8/8/2019 Eagle Tofino

1/4

New Product Bulletin

NP 310

Belden Introduces theHirschmann EAGLE TofnoLine o Switches

The Ultimate Zone Level

Security Switch for your control

network

You may not be attacked by a serious hacker,but conventional control networks are extremelyvulnerable to simple day to day security issues.Poor network segmentation, unprotected pointso entry into the network, sot targets such asunpatched PCs and vulnerable PLCs, and human

error can result in signicant production lossesand even saety issues.

The Tono Industrial Security Solution is adistributed security solution that quickly andcost-eectively implements cyber securityprotection within your control network.

Tonos fexible architecture allows you to createsecurity zones - Zone Level Security - throughoutyour control network to protect critical systemcomponents. Tono helps you meet and exceedNERC CIP requirements and ANSI/ISA-99Standards. And best o all, it helps you avoidexpensive down time and achieve optimalperormance in your plant.

EAGLE Tofno Key Benefts

No IT knowledge required

Enhanced security and saety

- Extend Cyber Security down into the

control network

Simplied regulatory and standardscompliance

- FERC / NERC CIP

- ANSI / ISA-99

- IEC 62443

Protect Your Control System

Against Network Problems

and Cyber Threats

8/8/2019 Eagle Tofino

2/42

Design your security system inour easy steps

Step One:

Determine where to place Tofno Security

Determine where Tono Security Appliancesneed to be placed to create Zone LevelSecurity or the devices in your network.

Note: the ANSI/ISA-99 Standards recommendcontaining communication in control sub-systems known as zones.

Step Two:

Determine which Tofno LSMs are requiredto secure each hardware location

Do you require radar sweeping your networkto track every existing and incoming devicecommunicating through a specic TonoSecurity Appliance? Then load the Tono SecureAsset Management LSM.

Do you require a trac control copor industrial networks checking allcommunications against a list o trac rulesand blocking and reporting trac that does not

match the rules? Then load the Tono StateulFirewall Module.

Do you require a border guard inspectingevery Modbus command and response, blockingand reporting unction codes or registeraddresses not on the allowed list? Thenload the Tono Modbus TCP Deep PacketInspection LSM.

Do you require secure communicationstunnels over your corporate network or theInternet? Then load the Tono VPN Client andServer LSMs.

Step Three:

Choose the best server or workstation orthe Tofno Central Management Platorm

The Tono Central Management Platormsotware enables conguration, managementand monitoring o all your Tono SecurityAppliances rom one workstation.

Step Four:

For product and ordering details, go towww.hirschmann.com

Central Management Platorm and Loadable Security Modules

EAGLE TofnoCentral Management Platorm

Confgure and manage security or your

entire control network rom one location

Traditional security devices orce you tocongure them one at a time. This quicklybecomes un-manageable as the number odevices increases. Whats worse, this device-centric view provides no way to see what ishappening at the system level, so diagnosingand correcting security issues is time-

consuming, error-prone, and expensive.The Tono Central Management Platorm (CMP)sotware enables conguration, managementand monitoring o all your Tono SecurityAppliances rom one workstation.

Using the Tono CMP you can quickly createa model o your entire control network. Visualdrag-and-drop editing tools help you create,edit, and test your Tono conguration. And,ater you commission your security system, theTono CMP lets you see the status o the entiresystem at a glance and respond to cyber threatsin a coordinated manner.

Saves you money through:

Increased network availability

Rapid network security deployment

Fast ault nding

Lower training and stang costs

Features

Congure, manage and monitor all TonoSecurity Appliances rom one workstation

Built-in Network Editor to quickly modelyour control network

Visual drag-and-drop editors or quick andeasy conguration o security rules

Pre-dened templates or more than 50industrial communication protocols and over25 amilies o industrial controllers

Applications

Process control

SCADA systems

Discrete control

EAGLE Tofno Firewall

Take control o your network trafc

The vast majority o control networks have littleor no isolation between dierent subsystems.I a device misconguration, hardware ailure,or virus causes a problem in one part o thenetwork, it can spread throughout the entirenetwork in seconds and bring your whole plantdown. Even redundant backup systems can ailsimultaneously i their network connections are

not protected.The Tono Firewall LSM is a trac controlcop or industrial networks, checking allcommunications on your control networkagainst a list o trac rules dened by yourcontrol engineers. Any communication that isnot on the allowed list will be blocked andreported by the Tono Firewall.

Trac rules are created using terms andconcepts that are already amiliar to controlspecialists. And, the unique test mode oTono lets you test your rules without any riskto plant operation.

Saves you money through:

Simpliying compliance to saety and securitystandards

Reduced down time and production losses

Improved system reliability and stability

Features

Trac rules are dened by your controlengineer, speciying which devices maycommunicate using what protocols

Rule denition is simple using a graphicaldrag-and-drop editor

Trac that does not match the rules isautomatically blocked and reported

Over 50 pre-dened IT and industrialcommunication protocols

Over 25 pre-dened controller templates

Pre-dened special rules or advancedtrac ltering and vulnerability protection

Applications

Isolate critical devices rom threat sources

Separate control network into securityzones, restricting communications betweenzones

Protect controllers with known vulnerabilities

8/8/2019 Eagle Tofino

3/4

EAGLE TofnoSecure Asset Management

Securely track network devices and easily

create frewall rules

Beore you can protect a control system,you need to know exactly what devices areon the network and how they communicatewith each other. Seems obvious - but withtodays complex systems, getting completeand accurate inormation about the installeddevices and protocols can consume a huge

amount o eort.Like radar, Tonos Secure Asset Management(SAM) and Loadable Security Module (LSM)tracks every device that communicates throughyour Tono Security Appliance. However, itdoes it without using traditional scanningtechniques. Tono SAM identies devicesso you can easily create trac rules usingdenitions rom the Tono CMPs database. Iyou need to modiy trac rules during testing,Tono SAMs rule wizard guides you using datagathered rom Tonos security alerts.

Saves you money through:

Increased reliability due to improved security

Simplied regulatory and security standards

Reduced time and eort to get up-to-dateinventory lists

Lower engineering and IT costs due to ease orewall rule creation

Reduced commissioning time

Features

Locates network devices without any processdisruption using Passive Asset Discovery

Identies equipment and suggests rewallrules using a built-in control device database

Guides the creation o rewall rules usingblocked trac reports and the AssistedRule Generation wizard

Reports newly-discovered assets as securityalerts

Provides current and detailed inventory lists

Applications

Tono installation, deployment and testing

ISA-99 and NERC compliance via assetinventory lists and continuous monitoring

Detection o non-approved devices (e.g.laptops) on the control network

EAGLE TofnoSecure Asset Management

Advanced cyber threat and saety protection

or your Modbus devices

Did you know that any device with a networkconnection to a Modbus controller canpotentially change any o the controllers I/Opoints or register values? Many controllers caneven be reset, disabled, or loaded with newlogic or rmware.

The Tono Modbus TCP Enorcer is a contentinspector or Modbus communications,checking every Modbus command and responseagainst a list o allowed commands dened byyour control engineers.

Saves you money through:

Simpliying compliance to saety and securitystandards

Reduced down time and production losses

Lower maintenance costs

Improved system reliability and stability

Features

First-ever application o content inspectiontechnology to industrial protocols

Control specialist denes list o allowedModbus commands, registers and coils

Automatically blocks and reports any tracthat does not match your rules

Protocol Sanity Check blocks any trac notconorming to the Modbus standard

Supports multiple master and slave devices

Simple conguration and monitoring usingthe Tono CMP

Certied Modbus compliant by Modbus-IDA

Applications

Oil & Gas custody transer

Saety instrumentation systems

Managing PLC programming stations

Display-only HMI panels

Partner access to telemetry data

Quickly and saely identiy network devicesand dene trac rules

EAGLE Tofno VPN Server and Client

A VPN system that is easy to deploy and doe

not risk industrial processes

Industrial acilities oten want to utilizehigh-speed Internet connectivity in order tointegrate control systems and/or people rommultiple locations. How can you take advantageo this cost-eective technology withoutrisking viruses or inappropriate access to yourcontrol and SCADA systems?

The Tono VPN solution creates secure tunnelso communication over untrusted networks,such as the Internet or corporate businessnetworks. Unlike other VPNs, the Tono VPN iseasy to deploy, test, and manage. This ensuresthat good security is not compromised becauseo conguration errors.

The Tono VPN also supports legacy automationdevices and protocols, and is industriallyhardened. Best o all, it can be combined withother Tono LSMs, such as the Tono FirewallLSM or the Tono Modbus TCP Enorcer LSM, toprovide a comprehensive security solution.

8/8/2019 Eagle Tofino

4/4

www.hirschmann-usa.com

Copyright 2009 Belden, Inc.

Printed in U.S.A

NP 310-EAGLE Tofno 122009

EAGLE20 Tofno Security Appliance

Protect your control system against network

problems and cyber threats

The electrical, environmental and operationalrequirements o SCADA and control systemsmake IT-ocused security solutions unsuitableor use in industrial networks. As a result, thevast majority o these systems are operatingwith little or no protection against accidentalor malicious cyber attacks. Even a singleinected USB key can shut down an entireplant.

The EAGLE20 Tono Security Applianceprovides leading-edge Zone Level Security -

tailored protection or groups o PLCs, DCSs,RTUs and HMIs, as recommended in ANSI/ISA-99 Standards. Tono can be installed andimplemented in a live network with no specialtraining, no pre-conguration, and mostimportantly, with no system downtime.

Tono is designed rom the ground up with arugged environment, sta skills and needs oindustry in mind, and it protects better andis easier to install than IT rewalls and othersecurity products.

EAGLE20 Tofno Security Appliance

Central Management Platorm

Order Inormation

Designation Part No. Product Description

EAGLE Tofno Central Management Platorm 943 987-900 Central management platorm or EAGLE Tofno

EAGLE Tofno Firewall LSM 943 987-910 Firewall Loadable Security Module or EAGLE Tofno

EAGLE Tofno Security Asset Management LSM 943 987-911 Security Asset Management Loadable Security Module or EAGLE Tofno

EAGLE Tofno Modbus TCP Enorcer LSM 943 987-912 Modbus TCP Enorcer Loadable Security Module or EAGLE Tofno

EAGLE Tofno VPN Serve r LSM 94 3 9 87-913 V ir tual Pr ivat e Net work Serve r Loadab le Secur it y Modu le or EAGLE Tofno

EAGLE Tofno VPN Cl ien t LSM 94 3 9 87-914 V ir tual Pr ivat e Net work Cl ient Loadable Secur it y Module or EAGLE Tofno

EAGLE Tofno Even t Logge r LSM 94 3 9 87-915 Even t Logge r Loadab le Secur it y Module or EAGLE Tofno

EAGLE Tofno VPN PC Cl ient License 943 987-916 Virtual Pr ivate Network PC Cl ient license or EAGLE Tofno

EAGLE20 Tofno TX/TX 943 987-501 EAGLE20 Tofno: Untrusted port - TX, trusted port - TX

EAGLE20 Tofno TX/MM 943 987-502 EAGLE20 Tofno: Untrusted port - TX, trusted port - MM

EAGLE20 Tofno MM/TX 943 987-504 EAGLE20 Tofno: Untrusted port - MM, trusted port - TX

EAGLE20 Tofno MM/MM 943 987-505 EAGLE20 Tofno: Untrusted port - MM, trusted port - MM

Always the Right Solution

Belden is the worlds leading supplier osignal transmission solutions includingcable, connectivity and active componentsor mission-critical applications rangingrom industrial automation to data centers,broadcast studios, and aerospace. Belden oersan extensive and highly specialized productportolio o signal transmission solutions orinormation, control and eld levels, whichthe company produces and markets under itsproprietary Belden, Hirschmann and LumbergAutomation brands.

We welcome the opportunity to speak withyou about our extensive industry portolio andBeldens worldwide service. Further inormationand technical data are available online atwww.hirschmann-usa.com

You can also contact our sales team directly at1-717-217-2299.

4