Scribd Logo
Unggah

Selamat datang di Scribd!

  • Defense in Depth For Your Tricon Controller: Triconex Tofino Firewall

    Diunggah oleh

    DavideanP.Flores
    29 tayangan3 halaman
    Defense in depth foryour Tricon controllerTriconex Tofino Firewall

    Judul Asli

    ID#27_998-19867983_GMA-US_A4_WEB

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Defense in depth foryour Tricon controllerTriconex Tofino Firewall

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    29 tayangan3 halaman

    Defense in Depth For Your Tricon Controller: Triconex Tofino Firewall

    Diunggah oleh

    DavideanP.Flores
    Defense in depth foryour Tricon controllerTriconex Tofino Firewall

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 3

    Defense in depth for

    your Tricon controller


    Triconex Tofino Firewall

    Product at a glance Secure OPC


    The Triconex™ Tofino Firewall is the first true OPC Your Tricon controller is critical to the contin-
    ued safe operation of your plant. But the growing
    (OLE for Process Control) classic security solution
    complexity and connectivity of DCS control
    designed to maximize system robustness and
    systems, as well as their reliance on of-the-
    minimize vulnreabilities. It offers superior shelf PC and networking technology, bring with
    security over conventional firewall or tunneler them the potential to disrupt the operation of
    solutions and it is designed specifically for use the safety system due to excessive or improper
    with Tricon™ controllers right out of the box. network traffic. A multi-layered defense in
    Combined with the Tricon Communications depth strategy is recommended to isolate your
    Tricon from computer cyber threats, network
    Module (TCM) and inherent security features,
    device failures and human error.
    the Triconex Tofino Firewall creates the ideal
    defense-in depth solution for better safety The Triconex Tofino Firewall protects the Tricon
    integrated system reliability and security. Communications Module (TCM) from potential
    disruption due to abnormal or excessive net-
    work traffic. It permits only the specific types
    and rates of network communications that are
    required for correct system operation, and
    schneider-electric.com/processautomation | 2

    Defense in depth for


    your Triconex controller
    Triconex Tofino firewall

    prevents all other types of network traffic


    from reaching the TCM. This provides an
    additional layer of protection to your safety
    instrumented system, further enhancing the
    overall safety and reliability of your facility.
    Any security events, e.g., blocked network
    traffic, detected by the Triconex Tofino
    Firewall are logged internally on the device
    and saved for later review by operations or
    security personnel.

    Many control systems use Microsoft’s® OPC


    (OLE for Process Control) technology. The
    firewall protects the Tricon OPC server by
    tracking the OPC client data requests and Triconex Tofino Firewall
    protecting the Tricon
    dynamically opening only the minimum
    required ports to permit these data connec-
    tions to pass through. All other unnecessary
    • Tracks OPC (OLE for Process Control) client requests to Tricon OPC
    ports are blocked, resulting in significantly
    server and dynamically opens only the minimum required TCP ports
    enhanced security for the Tricon OPC server.
    in the Triconex Tofino Firewall for data connections.
    The Triconex Tofino Firewall is easy to • All traffic that is permitted through the Triconex Tofino Firewall is
    install. Simply apply DC power and connect rate-limited to prevent overload of the Tricon communications module.
    the device in-line in the network connection
    • All security events, including blocked network traffic, are logged
    to the Triconex communications module.
    on the appliance for subsequent analysis.
    The Triconex Tofino Firewall is pre-configured
    to work in most installations without changes. • Security event logs may be offloaded via USB storage device.
    If the TCM has been configured to use • Pre-configured — no configuration required for most
    nonstandard network ports, then the Tricon installations.
    firewall configuration may be easily
    • 10/100 BaseT network interfaces — direct connection to TCM
    modified to match the TCM configuration
    models 4351A, 4351B, and 4353.
    using the firewall configuration utility.
    • Plug and play installation — no changes required to external
    equipment, network design or network IP addresses.
    Features
    • Triconex Tofino Firewall permits only those
    types of network traffic required for Specifications
    correct system operation. All other Network Interfaces
    unnecessary traffic is blocked. • Two 10/100 Base T Ethernet twisted-pair interfaces — “Trusted”
    (closed padlock symbol) and “Untrusted” (open padlock symbol).
    schneider-electric.com/processautomation | 3

    Defense in depth for


    your Triconex controller
    Triconex Tofino firewall

    • “Trusted” network interface connects to • Dual power-fail indicator digital inputs (security event log
    10/100BaseT interface on Tricon 4351A, entry generated on state change)
    4351B and 4353 Communications Module.
    EMI Radiation and Immunity
    • “Untrusted” network interface connects to • EN 55022 Class A
    external control interface.
    • EN 61000-4-2, EN 61000-4-3
    • Network link speed and duplex auto-
    negotiated with link partner. Environmental
    • Operating temperature: -40° C to +70° C
    • Auto-MDX adapts to straight-through or
    cross-over connections. • Storage temperature: -40° C to +85° C
    • Relative humidity: 10%-90% ( non-condensing)
    Permitted network traffic
    Vibration and Shock
    • Tricon protocols: TSAA, TriStation, TMI,
    Downloader, Control (Time Sync), • IEC 60068-2-6: 1 g @ 20-500 Hz
    Peer-to-Peer • IEC 60068-2-27: 30 g for 11 ms shock
    • Modbus TCP (master and slave) • EN 61326: EMC Annex A
    • Simple network time protocol (SNTP) • EN 61010-1
    (Tricon client, external server)
    Mechanical
    • Network printer access (Tricon client to
    • Protection class: IP20
    external print server)
    • Mounting: 35 mm DIN rail
    • OPC (bidirectional)
    • Dimensions (mm): 42 W x 146 H x 138 D
    • ICMP ‘ping’ (echo request) —
    incoming only • Weight: 290 g
    • Address resolution protocol (ARP) Certifications
    • Incoming traffic rate limit: 5,000 packets • Class I, Div 2 hazardous environments
    per second • CE mark (EMC compatibility)
    • Port numbers are adjustable via Tricon- • MUSIC 2009-1 security certification (Foundation level)
    ex Tofino Firewall Configuration Utility to
    • Certified Modbus compliant by Modbus-IDA
    match any custom TCM configuration

    Power Notes
    • 9-32 VDC; 24 VDC nominal
    Each Triconex Tofino Firewall provides protection for a single
    • 170 mA typical, 350 mA max. at 24 VDC 10/100BaseT network interface. One Triconex Tofino Firewall is
    • Dual redundant power inputs; 24-12 AWG required for each TCM network interface to be protected.
    screw cage terminals

    Schneider Electric

    70 Mechanic Street
    Foxborough, MA 02035 USA
    +1 877 342 5173

    schneider-electric.com/processautomation

    © 2016 Schneider Electric. All Rights Reserved. Schneider Electric and Triconex, are trademarks and the property of Schneider Electric, its subsidiaries,
    and affiliated companies. All other trademarks are the property of their respective owners. May 2016 • 998-19867983_GMA-US_A4

    Anda mungkin juga menyukai