Tofino VPN module for secure remote SCADA communication
The Tofino Virtual Private Network (VPN) product line, part of the Tofino Industrial Security Solution, extends cybersecurity beyond plant walls. The Tofino VPN Server LSM, the Tofino VPN Client LSM, and the Tofino VPN Client License are designed specifically to be simple to use and to securely connect facilities and people together over untrusted networks, such as the Internet. The products will be available as of July 31, 2009.
Security for the Tofino VPN is provided by Secure Sockets Layer (SSL) – a proven technology that is the foundation of all web ecommerce and is widely considered to be less complex to configure than other VPN technologies. Deployment is completed centrally using the Tofino Central Management Platform (CMP), and does not require any changes to existing control system network design or addressing. Handling of security components occurs behind the scenes, making setup a simple drag-n-drop process. Like other Tofino products, the Tofino VPN modules can also be operated in “test” mode before they are activated. All of these features make the setup of the Tofino VPN easy, ensuring that neither industrial security nor industrial reliability are compromised by complex configuration errors.
Tthe Tofino VPN solution integrates seamlessly with the Tofino Firewall LSM and the Tofino Modbus TCP Enforcer LSM. This close integration makes certain that only “permitted” messages are distributed, and not potentially dangerous transmissions such as a virus originating from a remote PC, or a user sending inappropriate programming commands.
Uses of the Tofino VPN include monitoring and controlling remote sites from a central location, providing secure access to control systems for remote personnel, securing communications between critical controllers, allowing legacy non-IP control traffic to travel over IP networks. The Tofino VPN LSMs create secure tunnels for communications between Tofino Security Appliances (SA)Tofino SAs and PCs, and Tofino SAs and supported third-party devices.