Triconex Tofino firewall is a security appliance that protects the Tricon controller from potential disruption due to excess data traffic in the network. It allows only Triconex proprietary communications protocol messages and Modbus TCP and OPC DCOM open network messages, and prevents other types of messages from reaching the Tricon safety system.
In recent years, industrial vendors have adopted open communication protocols, such as Modbus TCP and OPC DCOM or “Classic” to integrate distributed control systems (DCS) and safety instrumented systems (SIS). Their ease of use and implementation makes these protocols widely accepted in most integrated communications. But as more control and safety systems are connected together in complex industrial networks, existing IT-implemented security mechanisms can be vulnerable to traffic overload and other security threats inherent of open communications.
Secure and reliable communications between safety and control systems, whether using OPC DCOM, Modbus TCP, TSAA, or TriStation, can now be realized by using a defense-in-depth strategy that combines the Triconex Tofino firewall and TriStation secured access.
The Triconex Tofino firewall offers a layer of security protection designed with the needs and skills of the security technician in mind. Today, requirements for tighter security demand effective means to protect critical systems. Commercial off-the-shelf products can only offer a certain level of security. Invensys brings you a solution that offers secure protection and integration without sacrificing performance.
- High level protection from unauthorized access over conventional firewall or tunneler solutions
- Defense-in-depth approach
- S99 compliance
- OPC DCOM immunities
- Unrivaled DCS/Triconex communications robustness and security
The combination of the Triconex TCM module with the Triconex Tofino firewall automatically addresses a wide variety of security issues by offering multiple layers of security protection:
- Tightly closed firewall that automatically tracks all the TCP ports assigned by OPC servers for Data Access (DA), Alarms & Events (A&E) connections and then dynamically opens those ports in the firewall only when needed and only between designated client/server pairs.
- Built-in protocol-sensing sanity checking, including OPC requests blocks any requests not conforming to the DCE/RPC standard, preventing many common malware attacks.
- Pre-defined anti-DoS (denial of service) filters manage traffic levels so that data storms cannot impact the communications integrity of the Triconex safety system.
- Read/Write access control features in the Tricon TCM module allow complete lockdown of what devices can read or write to the Tricon safety system.
- Designed to automatically interpret TriStation and works with Peer-Peer, TSAA Triconex-proprietary communication protocols as well as industry-proven communication protocols such as Modbus TCP and OPC Classic.