The presentation discusses the evaluation of the Tofino Xenon case, a firewall designed to protect industrial control systems (ICS) from cyber threats. The evaluation aims to determine the effectiveness of the equipment in protecting ICS systems and to identify any vulnerabilities within the firewall itself.
- ICS security is a growing concern due to the increasing threat of cyber attacks on critical systems
- Dedicated firewalls like Tofino Xenon have been developed to address this problem by filtering industrial control protocols
- The evaluation methodology involved reverse engineering the equipment, obtaining root shell on the appliance, and analyzing the firewall internals and attack surface
- The Tofino Xenon firewall is designed to be transparent and have minimal impact on existing systems
- The filtering is done at two levels: classic network parameters and ICS-oriented content inspection
- The presentation identifies vulnerabilities in the firewall (CVE-2017-11400, CVE-2017-11401, and CVE-2017-11402) and discusses their impact and potential attack scenarios
- The evaluation results were responsibly disclosed to the vendor who issued a framework to fix the vulnerabilities
ICS security is a serious concern as malfunctions of these systems can have significant impacts on people working in the fields and the downtime costs are very high. However, stopping the system to apply patches is not always feasible. Dedicated firewalls like Tofino Xenon have been developed to address this dilemma by filtering network packets to protect vulnerable ICS systems. The evaluation of Tofino Xenon involved reverse engineering the equipment and analyzing its attack surface to identify vulnerabilities. The results were responsibly disclosed to the vendor who issued a framework to fix the vulnerabilities.