Byres’ Tofino Field Security Device
As a friend and admirer of Eric Byres, it was great to see his Tofino Field Security Device officially introduced to the market at ISA Expo. MTL, his manufacturing and distribution partner, had Tofino and the management system at their booth. I had a chance to get a full demo and dig into some of the more challenging management issues. Here is what I learned:
- Tofino has a sizable number units out in a beta program with oil and gas companies.
- The list price for Tofino is $1,000 for the platform and $200 for the firewall software module. Other software modules, such as VPN and IDS, will be released in the future. The list price for the management application is $3,500.
- MTL is taking orders for shipment in November.
- The Tofino unit has redundant power supplies.
- An interesting feature is a button on the front panel will put the unit in passive mode for emergency situations. This is one feature I wanted to learn more about.
What I found most interesting and positive was the unique method of creating the firewall rulebase. The typical way of doing this to write hierarchical rules with source IP / port, destination IP/port and action. Tofino has a different approach. You create a device and configure the ports required for that device. For example, a Modicon Quantum PLC could be defined with Modbus, Telnet and FTP, and in fact Tofino has a number of pre-defined controllers.
Then to create the ruleset, you place one or more defined devices behind the appropriate Tofino in the management GUI. This seems to be more intuitive and does not require an IT security approach. It simply requires placing units where they are located in the network. Very cool.
Author: Dale Peterson
Posted: October 4th, 2007 under Field Communication, Firewall / Perimeter.
Comments: 6
Comments
Comment from Julian L. Rrushi
Time: October 4, 2007, 5:32 pm
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
As an admirer of Eric Byres I can say that I’m not surprised that he comes with novel approaches to security of control systems. That said, in my opinion it’s a pity that he left academia, as he could have provided a strong contribution to the education of future control system engineers.
Thanks,
Julian L. Tod Rrushi
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFHBPk83JhHvEZ9fsERAiggAJ4hN2Y9CokgAlikYpQEsTw/BbHl8QCg5nlX
4rBi5DkzR8bpETI3dP0uEHY=
=pe/r
—–END PGP SIGNATURE—–
Comment from Jake Brodsky
Time: October 5, 2007, 9:50 am
Dale, was that bypass button just a button, or could it be ordred with a keyswitch instead? It sure sounds like a great idea.
Comment from Dale Peterson
Time: October 5, 2007, 10:01 am
It was a recessed, small button. It is an interesting feature, but I would want to control whether the button was active and notification that the button was pushed and Tofino bypassed.
Ideally, you would be able to control who could push the button which I think is where you are heading with the keyswitch comment. A keyswitch would mirror management access in a lot of controllers.
I was going to ask him about this in a recorded interview, but he was swamped with the release and potential paying customers.
Comment from Ralph Langner
Time: October 5, 2007, 10:20 am
Assuming that Eric will have a chance to read this… Rather than using a keyswitch (access to the unit could probably be secured by some other means) I suggest to think about a three-way flip switch: bypass, normal operation, all blocked. We see demand for the all blocked mode for remote access situations (the process engineer sometimes wants to make sure that remote access is not possible) and for emergency situations (malware infection, for example).
Comment from Ron Southworth
Time: October 6, 2007, 6:29 pm
I am glad to hear the product is released and look forward to seeing the appliance in operation. I think the key switch fits in with the kiss approach behind the box, Jake as always on the money with practicality.
Comment from Eric Byres
Time: October 20, 2007, 7:11 pm
Hi All
The Tofino Mode button that Dale speaks of has automatic alarm notification when the button is pushed and the Tofino is shifted to test mode. This can be over ridden by administrator at the console management platform. MTL are also producing a button-less version. We haven’t created a keyswitch version yet, but if we get requests we will - there is lots of space on the board where the button sits.
I really like the idea of three-way key switch with bypass, normal operation and all blocked. It is easy to do all blocked form the console but all blocked from the field is a cool idea as well.
FYI the bypass doesn’t shut the firewall off - it still processes and logs all traffic and will alarm if packets that should be dropped are detected.
Write a comment