Tofino™ LSM - Loadable Security Modules

Loadable Security Modules - LSM's -  are firmware modules that are downloaded into the Tofino™ Security Appliance to implement the desired security features for each location in the control network.

Currently, there are five LSM's available for Tofino™:

OPC Enforcer LSM

• First-ever application of connection tracking technology to industrial protocols
• Programmable data connection delay period to shut down unused connections
• Supports multiple OPC clients and servers
• Manage all traffic on systems that use OPC DA, HDA, A&E, DX or XML-DA
• Secure data transfers to and from data historians and supervisory applications
• Combine with Tofino VPN LSM for secure remote OPC connections

Firewall LSM

• Implements traffic filtering for TCP, UDP and non-IP communications protocols 
• Advanced traffic filtering, such as rate filtering, via Byres-supplied special rules 
• One-to-one, one-to-many, and many-to-many addresses in rules 
• Implements unique Test mode to permit testing firewall rules without risk of blocking critical network traffic 
• Blocked traffic is reported to Tofino™ CMP via rate-limited exception heartbeats 
• Broadcast and multicast rules supported

Secure Asset Manager LSM

• Passive Asset Discovery detects network assets without active scanning or polling 
• Reports IP address, MAC address, network location of discovered assets 
• Matches asset OUI against CMP device database to assist user in identifying assets by vendor 
• Download list of discovered assets into CSV file for auditing and report generation 
• Assisted Rule Generation provides a 'wizard' to help users easily create new firewall rules from firewall exception heartbeats

MODBUS Enforcer™ Deep Packet Inspection LSM

• Advanced filtering and inspection of MODBUS traffic 
• Performs sanity check on MODBUS commands 
• Control systems engineer may specify permitted MODBUS function codes for each MODBUS connection 
• Control system engineer may specify permitted MODBUS register/coil address range or value for each permitted function code 
• World's first content inspection tool for industrial protocols 

Virtual Private Network (VPN) LSM

• Creates highly secure tunnels using Secure Sockets Layer (SSL) technology to protect control system integrity 
• Allows testing of the VPN tunnel without committing control traffic to it
• Interoperates seamlessly with other Tofino LSMs to provide fine grained VPN access and SCADA-capable firewall protection 
• Easy to deploy, test, and manage with drag and drop configuration interface 
• Supports legacy automation protocols

Event Logger LSM

• Provides triple redundancy by simultaneously recording security events to syslog servers, a Tofino CMP server, and local SA memory
• Protects event information even if communication links are interrupted
• Enables a Tofino SA to hold up to 20,000 security events and alarms in its memory
• Logs sent to a syslog server can be transported using UDP, TCP, or TLS protocols