are supported with a unique set of inspection rules and options for each client/server connection

Default Filter Policy

Deny by default: any CIP object or service that is not on the ‘allowed’ list is automatically blocked and reported

User-Settable Options

The following options may be set on a per-connection basis:

  • Permitted message type (Read-Only Data, Read/Write Data, Any, Advanced)
  • Permitted CIP object class
  • Permitted CIP service for each class
  • Custom or vendor-specific objects and services
  • Sanity check enable/disable
  • TCP Reset on blocked traffic
  • EtherNet/IP debug reply on blocked traffic

Supported Message Types

All CIP class 3 explicit messages

Configuration Method

Simple configuration using the Tofino Configurator

Throughput

1000 packets per second with full content inspection

Operating Modes

All standard Tofino modes supported:

  • Test: all traffic allowed; alerts generated as per user rules
  • Operational: traffic filtered and alerts generated as per user rules

Security Alerts

Reports security alerts to a syslog server and to non-volatile memory on a Tofino Security Appliance

Tested Equipment

Tested for use with all Rockwell ControlLogix and Schneider PLCs

System Requirements

Ordering Information

Tofino™ EtherNet/IP Enforcer LSM: Part number 942 016-120

Additional information:

Tofino EtherNet/IP Enforcer LSM Datasheet