-- MIB module extracted from ITU-T J.191 (03/2004)
CABH-SEC-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
Unsigned32,
BITS,
OBJECT-TYPE FROM SNMPv2-SMI
TruthValue,
DisplayString,
TimeStamp FROM SNMPv2-TC
OBJECT-GROUP,
MODULE-COMPLIANCE FROM SNMPv2-CONF
InetAddressIPv4 FROM INET-ADDRESS-MIB
SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC2571
X509Certificate FROM DOCS-BPI2-MIB
clabProjCableHome FROM CLAB-DEF-MIB;
--==========================================================================
--
-- History:
--
-- Date Modified by Reason
--
--
--==========================================================================
cabhSecMib MODULE-IDENTITY
LAST-UPDATED "0209200000Z" --September 20, 2002
ORGANIZATION "CableLabs Broadband Access Department"
CONTACT-INFO
"Kevin Luehrs
Postal: Cable Television Laboratories, Inc.
400 Centennial Parkway
Louisville, Colorado 80027-1266
U.S.A.
Phone: +1 303-661-9100
Fax: +1 303-661-9199
E-mail: k.luehrs@cablelabs.com"
DESCRIPTION
"This MIB module supplies the basic management objects
for the Security Portal Services."
::= { clabProjCableHome 2 }
-- Textual conventions
cabhSecFwObjects OBJECT IDENTIFIER ::= { cabhSecMib 1 }
cabhSecFwBase OBJECT IDENTIFIER ::= { cabhSecFwObjects 1 }
cabhSecFwLogCtl OBJECT IDENTIFIER ::= { cabhSecFwObjects 2 }
cabhSecCertObjects OBJECT IDENTIFIER ::= { cabhSecMib 2 }
--
-- The following group describes the base objects in the Cable Home
-- Firewall.
--
cabhSecFwPolicyFileEnable OBJECT-TYPE
SYNTAX INTEGER {
enable (1),
disable (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This parameter indicates whether or not to enable the firewall
functionality."
DEFVAL {enable}
::= { cabhSecFwBase 1 }
cabhSecFwPolicyFileURL OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object contains the name and IP address of the policy rule set
file ina TFTP URL format. Once this object has been updated, it will
trigger the file download."
::= { cabhSecFwBase 2 }
cabhSecFwPolicyFileHash OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(20))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Hash of the contents of the rules set file, calculated and sent to the
PS prior to sending the rules set file. For the SHA-1 authentication
algorithm the length of the hash is 160 bits. This hash value is
encoded in binary format."
::= { cabhSecFwBase 3 }
cabhSecFwPolicyFileOperStatus OBJECT-TYPE
SYNTAX INTEGER {
inProgress(1),
completeFromProvisioning(2),
completeFromMgt(3),
failed(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"InProgress(1) indicates that a TFTP download is underway,
either as a result of a version mismatch at provisioning
or as a result of a upgradeFromMgt request.
CompleteFromProvisioning(2) indicates that the last
software upgrade was a result of version mismatch at
provisioning. CompleteFromMgt(3) indicates that the last
software upgrade was a result of setting
docsDevSwAdminStatus to upgradeFromMgt.
Failed(4) indicates that the last attempted download
failed, ordinarily due to TFTP timeout."
::= { cabhSecFwBase 4 }
cabhSecFwPolicyFileCurrentVersion OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The rule set version currently operating in the PS device.
This object should be in the syntax used by the individual
vendor to identify software versions. Any PS element MUST
return a string descriptive of the current rule set file load.
If this is not applicable, this object MUST contain an empty
string."
::= { cabhSecFwBase 5 }
--
-- Firewall log parameters
--
cabhSecFwEventType1Enable OBJECT-TYPE
SYNTAX INTEGER {
enable (1), -- log event
disable (2) -- do not log event
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object enables or disables logging of type 1 firewall event
messages. Type 1 event
messages report attempts from both private and public clients to traverse
the
firewall that violate the Security Policy."
DEFVAL { disable }
::= { cabhSecFwLogCtl 1 }
cabhSecFwEventType2Enable OBJECT-TYPE
SYNTAX INTEGER {
enable (1), -- log event
disable (2) -- do not log event
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object enables or disables logging of type 2 firewall event
messages. Type 2 event messages report identified Denial of Service attack
attempts."
DEFVAL { disable }
::= { cabhSecFwLogCtl 2 }
cabhSecFwEventType3Enable OBJECT-TYPE
SYNTAX INTEGER {
enable (1), -- log event
disable (2) -- do not log event
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enables or disables logging of type 3 firewall event messages. Type 3 event
messages report changes made to the following firewall management
parameters: cabhSecFwPolicyFileURL, cabhSecFwPolicyFileCurrentVersion,
cabhSecFwPolicyFileEnable"
DEFVAL { disable }
::= { cabhSecFwLogCtl 3 }
cabhSecFwEventAttackAlertThreshold OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If the number of type 1 or 2 hacker attacks exceeds this
threshold
in the period define by cabhSecFwEventAttackAlertPeriod, a
firewall
message event MUST be logged with priority level 4."
DEFVAL { 65535 }
::= { cabhSecFwLogCtl 4 }
cabhSecFwEventAttackAlertPeriod OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the period to be used (in hours) for the
cabhSecFwEventAttackAlertThreshold. This MIB variable should always keep
track of the last x hours of events meaning that if the variable is set
to track events for 10 hours then when the 11th hour is reached, the 1st
hour of events is deleted from the tracking log. A default value is set
to zero, meaning zero time, so that this MIB variable will not track any
events unless configured."
DEFVAL {0}
::= { cabhSecFwLogCtl 5 }
cabhSecCertPsCert OBJECT-TYPE
SYNTAX X509Certificate
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The X509 DER-encoded PS certificate."
REFERENCE
" Specification
Section 11.3 Requirements (security requirements)"
::= { cabhSecCertObjects 1 }
--
-- notification group is for future extension.
--
cabhSecNotification OBJECT IDENTIFIER ::= { cabhSecMib 3 0 }
cabhSecConformance OBJECT IDENTIFIER ::= { cabhSecMib 4 }
cabhSecCompliances OBJECT IDENTIFIER ::= { cabhSecConformance 1 }
cabhSecGroups OBJECT IDENTIFIER ::= { cabhSecConformance 2 }
--
-- Notification Group
--
-- compliance statements
cabhSecBasicCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for Cable Firewall feature."
MODULE --cabhSecMib
-- unconditionally mandatory groups
MANDATORY-GROUPS {
cabhSecGroup
}
::= { cabhSecCompliances 3 }
cabhSecGroup OBJECT-GROUP
OBJECTS {
cabhSecFwPolicyFileEnable,
cabhSecFwPolicyFileURL,
cabhSecFwPolicyFileHash,
cabhSecFwPolicyFileOperStatus,
cabhSecFwPolicyFileCurrentVersion,
cabhSecFwEventType1Enable,
cabhSecFwEventType2Enable,
cabhSecFwEventType3Enable,
cabhSecFwEventAttackAlertThreshold,
cabhSecFwEventAttackAlertPeriod,
cabhSecCertPsCert
}
STATUS current
DESCRIPTION
"Group of object in Cable Firewall MIB"
::= { cabhSecGroups 1 }
END