Hirschmann Tofino 942103999 Xenon Security Appliance Configurable Security Firewall

The electrical, environmental, and operational requirements of SCADA and process control systems can make traditional IT-focused security solutions unsuitable for industrial networks. As a result, many critical systems operate with little protection against accidental or malicious cyber events. Entire plants have been shut down by an infected USB key or a misconfigured network device.

The Tofino Xenon Security Appliance (Tofino SA) is ideal for control professionals because it is a Plug-n-Protect product, designed to be installed in a live network with no pre-configuration, no network changes, and no plant downtime. It provides a simple and cost-effective way to create zones of security tailored protection for groups of PLCs, DCS, RTUs, IEDs, and HMIs as recommended by ISA/IEC-62443 Standards.

Tofino is designed with the environments, staff skills, and needs of industry in mind. It protects better and is easier to install than IT firewalls and other security products.

Summary

Saves You Money Through:

Improved system reliability and stability
Reduced down time and production losses
Lower maintenance costs
Simplified regulatory and security standards compliance
Features

Plug-n-Protect installation requires no pre-configuration, no network changes, and no disruption to the control system
Simple configuration over the network using the free Tofino Configurator software
Unique 'Test' mode allows firewall testing with no risk to your operation
Loadable Service Modules (LSMs) pre-installed at factory or purchased separately
Compatible with all DCS, PLC, SCADA, networking, and software products
Rugged hardware design for years of reliable service
Applications

Secure networks with security zones as per NERC, ANSI/ISA, and IEC standards
Protect connections to partner networks and wireless networks Improve
SCADA and process control network reliability and performance

Specifications

Configuration Method

Network: Tofino Configurator uses secure communications to configure the Tofino Xenon security appliances
Manual: encrypted configuration files may be saved on a USB storage device and loaded into the Tofino Xenon security appliance via a secure USB port
Operating Modes

Test: all traffic allowed; alerts generated as per user rules
Operational: traffic filtered and alerts generated as per user rules
The operating mode is controlled remotely from the free Tofino Configurator software.

Firewall

Stateful layer 2, 3, and 4 filtering
Deep Packet Inspection (DPI) for SCADA and ICS protocols depending on Loadable Security Modules (LSMs) purchased
Audit Log

Audit capabilities for tracking configuration changes

Security Alerts

Simultaneous event logging to a remote syslog server and local nonvolatile memory for later download via network or USB storage device

Diagnostics

Download to the Tofino Configurator via the network or save locally to a USB storage device

Status Indicators and Controls Status indicators:
'Power', 'Fault', 'Mode', 'Save/Load', 'Reset'
Traffic indicators: link status, speed, and activity for each Ethernet port
Pushbutton loads configuration from encrypted files or saves diagnostics to USB storage device
System Requirements

Tofino Configurator
Loadable Security Modules (LSM) to implement the desired security features
Operating temperature: 0°C to +60°C or -40°C to +70°C (dependent on device variant)
Storage/transport temperature: -40°C to +85°C
Relative humidity: 10% - 95% (non-condensing)
Certifications

Declaration of Conformity: CE, FCC, EN 61131, C-TICK, EN 60950
Safety of Industrial Control Equipment: cUL508 (dependent on device variant)
Hazardous Locations: ISA- 12.12. -01 Class 1 Div. 2 Haz. Loc, ATEX-95 Category 3G (Zone 2) (dependent on device variant)
Railway (norm): EN 50121-4 (dependent on device variant)
Substation: IEC 61850-3, IEEE 1613 (dependent on device variant)
Mechanical

Protection Class: IP20
Mounting: 35mm DIN rail
Dimensions (mm): 60W x 145H x 125D
Weight: 660g