Internet-Draft E. Cardona draft-jones-cable-gateway-security-mib-01.txt CableLabs Expires: July 2003 K. Luehrs CableLabs D. Jones YAS BBV January 2003 Cable Gateway Security Management Information Base for CableHome compliant Residential Gateways Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026 [1]. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a basic set of managed objects for SNMP- based security management of CableHome 1.0 compliant residential gateway devices. Cardona/Luehrs/Jones Expires - July 2003 [Page 1]
Internet-Draft CableHome Gateway Security MIB January 2003 This memo specifies a MIB module in a manner that is compliant to the SNMP SMIv2 [5][6][7]. The set of objects is consistent with the SNMP framework and existing SNMP standards. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [2]. Table of Contents 1. The Internet-Standard Management Framework.....................2 2. Glossary.......................................................3 2.1 CableHome Residential Gateway..............................3 2.2 Portal Services............................................3 2.3 LAN IP Device..............................................3 2.4 WAN Management (WAN-Man) Address...........................3 2.5 WAN Data (WAN-Data) Address................................3 2.6 LAN Translated (LAN-Trans) Address.........................4 2.7 LAN Passthrough (LAN-Pass) Address.........................4 2.8 Cable Gateway DHCP Portal (CDP)............................4 2.9 Denial of Service..........................................4 2.10 Firewall..................................................4 2.11 Hash......................................................4 2.12 Rule Set..................................................4 2.13 Security Policy...........................................5 3. Overview.......................................................5 3.1 Structure of the MIB.......................................5 3.2 Management Requirements....................................5 4. MIB Definitions................................................6 5. Formal Syntax.................................................27 6. Security Considerations.......................................27 7. References....................................................28 8. Intellectual Property.........................................30 9. Author's Addresses............................................30 10. Full Copyright Statement.....................................31 1. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [12]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Cardona/Luehrs/Jones Expires - July 2003 [Page 2]
Internet-Draft CableHome Gateway Security MIB January 2003 Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [7], STD 58, RFC 2579 [8] and STD 58, RFC 2580 [9]. 2. Glossary The terms in this document are derived either from normal cable system usage, from normal residential gateway operation, or from the documents associated with the CableHome Specifications [21]. 2.1 CableHome Residential Gateway A CableHome Residential gateway passes data traffic between the cable operator's broadband data network (the Wide Area Network, WAN) and the Local Area Network (LAN) in the cable data service subscriber's residence or business. In addition to passing traffic between the WAN and LAN, the CableHome Residential Gateway provides several services including a DHCP client and a DHCP server (RFC2131) [22], a TFTP server (RFC1350) [23], management services as enabled by SNMPv1/v2c/v3 agent compliant with the RFCs listed in Section 1, and security services including stateful packet inspection firewall functionality and software code image verification using techniques. 2.2 Portal Services A logical element aggregating the set of CableHome-specified functionality in a CableHome compliant cable gateway device. 2.3 LAN IP Device A LAN IP Device is representative of a typical IP device expected to reside on home networks, and is assumed to contain a TCP/IP stack as well as a DHCP client. 2.4 WAN Management (WAN-Man) Address WAN Management Addresses are intended for network management traffic on the cable network between the network management system and the PS element. Typically, these addresses will reside in private IP address space. 2.5 WAN Data (WAN-Data) Address WAN Data Addresses are intended for subscriber application traffic on the cable network and beyond, such as traffic between LAN IP Devices and Internet hosts. Typically, these addresses will reside in public IP address space. Cardona/Luehrs/Jones Expires - July 2003 [Page 3]
Internet-Draft CableHome Gateway Security MIB January 2003 2.6 LAN Translated (LAN-Trans) Address LAN Translated Addresses are intended for subscriber application and management traffic on the home network between LAN IP Devices and the PS element. Typically, these addresses will reside in private IP address space, and can typically be reused across subscribers. 2.7 LAN Passthrough (LAN-Pass) Address LAN Passthrough Addresses are intended for subscriber application traffic, such as traffic between LAN IP Devices and Internet hosts, on the home network, the cable network, and beyond. Typically, these addresses will reside in public IP address space. 2.8 Cable Gateway DHCP Portal (CDP) A logical element residing within the PS that encapsulates DHCP functionality within a Cable Gateway Device. This includes both DHCP client as well as DHCP server capabilities. 2.9 Denial of Service A type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. 2.10 Firewall A system designed to prevent unauthorized access to or from a private network. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. 2.11 Hash A hash value (or simply hash) is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value. Hashes play a role in security systems where they're used to ensure that transmitted messages have not been tampered with. 2.12 Rule Set The rule set is derived from the security policy and defines the collection of access control rules (filter and proxy action rules) which then determines which packets the firewall forwards and which it rejects. Cardona/Luehrs/Jones Expires - July 2003 [Page 4]
Internet-Draft CableHome Gateway Security MIB January 2003 2.13 Security Policy The security policy defines the desired level of security/functionality for a subscriber's firewall. 3. Overview This MIB provides a set of security objects required for the management of CableHome compliant residential gateway devices. The specification is derived from the CableHome 1.0 specification [21]. 3.1 Structure of the MIB This MIB is structured into two groups: û cabhSecFwObjects is used to manage the firewall functionality. û cabhSecCertObjects is used to hold the gateway device certificate, which is used to authenticate the gateway. 3.2 Management Requirements 3.1.1. Firewall Enable The cabhSecFwPolicyFileEnable object enables or disables firewall rule set filtering functions. 3.1.2. Firewall Configuration File Download The firewall configuration file download process is documented in [21]. From a network management station, the operator: û sets cabhSecFwPolicyFileHash to the hash value calculated using the firewall configuration file. û sets cabhSecFwPolicyFileURL to the name and IP address of the firewall configuratrion file using TFTP URL format. When this value changes, it triggers the file download. Download status and the version of the firewall configuration file can be obtained from the cabhSecFwPolicyFileOperStatus and cabhSecFwPolicyCurrentVersion MIB objects. 3.1.3 Firewall Event Management There are three types of firewall events that can be logged. The following objects allow the operator to enable or disable the logging of these events: Cardona/Luehrs/Jones Expires - July 2003 [Page 5]
Internet-Draft CableHome Gateway Security MIB January 2003 û cabhSecFwEventType1Enable controls the logging of Type 1 event messages which indicate attempts from both private and public clients to traverse the firewall that violate the security policy. û cabhSecFwEventType2Enable controls the logging of Type 2 event messages which indicate the detection of Denial-of-Service attacks. û cabhSecFwEventType3Enable controls the logging of Type 3 event messages which indicate changes in firewall management parameters. Event messaging details are documented in [21]. 3.1.4 Firewall Attack Alert The Firewall Attack Alert MIB objects enable an MSO to be notified when a firewall as been attacked a certain number of times within a given period. The cabhSecFwEventAttackAlertThreshold object is set with the number of Type 1 or Type 2 hacker attacks that are allowed within the time period attacks exceed this number an event message MUST be logged. The cabhSecFwEventAttackAlertPeriod object indicates the period to be used (in hours) for the cabhSecFwEventAttackAlertThreshold. This MIB object should always keep track of the last x hours of event meaning that if the variable is set to track events for 10 hours then when the 11th hour is reached, the 1st hour of events is deleted from the tracking log. A default value is set to zero, meaning zero time, so that this MIB variable will not track any events unless configured. 3.1.5 PS Certificate The cabhSecCertPsCert provides the ability to read the certificate information in a compliant CableHome residential gateway device. The PS certicate is used to in the process to authenticate the device. 4. MIB Definitions CABH-SEC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, Unsigned32, Counter32, Integer32, Cardona/Luehrs/Jones Expires - July 2003 [Page 6]
Internet-Draft CableHome Gateway Security MIB January 2003 OBJECT-TYPE FROM SNMPv2-SMI -- RFC2578 RowStatus, DateAndTime, TruthValue, DisplayString, VariablePointer FROM SNMPv2-TC -- RFC2579 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF -- RFC2580 InetPortNumber, InetAddressIPv4 FROM INET-ADDRESS-MIB --RFC3291 SnmpAdminString FROM SNMP-FRAMEWORK-MIB --RFC2571 X509Certificate FROM DOCS-BPI2-MIB cabhDevMib FROM CABH-DEV-MIB; -- ============================================================ -- -- History: -- -- Date Reason -- 10/28/02 -00 -- 01/22/03 -01 -- -- ============================================================ cabhSecMib MODULE-IDENTITY LAST-UPDATED "200301220000Z" -- January 22, 2003 ORGANIZATION "CableLabs Broadband Access Department" CONTACT-INFO "Kevin Luehrs Postal: Cable Television Laboratories, Inc. 400 Centennial Parkway Louisville, Colorado 80027-1266 U.S.A. Phone: +1 303-661-9100 Fax: +1 303-661-9199 E-mail: k.luehrs@cablelabs.com" DESCRIPTION "This MIB module supplies the basic management objects for the Security Portal Services. Acknowledgements: Nancy Davoust û YAS Broadband Ventures Jim Hinsey û Broadcom Visiting Engineer John Bevilacqua û YAS Broadband Ventures" REVISION "200301220000Z" -- January 22, 2003 DESCRIPTION Cardona/Luehrs/Jones Expires - July 2003 [Page 7]
Internet-Draft CableHome Gateway Security MIB January 2003 "Initial version, published as RFC xxxx." -- RFC editor to assign xxxx ::= { cabhDevMib 2 } -- Textual conventions cabhSecMibObjects OBJECT IDENTIFIER ::= { cabhSecMib 1 } cabhSecFwObjects OBJECT IDENTIFIER ::= { cabhSecMibObjects 1 } cabhSecFwBase OBJECT IDENTIFIER ::= { cabhSecFwObjects 1 } cabhSecFwLogCtl OBJECT IDENTIFIER ::= { cabhSecFwObjects 2 } cabhSecCertObjects OBJECT IDENTIFIER ::= { cabhSecMibObjects 2 } cabhSecKerbObjects OBJECT IDENTIFIER ::= { cabhSecMibObjects 3 } cabhSecKerbBase OBJECT IDENTIFIER ::= { cabhSecKerbObjects 1 } cabhSec2FwObjects OBJECT IDENTIFIER ::= { cabhSecMibObjects 4 } cabhSec2FwBase OBJECT IDENTIFIER ::= { cabhSec2FwObjects 1 } cabhSec2FwEvent OBJECT IDENTIFIER ::= { cabhSec2FwObjects 2 } cabhSec2FwLog OBJECT IDENTIFIER ::= { cabhSec2FwObjects 3 } cabhSec2FwFilter OBJECT IDENTIFIER ::= { cabhSec2FwObjects 4 } --cabhSec2Misc OBJECT IDENTIFIER ::= { cabhSecMib 5 } --might be needed for config file encryption key management -- -- CableHome 1.0 Base Firewall Functions -- cabhSecFwPolicyFileEnable OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This parameter indicates whether or not to enable the firewall functionality." DEFVAL {enable} ::= { cabhSecFwBase 1 } cabhSecFwPolicyFileURL OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains the name and IP address of the policy rule set file ina TFTP URL format. Once this object has been updated, it will trigger Cardona/Luehrs/Jones Expires - July 2003 [Page 8]
Internet-Draft CableHome Gateway Security MIB January 2003 the file download." ::= { cabhSecFwBase 2 } cabhSecFwPolicyFileHash OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0|20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Hash of the contents of the rules set file, calculated and sent to the PS prior to sending the rules set file. For the SHA-1 authentication algorithm the length of the hash is 160 bits. This hash value is encoded in binary format." DEFVAL {''h} ::= { cabhSecFwBase 3 } cabhSecFwPolicyFileOperStatus OBJECT-TYPE SYNTAX INTEGER { inProgress(1), completeFromProvisioning(2), completeFromMgt(3), failed(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "InProgress(1) indicates that a TFTP download is underway, either as a result of a version mismatch at provisioning or as a result of a upgradeFromMgt request. CompleteFromProvisioning(2) indicates that the last software upgrade was a result of version mismatch at provisioning. CompleteFromMgt(3)indicates that the last software upgrade was a result of setting docsDevSwAdminStatus to upgradeFromMgt. Failed(4) indicates that the last attempted download failed, ordinarily due to TFTP timeout." ::= { cabhSecFwBase 4 } cabhSecFwPolicyFileCurrentVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current Cardona/Luehrs/Jones Expires - July 2003 [Page 9]
Internet-Draft CableHome Gateway Security MIB January 2003 DESCRIPTION "The rule set version currently operating in the PS device. This object should be in the syntax used by the individual vendor to identify software versions. Any PS element MUST return a string descriptive of the current rule set file load. If this is not applicable, this object MUST contain an empty string." ::= { cabhSecFwBase 5 } -- -- CableHome 1.0 Firewall Event MIBs -- cabhSecFwEventType1Enable OBJECT-TYPE SYNTAX INTEGER { enable (1), -- log event disable (2) -- do not log event } MAX-ACCESS read-write STATUS current DESCRIPTION "This object enables or disables logging of type 1 firewall event messages. Type 1 event messages report attempts from both private and public clients to traverse the firewall that violate the Security Policy." DEFVAL { disable } ::= { cabhSecFwLogCtl 1 } cabhSecFwEventType2Enable OBJECT-TYPE SYNTAX INTEGER { enable (1), -- log event disable (2) -- do not log event } MAX-ACCESS read-write STATUS current DESCRIPTION "This object enables or disables logging of type 2 firewall event messages. Type 2 event messages report identified Denial of Service attack attempts." DEFVAL { disable } ::= { cabhSecFwLogCtl 2 } cabhSecFwEventType3Enable OBJECT-TYPE SYNTAX INTEGER { enable (1), -- log event disable (2) -- do not log event Cardona/Luehrs/Jones Expires - July 2003 [Page 10]
Internet-Draft CableHome Gateway Security MIB January 2003 } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging of type 3 firewall event messages. Type 3 event messages report changes made to the following firewall management parameters: cabhSecFwPolicyFileURL, cabhSecFwPolicyFileCurrentVersion, cabhSecFwPolicyFileEnable" DEFVAL { disable } ::= { cabhSecFwLogCtl 3 } cabhSecFwEventAttackAlertThreshold OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "If the number of type 1 or 2 hacker attacks exceeds this threshold in the period define by cabhSecFwEventAttackAlertPeriod, a firewall message event MUST be logged with priority level 4." DEFVAL { 65535 } ::= { cabhSecFwLogCtl 4 } cabhSecFwEventAttackAlertPeriod OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the period to be used (in hours) for the cabhSecFwEventAttackAlertThreshold. This MIB variable should always keep track of the last x hours of events meaning that if the variable is set to track events for 10 hours then when the 11th hour is reached, the 1st hour of events is deleted from the tracking log. A default value is set to zero, meaning zero time, so that this MIB variable will not track any events unless configured." DEFVAL {0} ::= { cabhSecFwLogCtl 5 } -- -- CableHome PS device certificate -- Cardona/Luehrs/Jones Expires - July 2003 [Page 11]
Internet-Draft CableHome Gateway Security MIB January 2003 cabhSecCertPsCert OBJECT-TYPE SYNTAX X509Certificate MAX-ACCESS read-only STATUS current DESCRIPTION "The X509 DER-encoded PS certificate." ::= { cabhSecCertObjects 1 } -- -- CableHome 1.1 Firewall Management MIBs -- cabhSec2FwEnable OBJECT-TYPE SYNTAX INTEGER { disable(1), factoryDefault(2), configuredRuleset(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This parameter indicates whether to disable the firewall, enable the factory default policy, or enable the configured ruleset for firewall functionality." DEFVAL {factoryDefault } ::= { cabhSec2FwBase 1 } cabhSec2FwPolicyFileURL OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains the name and IP address of the policy ruleset file in a TFTP or HTTP URL format. Once this object has been updated, it will trigger the file download." ::= { cabhSec2FwBase 2 } cabhSec2FwPolicyFileHash OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0|20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Hash of the contents of the firewall configuration file. For the SHA-1 authentication algorithm the length of the hash is 160 bits. This hash value is encoded in binary format." Cardona/Luehrs/Jones Expires - July 2003 [Page 12]
Internet-Draft CableHome Gateway Security MIB January 2003 DEFVAL { ''h} ::= { cabhSec2FwBase 3 } cabhSec2FwPolicyFileOperStatus OBJECT-TYPE SYNTAX INTEGER { inProgress(1), complete(2), failed(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "InProgress(1) indicates a firewall configuration file download is underway. Complete(2) indicates the firewall configuration file was downloaded and processed successfully. Failed(3) indicates that the last attempted firewall configuration file download or processing failed." ::= { cabhSec2FwBase 4 } cabhSec2FwPolicyFileCurrentVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "The configured ruleset currently loaded in the PS regardless if it is enabled or disabled. The PS MUST return a string descriptive of the current ruleset. If there is no configured ruleset, this object contains the string æfactory_defaultÆ." DEFVAL { "factory_Default" } ::= { cabhSec2FwBase 5 } cabhSec2FwClearPreviousRuleset OBJECT-TYPE SYNTAX INTEGER { increment(1), complete(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The configuration file should contain this object to tell the firewall if the rules in the configuration file are incremental to the previously established configured ruleset or a complete set of configuration rules. If the cabhSec2FwClearPreviousRuleset is set to Complete(2), the PS must purge all previous Cardona/Luehrs/Jones Expires - July 2003 [Page 13]
Internet-Draft CableHome Gateway Security MIB January 2003 firewall rules configured by the cable operator before applying the new rules contained within the configuration file." DEFVAL { increment } ::= { cabhSec2FwBase 6 } -- -- Firewall Event MIBS -- cabhSec2FwEventControlTable OBJECT-TYPE SYNTAX SEQUENCE OF CabhSec2FwEventControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table allows control of the reporting of the Firewall events" ::= { cabhSec2FwEvent 1 } cabhSec2FwEventControlEntry OBJECT-TYPE SYNTAX CabhSec2FwEventControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Allows configuration of the reporting mechanisms for a particular type of attack." INDEX { cabhSec2FwEventType } ::= { cabhSec2FwEventControlTable 1 } CabhSec2FwEventControlEntry ::= SEQUENCE { cabhSec2FwEventType INTEGER, cabhSec2FwEventEnable TruthValue, cabhSec2FwEventThreshold Unsigned32, cabhSec2FwEventInterval Integer32, cabhSec2FwEventCount Counter32, cabhSec2FwEventLogReset TruthValue } cabhSec2FwEventType OBJECT-TYPE SYNTAX INTEGER { type1(1), type2(2), type3(3), type4(4), type5(5), type6(6) } Cardona/Luehrs/Jones Expires - July 2003 [Page 14]
Internet-Draft CableHome Gateway Security MIB January 2003 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Classification of the different types of attacks. Type 1 logs all attempts from both LAN and WAN clients to traverse the Firewall that violate the Security Policy. Type 2 logs identified Denial of Service attack attempts. Type 3 logs all changes made to the cabhSec2FwPolicyFileURL, cabhSec2FwPolicyFileCurrentVersion or cabhSec2FwPolicyFileEnable objects. Type 4 logs all failed attempts to modify cabhSec2FwPolicyFileURL and cabhSec2FwPolicyFileEnable objects. Type 5 logs allowed inbound packets from the WAN. Type 6 logs allowed outbound packets from the LAN." ::= { cabhSec2FwEventControlEntry 1 } cabhSec2FwEventEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables counting and logging of firewall events by type as assigned by cabhSec2FwEventType." DEFVAL { false } ::= { cabhSec2FwEventControlEntry 2 } cabhSec2FwEventThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Number of attacks to count before sending the appropriate event by type as assigned by cabhSec2FwEventType." DEFVAL {0} ::= { cabhSec2FwEventControlEntry 3 } cabhSec2FwEventInterval OBJECT-TYPE SYNTAX Integer32 (0..2147483647) UNITS "hours" MAX-ACCESS read-write Cardona/Luehrs/Jones Expires - July 2003 [Page 15]
Internet-Draft CableHome Gateway Security MIB January 2003 STATUS current DESCRIPTION "Indicates the time interval in hours to count and log occurrences of a firewall event type as assigned in cabhSec2FwEventType. If this MIB has a value of zero then there is no interval assigned and the PS will not count or log events." DEFVAL {0} ::= { cabhSec2FwEventControlEntry 4 } cabhSec2FwEventCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the current count up to the cabhSec2FwEventThreshold value by type as assigned by cabhSec2FwEventType." ::= { cabhSec2FwEventControlEntry 5 } cabhSec2FwEventLogReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to true clears the log table for the specified event type. Reading this object always returns false." DEFVAL {false} ::= { cabhSec2FwEventControlEntry 6 } -- -- Firewall Log Tables -- cabhSec2FwLogTable OBJECT-TYPE SYNTAX SEQUENCE OF CabhSec2FwLogEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Contains a log of packet information as related to events enabled by the cable operator. The types are defined in the CableHome 1.1 specification and require various objects to be included in the log. The following is a description for what is expected in the log for each type Type 1, Type 2, Type 5 and Type 6 table MUST include cabhSec2FwEventType, cabhSec2FwEventPriority, cabhSec2FwEventId, cabhSec2FwLogTime, Cardona/Luehrs/Jones Expires - July 2003 [Page 16]
Internet-Draft CableHome Gateway Security MIB January 2003 cabhSec2FwIpProtocol, cabhSec2FwIpSourceAddr, cabhSec2FwIpDestAddr, cabhSec2FwIpSourcePort, cabhSec2FwIpDestPort, cabhSec2Fw, cabhSec2FwReplayCount. The other values not used by type 1, 2, 5 & 6 are default values. Type 3 & Type 4 MUST include cabhSec2FwEventType, cabhSec2FwEventPriority, cabhSec2FwEventId, cabhSec2FwLogTime, cabhSec2FwIpSourceAddr, cabhSec2FwMIBPointer. The other values not used by type 3 and 4 are default values." ::= { cabhSec2FwLog 1 } cabhSec2FwLogEntry OBJECT-TYPE SYNTAX CabhSec2FwLogEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the log of firewall events" INDEX {cabhSec2FwLogIndex} ::= { cabhSec2FwLogTable 1 } CabhSec2FwLogEntry ::= SEQUENCE { cabhSec2FwLogIndex Integer32, cabhSec2FwLogEventType INTEGER, cabhSec2FwLogEventPriority INTEGER, cabhSec2FwLogEventId Unsigned32, cabhSec2FwLogTime DateAndTime, cabhSec2FwLogIpProtocol Integer32, cabhSec2FwLogIpSourceAddr InetAddressIPv4, cabhSec2FwLogIpDestAddr InetAddressIPv4, cabhSec2FwLogIpSourcePort InetPortNumber, cabhSec2FwLogIpDestPort InetPortNumber, cabhSec2FwLogMessageType Unsigned32, cabhSec2FwLogReplayCount Unsigned32, cabhSec2FwMIBPointer VariablePointer } cabhSec2FwLogIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A sequence number for the specific events under a cabhSec2FwEventType." ::= { cabhSec2FwLogEntry 1 } cabhSec2FwLogEventType OBJECT-TYPE SYNTAX INTEGER { type1(1), type2(2), Cardona/Luehrs/Jones Expires - July 2003 [Page 17]
Internet-Draft CableHome Gateway Security MIB January 2003 type3(3), type4(4), type5(5), type6(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Classification of the different types of attacks. Type 1 logs all attempts from both LAN and WAN clients to traverse the Firewall that violate the Security Policy. Type 2 logs identified Denial of Service attack attempts. Type 3 logs all changes made to the cabhSec2FwPolicyFileURL, cabhSec2FwPolicyFileCurrentVersion or cabhSec2FwPolicyFileEnable objects. Type 4 logs all failed attempts to modify cabhSec2FwPolicyFileURL and cabhSec2FwPolicyFileEnable objects. Type 5 logs allowed inbound packets from the WAN. Type 6 logs allowed outbound packets from the LAN." ::= { cabhSec2FwLogEntry 2 } cabhSec2FwLogEventPriority OBJECT-TYPE SYNTAX INTEGER { emergency(1), alert(2), critical(3), error(4), warning(5), notice(6), information(7), debug(8) } MAX-ACCESS read-only STATUS current DESCRIPTION "The priority level of this event as defined by CableHome Specification. If a priority is not assigned in the CableHome specification for a particular event then the vendor or cable operator may assign priorities. These are ordered from most serious (emergency)to least serious (debug)." ::= { cabhSec2FwLogEntry 3 } Cardona/Luehrs/Jones Expires - July 2003 [Page 18]
Internet-Draft CableHome Gateway Security MIB January 2003 cabhSec2FwLogEventId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The assigned event ID." ::= { cabhSec2FwLogEntry 4 } cabhSec2FwLogTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time that this entry was created by the PS." ::= { cabhSec2FwLogEntry 5 } cabhSec2FwLogIpProtocol OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-only STATUS current DESCRIPTION "The IP Protocol" ::= { cabhSec2FwLogEntry 6 } cabhSec2FwLogIpSourceAddr OBJECT-TYPE SYNTAX InetAddressIPv4 MAX-ACCESS read-only STATUS current DESCRIPTION "The Source IP Address of the packet logged" ::= { cabhSec2FwLogEntry 7 } cabhSec2FwLogIpDestAddr OBJECT-TYPE SYNTAX InetAddressIPv4 MAX-ACCESS read-only STATUS current DESCRIPTION "The Destination IP Address of the packet logged" ::= { cabhSec2FwLogEntry 8 } cabhSec2FwLogIpSourcePort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-only STATUS current Cardona/Luehrs/Jones Expires - July 2003 [Page 19]
Internet-Draft CableHome Gateway Security MIB January 2003 DESCRIPTION "The Source IP Port of the packet logged" ::= { cabhSec2FwLogEntry 9 } cabhSec2FwLogIpDestPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-only STATUS current DESCRIPTION "The Source IP Port of the packet logged" ::= { cabhSec2FwLogEntry 10 } cabhSec2FwLogMessageType OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The ICMP defined types." ::= { cabhSec2FwLogEntry 11} cabhSec2FwLogReplayCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of identical attack packets that were seen by the firewall based on cabhSec2FwLogIpProtocol, cabhSec2FwLogIpSourceAddr, cabhSec2FwLogIpDestAddr, cabhSec2FwLogIpSourcePort, cabhSec2FwLogIpDestPort and cabhSec2FwLogMessageType" DEFVAL { 0 } ::= { cabhSec2FwLogEntry 12 } cabhSec2FwMIBPointer OBJECT-TYPE SYNTAX VariablePointer MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies if the cabhSec2FwPolicyFileURL or the cabhSec2FwEnable MIB object changed or an attempt was made to change it." ::= { cabhSec2FwLogEntry 13 } -- ============================================================ -- -- PS IP Filter Scheduling Table -- Cardona/Luehrs/Jones Expires - July 2003 [Page 20]
Internet-Draft CableHome Gateway Security MIB January 2003 -- The cabhSec2FwFilterScheduleTable contains the firewall -- policy identification and links that policy as defined -- in RFC 2669 to specific time of day restrictions. -- -- ============================================================= cabhSec2FwFilterScheduleTable OBJECT-TYPE SYNTAX SEQUENCE OF CabhSec2FwFilterScheduleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the link between the firewall rule and the associated time of day." ::= { cabhSec2FwFilter 1 } cabhSec2FwFilterScheduleEntry OBJECT-TYPE SYNTAX CabhSec2FwFilterScheduleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "List of IP firewall policies linked to time of day" INDEX { cabhSec2FwFilterScheduleIndex } ::= { cabhSec2FwFilterScheduleTable 1 } CabhSec2FwFilterScheduleEntry ::= SEQUENCE { cabhSec2FwFilterScheduleIndex Integer32, cabhSec2FwFilterScheduleRowStatus RowStatus, cabhSec2FwFilterScheduleStartTime DateAndTime, cabhSec2FwFilterScheduleEndTime DateAndTime, cabhSec2FwFilterScheduleDOW BITS } cabhSec2FwFilterScheduleIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index for the Time Entry table." ::= { cabhSec2FwFilterScheduleEntry 1 } cabhSec2FwFilterScheduleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The Row Status interlock for creation and deletion of row entries. Any object in each Cardona/Luehrs/Jones Expires - July 2003 [Page 21]
Internet-Draft CableHome Gateway Security MIB January 2003 row can be modified at any time while the row is active (1)." ::={ cabhSec2FwFilterScheduleEntry 2 } cabhSec2FwFilterScheduleStartTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-create STATUS current DESCRIPTION "The start time, with optional time zone, for a firewall filter ruleset." ::= { cabhSec2FwFilterScheduleEntry 3 } cabhSec2FwFilterScheduleEndTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-create STATUS current DESCRIPTION "The end time, with optional time zone, for a firewall filter ruleset." ::= { cabhSec2FwFilterScheduleEntry 4 } cabhSec2FwFilterScheduleDOW OBJECT-TYPE SYNTAX BITS { sunday(0), monday(1), tuesday(2), wednesday(3), thursday(4), friday(5), saturday(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "The day of week to be used with the IP filter table from RFC2669." ::= { cabhSec2FwFilterScheduleEntry 5 } -- -- Kerberos MIBs -- --cabhSecKerbBaseTable OBJECT-TYPE -- SYNTAX SEQUENCE OF CabhSecKerbBaseEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION Cardona/Luehrs/Jones Expires - July 2003 [Page 22]
Internet-Draft CableHome Gateway Security MIB January 2003 -- "This table is for management for various Kerberos MIBs" -- INDEX { } -- ::= { cabhSecKerbBase 1 } --cabhSecKerbBaseEntry OBJECT-TYPE -- SYNTAX CabhSecKerbBaseEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "List of security parameters for Kerberos." -- ::= { cabhSecKerbBaseTable 1 } --CabhSecKerbBaseEntry ::= SEQUENCE { -- cabhSecKerbPKINITGracePeriod Integer32, -- cabhSecKerbTGSGracePeriod Integer32, -- cabhSecKerbKDCCertOrgName OCTET STRING, -- cabhSecKerbUnsolicitedKeyMaxTimeout Integer32, -- cabhSecKerbUnsolicitedKeyMaxRetries Integer32 -- } cabhSecKerbPKINITGracePeriod OBJECT-TYPE SYNTAX Integer32 (15..600) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "The PKINIT Grace Period is needed by the PS to know when it should start retrying to get a new ticket. The PS MUST obtain a new Kerberos ticket (with a PKINIT exchange)this many minutes before the old ticket expires. The minimum allowed value is 15 minutes. The default value is 30 minutes." DEFVAL { 30 } -- ::= { cabhSecKerbBaseEntry 1 } ::= { cabhSecKerbBase 1} cabhSecKerbTGSGracePeriod OBJECT-TYPE SYNTAX Integer32 (15..600) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "The TGS Grace Period is needed by the PS to know when it should start retrying to get a new ticket. The PS MUST obtain a new Kerberos ticket (with a TGS Request) this many minutes before the old ticket expires. The minimum allowed value is 15 minutes. The default value is 30 minutes." Cardona/Luehrs/Jones Expires - July 2003 [Page 23]
Internet-Draft CableHome Gateway Security MIB January 2003 DEFVAL { 30 } -- ::= { cabhSecKerbBaseEntry 2 } ::= { cabhSecKerbBase 2} cabhSecKerbKDCCertOrgName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(1..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the X.500 Organization Name attribute in the subject name filed of the service provider certificate." -- ::= { cabhSecKerbBaseEntry 3 } ::= { cabhSecKerbBase 3} cabhSecKerbUnsolicitedKeyMaxTimeout OBJECT-TYPE SYNTAX Integer32 (15..600) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "This timeout applies to PS initiated AP-REQ/REP key management exchange with NMS. The maximum timeout is the value which may not be exceeded in the exponential backoff algorithm. The minimum allowed value is 15 minutes. The default value is 600 minutes." DEFVAL { 600 } -- ::= { cabhSecKerbBaseEntry 4 } ::= { cabhSecKerbBase 4} cabhSecKerbUnsolicitedKeyMaxRetries OBJECT-TYPE SYNTAX Integer32 (1..32) MAX-ACCESS read-only STATUS current DESCRIPTION "The number of retries the PS is allowed for AP-REQ/REP key management exchange initiation with the NMS. This is the maximum number of retries before the MTA gives up attempting to establish an SNMPv3 security association with NMS." DEFVAL { 8 } -- ::= { cabhSecKerbBaseEntry 5 } ::= { cabhSecKerbBase 5} cabhSecNotification OBJECT IDENTIFIER ::= { cabhSecMib 2 } cabhSecConformance OBJECT IDENTIFIER ::= { cabhSecMib 3 } Cardona/Luehrs/Jones Expires - July 2003 [Page 24]
Internet-Draft CableHome Gateway Security MIB January 2003 cabhSecCompliances OBJECT IDENTIFIER ::= { cabhSecConformance 1 } cabhSecGroups OBJECT IDENTIFIER ::= { cabhSecConformance 2 } -- -- Notification Group for future extension -- -- compliance statements cabhSecCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for CableHome Security." MODULE --cabhSecMib -- unconditionally mandatory groups MANDATORY-GROUPS { -- cabhSecGroup, cabhSecCertGroup, cabhSecKerbGroup } -- conditional mandatory groups GROUP cabhSecGroup DESCRIPTION "This group is implemented only for CH 1.0 gateways." GROUP cabhSec2Group DESCRIPTION "This group is implemented only for CH 1.1 gateways." ::= { cabhSecCompliances 1} cabhSecGroup OBJECT-GROUP OBJECTS { cabhSecFwPolicyFileEnable, cabhSecFwPolicyFileURL, cabhSecFwPolicyFileHash, cabhSecFwPolicyFileOperStatus, cabhSecFwPolicyFileCurrentVersion, cabhSecFwEventType1Enable, cabhSecFwEventType2Enable, cabhSecFwEventType3Enable, cabhSecFwEventAttackAlertThreshold, Cardona/Luehrs/Jones Expires - July 2003 [Page 25]
Internet-Draft CableHome Gateway Security MIB January 2003 cabhSecFwEventAttackAlertPeriod } STATUS current DESCRIPTION "Group of objects in CableHome 1.0 Firewall MIB." ::= { cabhSecGroups 1 } cabhSecCertGroup OBJECT-GROUP OBJECTS { cabhSecCertPsCert } STATUS current DESCRIPTION "Group of objects in CableHome gateway for PS Certificate." ::= { cabhSecGroups 2 } cabhSecKerbGroup OBJECT-GROUP OBJECTS { cabhSecKerbPKINITGracePeriod, cabhSecKerbTGSGracePeriod, cabhSecKerbKDCCertOrgName, cabhSecKerbUnsolicitedKeyMaxTimeout, cabhSecKerbUnsolicitedKeyMaxRetries } STATUS current DESCRIPTION "Group of objects in CableHome gateway for Kerberos key Management." ::= { cabhSecGroups 3 } cabhSec2Group OBJECT-GROUP OBJECTS { cabhSec2FwEnable, cabhSec2FwPolicyFileURL, cabhSec2FwPolicyFileHash, cabhSec2FwPolicyFileOperStatus, cabhSec2FwPolicyFileCurrentVersion, cabhSec2FwClearPreviousRuleset, cabhSec2FwEventEnable, cabhSec2FwEventThreshold, cabhSec2FwEventInterval, cabhSec2FwEventCount, cabhSec2FwEventLogReset, cabhSec2FwLogEventType, cabhSec2FwLogEventPriority, cabhSec2FwLogEventId, Cardona/Luehrs/Jones Expires - July 2003 [Page 26]
Internet-Draft CableHome Gateway Security MIB January 2003 cabhSec2FwLogTime, cabhSec2FwLogIpProtocol, cabhSec2FwLogIpSourceAddr, cabhSec2FwLogIpDestAddr, cabhSec2FwLogIpSourcePort, cabhSec2FwLogIpDestPort, cabhSec2FwLogMessageType, cabhSec2FwLogReplayCount, cabhSec2FwMIBPointer, cabhSec2FwFilterScheduleRowStatus, cabhSec2FwFilterScheduleStartTime, cabhSec2FwFilterScheduleEndTime, cabhSec2FwFilterScheduleDOW } STATUS current DESCRIPTION "Group of objects in CableHome 1.1 Firewall MIB." ::= { cabhSecGroups 4 } END 5. Formal Syntax The following syntax specification uses the augmented Backus-Naur Form (BNF) as described in RFC-2234 [3]. 6. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. It is thus important to control even GET access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), Cardona/Luehrs/Jones Expires - July 2003 [Page 27]
Internet-Draft CableHome Gateway Security MIB January 2003 even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 7. References 1 Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996. 2 Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997 3 Crocker, D. and Overell, P.(Editors), "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, Internet Mail Consortium and Demon Internet Ltd., November 1997 4 Rose, M. and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. 5 Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. 6 Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. 7 McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Structure of Management Information for Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 8 McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. Cardona/Luehrs/Jones Expires - July 2003 [Page 28]
Internet-Draft CableHome Gateway Security MIB January 2003 9 McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. 10 Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. 11 Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. 12 Case, J., Mundy, R., Partain, D, and B. Stewart, "Introduction and Applicability Statements for Internet Standard Management Framework", RFC 3410, December 2002. 13 Harrington D., Presuhn R. and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", RFC 3411, December 2002. 14 Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 3412, December 2002. 15 Levi, D., Meyer, P., and B. Stewart, ôSimple Network Management Protocol (SNMP) Applications", RFC 3413, December 2002. 16 Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 3414, December 2002. 17 Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 3415, December 2002. 18 Presuhn, R., Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMPv2)", RFC 3416, Decemeber 2002. 19 Presuhn, R., Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport Mappings for the Simple Network Management Protocol (SNMPv2)", RFC 3417, December 2002. 20 Presuhn, R., Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)", RFC 3418, December 2002. 21 Cable Television Laboratories, ôCableHome 1.0 Specificationö, CH- SP-I02-020920, September 2002, http://www.cablelabs.com/projects/cablehome/specifications. Cardona/Luehrs/Jones Expires - July 2003 [Page 29]
Internet-Draft CableHome Gateway Security MIB January 2003 22 Drums, R., ôDynamic Host Configuration Protocolö, RFC 2131, March 1997. 23 Sollins, K., ôThe TFTP Protocol (Revision 2)ö, RFC 1350, July 1992. 8. Intellectual Property The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 9. Author's Addresses Eduardo Cardona Cable Television Laboratories 400 Centennial Parkway Louisville, CO 80027 Phone: +1 303.661.9100 Email: e.cardona@cablelabs.com Kevin Luehrs Cable Television Laboratories Louisville, CO 80027 Phone: +1 303.661.9100 Email: k.luehrs@cablelabs.com Doug Jones YAS Broadband Ventures 300 Brickstone Square Andover, MA 01810 Phone: +1 303.661.3823 Email: doug@yas.com Cardona/Luehrs/Jones Expires - July 2003 [Page 30]
Internet-Draft CableHome Gateway Security MIB January 2003 10. Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." Cardona/Luehrs/Jones Expires - July 2003 [Page 31]