Application Notes

Example Tofino™ Security Solution Applications 2010

This application note contains a partial listing of the industries and applications where the Tofino Industrial Security Solution is deployed. If you do not see your application or control system listed, please feel free to contact us.


Tofino™ Security Appliance Firmware Update Process

The Tofino Security Appliance is a self-contained microprocessor-based device that provides firewall, VPN, asset management, event logging and other security services in control and automation networks. Its functionality is determined by firmware stored in non-volatile memory inside the appliance.

As part of the ongoing development and enhancement of the product, Byres Security periodically releases firmware updates that may be installed in the appliance using the Tofino Central Management Platform (CMP) software.

Securing Control Networks with the Tofino™ VPN

Version 1.4 of the Tofino Industrial Security Solution introduced a new set of Tofino Loadable Security Modules (LSMs) that enable the creation of Virtual Private Network (VPN) connections in control networks. The Tofino VPN is designed specifically for use within an industrial environment, so it has some unique features tailored for use within SCADA and control systems:

Applying Traffic Rate Limits with Special Rules

The Tofino Central Management Platform (CMP) software provides visual drag-and-drop editors that permit the control systems engineer to create rules defining which devices on the control network are allowed to communicate with each other, and what protocols they are permitted to use. Another type of pre-defined rule, called Special Rules, allow the Tofino Security Appliance (SA) to implement more advanced filtering rules that cannot be expressed visually. This application note explores several special rules that implement traffic rate limiting.

Configuring Rules for the Lantronix Discovery Protocol

There are many unusual protocols in the industrial world that require special handling to be allowed through a firewall. One such protocol is the Lantronix Discovery Protocol. This application note shows how to configure a set of firewall rules for the Tofino Firewall to allow the discovery request and reply traffic for the Lantronix line of serial/Ethernet converters.


Defense in Depth Protection for Honeywell Experion

As Distributed Control System (DCS) architectures integrate more IT-based technologies (such as Ethernet and Windows), it is important to implement a sound security strategy. This application note describes how Honeywell Process Solutions uses the Tofino Security Appliance (SA) to protect a system that is being migrated from an older TDC2000 DCS to modern Ethernet Experion™ PKS system.