Industrial Ethernet Firewall - Hirschmann EAGLE20 Tofino
Designed for securing large networks with centralised managment, EAGLE20 Tofino is more than just a hardware firewall.
Comparison with EAGLE20
Both products operate on the firewall concept of being a gateway separating a 'secure' or 'internal' side from an 'insecure' or 'external' side.
EAGLE20 is a standalone hardware firewall featuring IP Routing and the unique firewall learning mode to simplify configuration. These firewall rules typically include MAC or IP address and TCP/UDP port filtering. Out of the box, EAGLE20 works in transparent mode offering 'stateleful inspection', meaning only traffic originating in the secure side is allowed through the gateway. See our other article for more details.
EAGLE20 Tofino is a Layer 2 device, however it conducts 'deep packet inspection' to check the contents of the datagrams againt firewall rules to provide absolute control over data flows. Out of the box, EAGLE20 Tofino passes all traffic, allowing it to be installed and configured insitu with the least disruption to the network. Another key difference is the system design. A typical EAGLE20 Tofino installation includes the following:
- EAGLE20 Tofino 'Appliance' - the hardware
- EAGLE20 Tofino Loadable Security Modules (LSM) which provide the required functionality (see below).
- EAGLE20 Tofino Central management Platform - A software tool for system wide configuration of the appliances
Stuxnet demonstrated that the old 'security by obscurity' strategy needed a rethink. EAGLE20 or EAGLE20 Tofino by themselves will not quarantine a system from every possible attack. They do however form an important part of the 'defence in depth' paradigm of combining online realtime packet inspections with sound practices such as secured network accessibility and procedures surrounding things as commonplace as USB sticks.
By dividing networks into cells with gateway points, the installation of secure gateways like the EAGLE20 range provides the ability to limit traffic entering the cell, and constraining a problem such as a Denial of Service attack or even an inadvertent broadcast storm to small sections of the network.
Simple to Install
As EAGLE20 Tofino operates transparently and out of the box will pass all traffic, (it doesn't even have an IP address!), it can be quickly installed as a gateway device in seconds with minimal disruption to the network. The management software can then locate the device, and apply the chosen LSMs from the available stock as purchased. Firewall rules are then applied, with a number of automation vendor specific templates (Rockwell, Siemens, Schneider etc) available to suit any of a large number of predefined applications specific to the relevant vendor.
Loadable Security Modules
The following LSMs are available:
- Eagle 20 Tofino Firewall LSM Directs and controls industrial network traffic
- Eagle 20 Tofino Secure Asset Management LSM Tracks and identifies network devices
- Eagle 20 Tofino Modbus TCP Enforcer LSM Content inspection for Modbus
- Eagle 20 Tofino VPN Client LSM
- Eagle 20 Tofino VPN Server LSM
- Eagle 20 Tofino VPN PC License secures remote SCADA communication
- Eagle 20 Tofino Event Logger LSM logs security events and alarms
Hirschmann Industrial Ethernet - For Mission Critical Applications
Fast Ethernet Lite-Managed Industrial Switches - IES-2050Send Request
Wireless Indoor Access Point | SmartPath EnterpriseSend Request
New Line of HMIs for LabVIEWSend Request
Network Design & SupportSend Request
Moxa Rackmount Industrial Ethernet SwitchesSend Request
Ethernet Solutions | Rolling Stock Compliant | ORingSend Request