SECURITY-MANAGEMENT-MIB: View SNMP OID List / Download MIB

Defines MIB objects related to device secured management.

When the security mode flag = on - it indicates that device operates in secured mode, =off - in non-secured mode. Otherwize when the value retuned =Not relevant - secured mode is not supported in this device.

Monitors the operational state of the TCP SYN cookies defense mechanism. The operational state of the SYN cookies can change only after a reset, if the configuration state was changed and the running configuration was saved to the startup configuration before the reset. Use secTcpSynCkiCfgState to monitor and change the SYN cookies configuration state. When the SYN cookies feature is turned on, it helps protect the local host from SYN attacks (a type of DoS attack).

Controls and monitors the configuration state of the TCP SYN cookies defense mechanism. The operational state of the SYN cookies can change only after reset, if the configuration state was changed and the running configuration was saved to the startup configuration before the reset. Use secTcpSynCkiOpState to monitor the SYN cookies operational state. When the SYN cookies feature is turned on, it helps protect the local host from SYN attacks (a type of DoS attack).

List of security management protocols supported in the device.

Description.

Index to the secMngProtoTable. The index can take one of the following values that correspond to supported management protocols scpConfigFiles(1), scpImageFiles(2), ssh(3), telnet(4), snmpv3(5), http(6), https(7), telnetClient(8), icmpRedirection(9), - icmp redirection service state icmp(10), - icmp services status recoveryPassword(11), - recovery password state sshClient(12), snmpv1(13), icmpEcho(14) - icmp service has been launched in EchoOnly mode tftp(16), dhcp(17), dnsResolver(18, scpClient(19), tftpClient(20), servicesTelnet(21), - reports telnet status on Services interface in G450 Missing entry indicates that corresponding protocol is not supported. Enumeration: 'scpClient': 19, 'recoveryPassword': 11, 'snmpv1': 13, 'ftpClient': 15, 'snmpv3': 5, 'tftpClient': 20, 'dnsRelay': 22, 'https': 7, 'dhcp': 17, 'scpConfigFiles': 1, 'telnetClient': 8, 'http': 6, 'telnetServices': 21, 'arpInspection': 23, 'icmpRedirection': 9, 'telnet': 4, 'scpImageFiles': 2, 'dnsResolver': 18, 'ssh': 3, 'icmp': 10, 'icmpEcho': 14, 'sshClient': 12, 'tftp': 16.

Portocol status. When the status is =on - it indicates that correpsonding protocol is up and running, =off - protocol is down. Otherwize when the value retuned =Not relevant - the protocol is not supported.

Description.

Group of MIBs objects used for configuration/presentation of the License information generated by Avaya Remote Feature Activation (RFA) system.

RFA based License management table. All elements are displaying the feature activation status. License activation controlled by the license file. The table is indexed by the license feature keyword assuming that the same keyword describing a feature cannot appear more than once per a license file.

Entry in lsgLicMngTable.

This table entry contains a features keyword. The feature keywords are text-based for example FEAT_VPN string. This field is used as a table index

License activation mechanism support two feature types * Boolean on-off feature * Features that describe quantities for example number of concurrent VPN peers Enumeration: 'quantifiableFeature': 2, 'onOffFeature': 1.

An administration status shows the feature activation status - when set to On the feature is activated by the RFA licensing system.

The operation status shows the actual status of the corresponding feature - feature can be not operational enabled if for example device must be reset for feature to be activated or feature is not supported by a device.

For counted features, this entry shows the associated quantity

Shows feature error state Enumeration: 'licNoError': 2.

Description.

Description.

Description.

Description.

enhanceSecurity flag reports operation of a product in enhance security mode. When running under enhanced security a product performs certain secure-related activities safely, closely matching FIPS-140-2 standard. However the flag doesn't necessary indicate that all device operations comply to FIPS approved mode as some of security activities might be controlled via different mechanisms for example manual configuration. Security policy/Crypto Office guidance documents shall be used as reference as for if this flag can be used as an evidence for operation in FIPS approved mode. The flag is read only and set via product CLI.

Subtree hosting MSS notification traps

Description.

The MSS notification sent on DoS attack

Defines the rate of MSS notification report. MSS reports will be generated as per rate if the event group counter passes the threshold correspondingly. The rate units are given in seconds with minimum - 10 seconds maximum - 8 hours (60 * 60 * 8)

Subtree of access-for-notify arguments to MSS notification varbinds list.

Enumeration of DoS attacks Enumeration: 'avMSSDoSICMPReflectAttack': 3, 'avMSSDoSMalformedARPs': 1, 'avMSSDoSUknownPort': 4, 'avMSSDoSUrgTCPOption': 5, 'avMSSUserDefinedDoSAttack100': 100, 'avMSSUserDefinedDoSAttack102': 102, 'avMSSUserDefinedDoSAttack104': 104, 'avMSSUserDefinedDoSAttack103': 103, 'avMSSDoSFraggleAttack': 9, 'avMSSDoSMalFragmentIP': 10, 'avMSSSpoofedIP': 11, 'avMSSunAuthenticatedAccess': 13, 'avMSSUnknownL4Protocol': 12, 'avMSSUserDefinedDoSAttack101': 101, 'avMSSDoSSmurfAttack': 8, 'avMSSDoSMalformedIP': 6, 'avMSSDoSLandAttack': 2, 'avMSSDoSSynFlood': 7, 'avMSSUserDefinedDoSAttack105': 105.

Textual description of the DoS event

Source IP address in IP header. Set to 0.0.0.0 if address is unknown

Destination IP address in IP header. Set to 0.0.0.0 if address is unknown

Destination port number in IP header. 0 if port is not applicable or unknown

The protocol field in IP header

Counted number of events that occur in a given period for a corresponding class of security violations (DoS, not authorized access, etc).

Source Physical address (MAC) of a packet identified as a packet carrying DoS payload. Set to 00:00:00:00:00:00 when phyicial address is not supported or unknown to the system

Description.

Description.

Description.

Description.

Encryption keys mismatch error. Configuration download operation is aborted

Configuration Master key was changed

User password is about to expire in n days

Notification on unauthorized login attempts. o For CLI and SNMP login failures: Both SNMP SSH and WEB management interfaces shall identify situation and alert. The reported information should include wrong user name, host name and IP address of remote host. Passwords is not reported because of the possibility to reveal password. o For pre-shared-key (PSK) authentication failure in IKE: * lntUnauthUserName - - In IKE AM: the ID sent by the remote peer in the ID payload. - In IKE MM: the ID associated with the remote peer IP in the running configuration. * avUnauthInetAddressType and avUnauthInetAddress - represents the source IP of the packet sent by the remote peer. * avUnauthProtocol - lntIKEAccess(500)

After configurable number of failed attempts to authenticate a user, device penalized by locking them out for a pre-specified amount of time.

The trap is generated whenever there is a detection of IPv6 address (link-local or global IPv6 address) duplication as part of DAD.

Notify only varbinds used for notifications in secMngNotifications group

Description.

The name of the user who's attempt to access device was identified as unauthorized.

The management protocol employed for the unauthorized access - avSSHAccess(22) -- SSH protocol avTELNETAccess(23), --Telnet protocol avHTTPAccess(80), -- HTTP protocol avSNMPAccess(161), -- SNMP protocol avHTTPSAccess(443), -- HTTPS protocol over TLS sockets avIKEAccess(500), -- IKE protocol - PSK authentication failure avRASAccess(6889), -- RAS access over dial-up connection avConsoleAccess(6890), -- Access from the Console port avPPPAccess(6891) -- Access to PPP over modem Enumeration: 'avHTTPAccess': 80, 'avHTTPSAccess': 443, 'avRASAccess': 6889, 'avSNMPAccess': 161, 'avIKEAccess': 500, 'avPPPAccess': 6891, 'avTELNETAccess': 23, 'avSSHAccess': 22, 'avConsoleAccess': 6890.

The Inet Address Type of access violating station

The Inet Address of access violating station

The duplicated Inet Address Type.

The duplicated Inet Address.

The MAC address of the station that claims to be configured with the duplicated IPv6 address.

Description.

Description.

Info on authentication file(s) installed in a product

The information on Authentication File stored in ASG AF file header

The productID value ascociated with the Authentication File (format 7xxxxxxxxx)

Date of Authentication file generation (format YYYY/MM/DD)

A 8-character string in US short locale time (format= HH:MM:SS)

Major software release the AF file was generated for

Description.

Description.

AF download successfully accomplished

AF download Failed

Description.

ASG authentictation File Notification Group

Setting the Local current RTC date and time, when not registered with CM