-- MIB module extracted from ITU-T J.192 (03/2004)
CABH-SEC-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
Unsigned32,
BITS,
OBJECT-TYPE FROM SNMPv2-SMI
TruthValue,
DisplayString,
TimeStamp FROM SNMPv2-TC
OBJECT-GROUP,
MODULE-COMPLIANCE FROM SNMPv2-CONF
InetAddressIPv4 FROM INET-ADDRESS-MIB
SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC2571
X509Certificate FROM DOCS-BPI2-MIB
clabProjCableHome FROM CLAB-DEF-MIB;
--===================================================================
--
-- History:
--
-- Date Modified by Reason
-- 04/05/02 Issued I01
-- 09/20/02 Issued I02
-- 04/11/03 Issued I03
--
--==========================================================================
cabhSecMib MODULE-IDENTITY
LAST-UPDATED "200304110000Z" --April 11, 2003
ORGANIZATION "CableLabs Broadband Access Department"
CONTACT-INFO
"Kevin Luehrs
Postal: Cable Television Laboratories, Inc.
400 Centennial Parkway
Louisville, Colorado 80027-1266
U.S.A.
Phone: +1 303-661-9100
Fax: +1 303-661-9199
E-mail: k.luehrs@cablelabs.com"
DESCRIPTION
"This MIB module supplies the basic management objects
for the Security Portal Services.
Acknowledgements:
Roy Spitzer - Consultant to CableLabs
Chris Zacker - Broadcom Visiting Engineer"
::= { clabProjCableHome 2 }
-- Textual conventions
cabhSecFwObjects OBJECT IDENTIFIER ::= { cabhSecMib 1 }
cabhSecFwBase OBJECT IDENTIFIER ::= { cabhSecFwObjects 1 }
cabhSecFwLogCtl OBJECT IDENTIFIER ::= { cabhSecFwObjects 2 }
cabhSecCertObjects OBJECT IDENTIFIER ::= { cabhSecMib 2 }
--
-- The following group describes the base objects in the Cable Home
-- Firewall.
--
cabhSecFwPolicyFileEnable OBJECT-TYPE
SYNTAX INTEGER {
enable (1),
disable (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This parameter indicates whether or not to enable the firewall
functionality."
DEFVAL {enable}
::= { cabhSecFwBase 1 }
cabhSecFwPolicyFileURL OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object contains the name and IP address of the policy rule set
file in a TFTP URL format. Once this object has been updated, it will
trigger the file download."
::= { cabhSecFwBase 2 }
cabhSecFwPolicyFileHash OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(20))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Hash of the contents of the rules set file, calculated and sent to the
PS prior to sending the rules set file. For the SHA-1 authentication
algorithm the length of the hash is 160 bits. This hash value is
encoded in binary format."
::= { cabhSecFwBase 3 }
cabhSecFwPolicyFileOperStatus OBJECT-TYPE
SYNTAX INTEGER {
inProgress(1),
complete (2),
completeFromMgt(3) --- deprecated,
failed(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"inProgress(1) indicates that a TFTP download is underway,
complete (2) indicates that the firewall
configuration file downloaded and configured successfully,
completeFromMgt(3) This state is deprecated.
failed(4) indicates that the last attempted download failed
ordinarily due to TFTP timeout."
::= { cabhSecFwBase 4 }
cabhSecFwPolicyFileCurrentVersion OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The rule set version currently operating in the PS device.
This object should be in the syntax used by the individual
vendor to identify software versions. Any PS element MUST
return a string descriptive of the current rule set file load.
If this is not applicable, this object MUST contain an empty
string."
::= { cabhSecFwBase 5 }
--
-- Firewall log parameters
--
cabhSecFwEventType1Enable OBJECT-TYPE
SYNTAX INTEGER {
enable (1), -- log event
disable (2) -- do not log event
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object enables or disables logging of type 1 firewall event
messages. Type 1 event messages report attempts from both private
and public clients to traverse the firewall that violate the Security
Policy."
DEFVAL { disable }
::= { cabhSecFwLogCtl 1 }
cabhSecFwEventType2Enable OBJECT-TYPE
SYNTAX INTEGER {
enable (1), -- log event
disable (2) -- do not log event
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object enables or disables logging of type 2 firewall event
messages. Type 2 event messages report identified Denial of Service
attack attempts."
DEFVAL { disable }
::= { cabhSecFwLogCtl 2 }
cabhSecFwEventType3Enable OBJECT-TYPE
SYNTAX INTEGER {
enable (1), -- log event
disable (2) -- do not log event
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enables or disables logging of type 3 firewall event messages. Type 3
event messages report changes made to the following firewall management
parameters: cabhSecFwPolicyFileURL, cabhSecFwPolicyFileCurrentVersion,
cabhSecFwPolicyFileEnable"
DEFVAL { disable }
::= { cabhSecFwLogCtl 3 }
cabhSecFwEventAttackAlertThreshold OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If the number of type 1 or 2 hacker attacks exceeds this
threshold in the period define by cabhSecFwEventAttackAlertPeriod, a
firewall message event MUST be logged with priority level 4."
DEFVAL { 65535 }
::= { cabhSecFwLogCtl 4 }
cabhSecFwEventAttackAlertPeriod OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the period to be used (in hours) for the
cabhSecFwEventAttackAlertThreshold. This MIB variable should always
keep track of the last x hours of events meaning that if the variable
is set to track events for 10 hours then when the 11th hour is reached,
the 1st hour of events is deleted from the tracking log. A default
value is set to zero, meaning zero time, so that this MIB variable will
not track any events unless configured."
DEFVAL {0}
::= { cabhSecFwLogCtl 5 }
cabhSecCertPsCert OBJECT-TYPE
SYNTAX X509Certificate
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The X509 DER-encoded PS certificate."
REFERENCE
"CableLabs CableHome 1.0 Specification version I01 (CH-SP-I01-020405)
Section 11.3 Requirements (security requirements)"
::= { cabhSecCertObjects 1 }
--
-- notification group is for future extension.
--
cabhSecNotification OBJECT IDENTIFIER ::= { cabhSecMib 3 0 }
cabhSecConformance OBJECT IDENTIFIER ::= { cabhSecMib 4 }
cabhSecCompliances OBJECT IDENTIFIER ::= { cabhSecConformance 1 }
cabhSecGroups OBJECT IDENTIFIER ::= { cabhSecConformance 2 }
--
-- Notification Group
--
-- compliance statements
cabhSecBasicCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for CableHome Firewall feature."
MODULE --cabhSecMib
-- unconditionally mandatory groups
MANDATORY-GROUPS {
cabhSecGroup
}
::= { cabhSecCompliances 3 }
cabhSecGroup OBJECT-GROUP
OBJECTS {
cabhSecFwPolicyFileEnable,
cabhSecFwPolicyFileURL,
cabhSecFwPolicyFileHash,
cabhSecFwPolicyFileOperStatus,
cabhSecFwPolicyFileCurrentVersion,
cabhSecFwEventType1Enable,
cabhSecFwEventType2Enable,
cabhSecFwEventType3Enable,
cabhSecFwEventAttackAlertThreshold,
cabhSecFwEventAttackAlertPeriod,
cabhSecCertPsCert
}
STATUS current
DESCRIPTION
"Group of object in CableHome Firewall MIB"
::= { cabhSecGroups 1 }
END