IDS-2 MODULE

REFERENCIAS:
http://www.cisco.com/en/US/docs/security/ips/7.0/installation/guide/hw_troublesh
ooting.html#wpmkr1315148
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
Supported MIBs
CISCO-CIDS-MIB
Description:
"Cisco Intrusion Detection System MIB.
Provides trap definitions for the evAlert and evError
elements of the IDIOM (Intrusion Detection and
Operations Messages) document and read support
for the Intrusion Detection System (sensor)
health information, such as if the sensor is
in a memory critical stage."
CISCO-PROCESS-MIB
Description:
"The MIB module to describe active system processes.
Virtual Machine refers to those OS which can run the
code or process of a different executional model OS.
Virtual Process assume the executional model
of a OS which is different from Native OS. Virtual
Processes are also referred as Tasks.
Thread is a sequence of instructions to be executed
within a program. Thread which adhere to POSIX standard
is referred as a POSIX thread."
CISCO-ENHANCED-MEMPOOL-MIB
Description:
"New MIB module for monitoring the memory pools
of all physical entities on a managed system."
CISCO-ENTITY-ALARM-MIB
Description:
"This MIB module defines the managed objects that support the
monitoring of alarms generated by physical entities contained
by the system, including chassis, slots, modules, ports, power
supplies, and fans. In order to monitor alarms generated by a
physical entity, it must be represented by a row in the
entPhysicalTable (see ENTITY-MIB)."

SSL MODULE:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ssl/2.1/rele
ase/notes/OL_5277.html
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en

CISCO-SSL-PROXY-MIB (All objects are read-only)

DESCRIPTION:
"This MIB module is for managing a Secure Socket Layer
(SSL) Proxy device which terminates and accelarates
SSL and Transport Layer Security (TLS) transactions.
The proxy device can act as a SSL server or a SSL client
depending on the configuration and the application.
In one application, the device acts as a proxy SSL
server. It terminates SSL handshakes and TCP connections
initiated by SSL clients. The device is configured with
a key and a certificate bearing the identity of the SSL
server. The device uses this identity to establish the
SSL session on behalf of the server, offloading the key
establishment and data encryption and decryption work.
After the SSL session has been successfully established
between the client and the proxy device, the device
starts to receive and decrypt the encrypted data sent
from the client and forward to the server. The device
forwards the clear data to the server on a backend
connection. Clear data sent from the server is encrypted
by the proxy device before it is forwarded to the SSL
client.
Optionally, the proxy device is configured to reencrypt
the decrypted data sent from the client to the server.
The proxy device acts as a SSL client to initiate a SSL
session to the server. The decrypted data is encrypted
within this SSL session to be forwarded to the server.
The encrypted data sent from the server to the device
is decrypted and then reencrypted before it is
forwarded to the client.
In another application, the proxy device forwards data
generated by one or more sources to the destination
via a SSL session. The proxy device acts as a SSL
client and intiates a SSL session to the next hop
device. When data is received from the source, the
proxy device forwards the data to the next hop using
the SSL session. The next hop can continue to forward
the data if it is not the destination.
The proxy device supports a number of proxy services.
Each proxy service defines the role of the proxy device,
whether it acts as a SSL server or a SSL client. The
rest of the configuration include cryptographic and
protocol parameters.
This MIB is used for monitoring the configuration,
statuses and statistics of the proxy services and
the protocols including TCP, SSL and TLS."
cspGlobalConfigGroup
A collection of global configuration objects.
cspProxyServiceConfigGroup
"A collection of configuration objects for a proxy
service."
cspProxyServiceNotificationGroup
"A collection of notifications for signaling important
proxy service events."
cspSslGroup
A collection of SSL handshake protocol statistics.
cspSsl3Group
A collection of SSL 3.0 protocol statistics.
cspTls1Group
A collection of TLS 1.0 protocol statistics.
cspSslErrorGroup
A collection of SSL protocol error counters.
cspCpuStatusGroup
"A collection of statuses and usage information about
each CPU on the SSL proxy device."
CISCO-SSL-PROXY-CAPABILITY
Agent capabilities for the CISCO-SSL-PROXY-MIB
FIREWALL MODULE
ftp://ftp.cisco.com/pub/mibs/supportlists/fwsm/fwsm-supportlist.html

CISCO-CRYPTO-ACCELERATOR-MIB
"The MIB module for monitoring the identity, status,
activity and faults of crypto accelerator (CA) modules
used in devices implementing security services.
The purpose of this MIB is to facilitate the following:
1) facilitate the discovery of hardware crypto
accelerator modules installed in a security device
2) monitor the activity, faults and performance of
hardware crypto accelerators and help the Network
Management Station (NMS) correlate the performance
of the CA modules with that of the security services
(IPsec, SSL, SSH, PKI etc) using the modules.
CISCO-ENTITY-FRU-CONTROL-MIB
"The CISCO-ENTITY-FRU-CONTROL-MIB is used to monitor
and configure operational status of
Field Replaceable Units (FRUs) and other managable
physical entities of the system listed in the
Entity-MIB (RFC 2737) entPhysicalTable.
FRUs include assemblies such as power supplies, fans,
processor modules, interface modules, etc."
CISCO-FIREWALL-MIB
MIB module for monitoring Cisco Firewalls.
CISCO-IPSEC-FLOW-MONITOR-MIB
"This is a MIB Module for monitoring the
structures in IPSec-based Virtual Private Networks.
The MIB has been designed to be adopted as an IETF
standard. Hence Cisco-specific features of IPSec
protocol are excluded from this MIB.
Acronyms
The following acronyms are used in this document:
IPSec: Secure IP Protocol
VPN: Virtual Private Network
ISAKMP: Internet Security Association and Key Exchange
Protocol
IKE: Internet Key Exchange Protocol
SA: Security Association
MM: Main Mode - the process of setting up
a Phase 1 SA to secure the exchanges
required to setup Phase 2 SAs
QM: Quick Mode - the process of setting up
Phase 2 Security Associations using
a Phase 1 SA.

Overview of IPsec MIB

The MIB contains six major groups of objects which are
used to manage the IPSec Protocol. These groups include
a Levels Group, a Phase-1 Group, a Phase-2 Group,
a History Group, a Failure Group and a TRAP Control Group.
The following table illustrates the structure of the
IPSec MIB.
The Phase 1 group models objects pertaining to
IKE negotiations and tunnels.
The Phase 2 group models objects pertaining to
IPSec data tunnels.
The History group is to aid applications that do
trending analysis.
The Failure group is to enable an operator to
do troubleshooting and debugging of the VPN Router.
Further, counters are supported to aid Intrusion
Detection.
In addition to the five major MIB Groups, there are
a number of Notifications. The following table
illustrates the name and description of the
IPSec TRAPs.
For a detailed discussion, please refer to the IETF
draft draft-ietf-ipsec-flow-monitoring-mib-00.txt."

CISCO-L4L7MODULE-RESOURCE-LIMIT-MIB
"The MIB module for managing resource classes
and configuring limits(max/min) to different
resources. The resource referenced in this MIB
are in addition to resource information availale
in other MIBs. This MIB is applicable to
L4-L7 modules which supports managing
resource limits using a centralized approach.
The resources (but not limited to) configured are
of following categories:
- TCP/IP Connections
- MAC Addresses
- syslog buffer, ACL Memmory
- NAT Translations etc
ciscoL4L7ResourceClassTable is used for adding/deleting
resource classes. Resource class is identified
by a name to which limits of multiple resources can
be configured.
ciscoL4L7ResourceLimitTable is used for adding/deleting
limits to resources in a resource class. This limit
is either maximum value and/or minimum value.
ciscoL4L7ResourceRateLimitTable is used for adding/deleting
rate limits to resources in a resource class.
Terminologies used:
ARP - Address Resolution Protocol.
ACL - Access Control List.
NAT - Network Address Translation.
NBAR - Network Based Application Recognition.
BPDU - Bridge Protocol Data Unit."
CISCO-MEMORY-POOL-MIB
MIB module for monitoring memory pools
CISCO-NAT-EXT-MIB
"The total number of address translation entries that
are currently available in the NAT device. This indicates
the aggregate of the translation entries created from
both the static and dynamic address translation
mechanisms.
CISCO-PROCESS-MIB
"The MIB module to describe active system processes.
Virtual Machine refers to those OS which can run the
code or process of a different executional model OS.
Virtual Process assume the executional model
of a OS which is different from Native OS. Virtual
Processes are also referred as Tasks.
Thread is a sequence of instructions to be executed
within a program. Thread which adhere to POSIX standard
is referred as a POSIX thread."
CISCO-REMOTE-ACCESS-MONITOR-MIB
Acronyms and Definitions
The following acronyms and terms are used in this
document:
IPSec: Secure IP Protocol
VPN: Virtual Private Network
RAS: Remote Access Service
ISP: Internet Service Provider.
LAN: Local Area Network
Group: A collection of remote access users grouped
and managed together as a single entity for
administrative convenience.
Session: A Remote Access Session.

Overview of the MIB

This is a MIB Module for monitoring the structures in Virtual
Private Networks based remote access networks. The MIB seeks
to create a common model of Remote Access across implementations
of the service on layer 2 (PPTP, L2TP, L2F), layer 3 (IPsec) and
layer 4 (SSL) virtual private networks. The MIB defines counters
and objects of interest to performance/fault monitoring in a
way which is independent of the technology of the remote access
implementation.
MIB contains eight major groups of objects which are used
to manage Remote Access connections:
a) Remote Access capacity group
This section defines metrics to gauge the limits of
resources on this device which are critical to RAS
service.
b) Remote Access resource usage group
This section defines metrics to gauge the usage of
resources on this device which are critical to RAS
service service.
c) Current activity and performance of RAS service
This section defines metrics to gauge the current
remote access activity.
d) Remote Access Service failures
This section defines metrics to monitor session
failures and failures of the service itself, measured
at aggregate level, session level and group level.
e) Security violations in the Remote Access service
This section defines metrics which reflect the state
of remote access service of interest to Security
Operations staff in an enterprise.
f) Threshold group (allows definition of high water marks)
This section allows the management entity to define
thresholds to set high water marks on critical metrics.
g) Notifications
This section defines notifications to signal
significant events pertaining to the Remote Access
Service.
"
CISCO-SYSLOG-MIB
"The MIB module to describe and store the system
messages generated by the IOS and any other
OS which supports syslogs."
CISCO-UNIFIED-FIREWALL-MIB
"This notification is generated when the firewall
elects a new primary URL filtering server from
the existing set of configured servers.
Such a change could occur either as a result of
the current primary server becoming unavailable or
as a result of explicit management action in
nominating a filtering server the primary server.
The notification is issued just before the change
occurs. Consequently, the varbinds identify the
attributes corresponding to the old primary server.
This notification is issued if and only if the
object 'cufwCntlUrlfServerStatusChange' has been
set to 'true'.

ENTITY-MIB
"The MIB module for representing multiple logical
entities supported by a single SNMP agent.
Copyright (C) The Internet Society (2005). This
version of this MIB module is part of RFC 4133; see
the RFC itself for full legal notices."
IF-MIB
"The number of network interfaces (regardless of their
current state) present on this system."
NAT-MIB
"A unique id that is assigned to each session by
a NAT enabled device."
RFC1213-MIB
"Total information about the module hardware and software"
SNMPv2-MIB
"The MIB module for SNMP entities."
TCP-MIB
"Total innformation regarding TCP Connections"

UDP-MIB
"Total innformation regarding TCP Connections"

CISCO-IP-PROTOCOL-FILTER-MIB
"The MIB module is for management of information
to support packet filtering on IP protocols.
The cippfIpProfileTable allows users to create
delete, and get information about filter profiles.
Filter profiles are uniquely identified by the
profile names. Filter profiles can either be of
Simple or Extended usage types, and the usage type
cannot be changed once it has been created.
The cippfIfIpProfileTable applies the filtering
profiles to device interfaces running IP. A filter
profile can be applied to multiple interfaces.
The cippfIpFilterTable contains ordered lists of
IP filters for all the filtering profiles.
Filters and profiles are related if they are of
the same filter profile name. Filters can only
be created if their associated filter profiles
already exist in the cippfIpProfileTable.
Filters of the same profile name belongs to a
common profile.
The cippfIfIpProfileTable can be configured with
information independent from the other. However,
if the name of a profile in the cippfIfIpProfileTable
matches that of any profile in the
cippfIpProfileTable and the profile name of any
filter entry in the cippfIpFilterTable, the profile
is 'active' and the filter entry is being applied
to IP traffic passing through the attached device
interfaces. Therefore, any change to the filters
in the cippfIpFilterTable or the profile itself in
the cippfIpProfileTable will affect all the
attached interfaces."
IP-MIB
"Total innformation regarding IP Connections source & destination"
IP-FORWARD-MIB
"The MIB module for the management of CIDR multipath IP
Routes"
CISCO-IPSEC-FLOW-MONITOR-MIB
"This is a MIB Module for monitoring the
structures in IPSec-based Virtual Private Networks.
The MIB has been designed to be adopted as an IETF
standard. Hence Cisco-specific features of IPSec
protocol are excluded from this MIB.
Acronyms
The following acronyms are used in this document:
IPSec: Secure IP Protocol
VPN: Virtual Private Network
ISAKMP: Internet Security Association and Key Exchange
Protocol
IKE: Internet Key Exchange Protocol
SA: Security Association
MM: Main Mode - the process of setting up
a Phase 1 SA to secure the exchanges
required to setup Phase 2 SAs
QM: Quick Mode - the process of setting up
Phase 2 Security Associations using
a Phase 1 SA.

Overview of IPsec MIB

The MIB contains six major groups of objects which are
used to manage the IPSec Protocol. These groups include
a Levels Group, a Phase-1 Group, a Phase-2 Group,
a History Group, a Failure Group and a TRAP Control Group.
The following table illustrates the structure of the
IPSec MIB.
The Phase 1 group models objects pertaining to
IKE negotiations and tunnels.
The Phase 2 group models objects pertaining to
IPSec data tunnels.
The History group is to aid applications that do
trending analysis.
The Failure group is to enable an operator to
do troubleshooting and debugging of the VPN Router.
Further, counters are supported to aid Intrusion
Detection.
In addition to the five major MIB Groups, there are
a number of Notifications. The following table
illustrates the name and description of the
IPSec TRAPs.
For a detailed discussion, please refer to the IETF
draft draft-ietf-ipsec-flow-monitoring-mib-00.txt."

CISCO-GENERAL-TRAPS
A reload trap signifies that the sending
protocol entity is reinitializing itself such
that the agent s configuration or the protocol
entity implementation may be altered.
CISCO-ENTITY-REDUNDANCY-MIB
This management information module supports
configuration, control and monitoring of redundancy
protection for various kinds of components on
Cisco managed devices.
It is meant to be generic enough to handle basic
redundancy control and monitoring for many types of
redundant member components and redundancy architectures
as long as there is an Entity MIB entPhysicalIndex and
entPhysicalVendorType assigned to each member component.
It is designed so that the tables can be augmented in
other extension MIBS which build upon this MIB by
adding additional objects that may be specific to a
particular type of redundancy or member component.
This MIB can also be used in cases where some types of
redundancy groups and members don't require explicit
user configuration. One example may be redundant fan
assemblies. In those cases, the managed system should
internally assign group and member indexes, so that
it can provide read-only access to the group and member
tables. This allows MIB monitoring for these types of
redundant entities.
CISCO-ENTITY-ALARM-MIB
"This MIB module defines the managed objects that support the
monitoring of alarms generated by physical entities contained
by the system, including chassis, slots, modules, ports, power
supplies, and fans. In order to monitor alarms generated by a
physical entity, it must be represented by a row in the
entPhysicalTable (see ENTITY-MIB)."

ENTITY-MIB
"The MIB module for representing multiple logical
entities supported by a single SNMP agent.
Copyright (C) The Internet Society (2005). This
version of this MIB module is part of RFC 4133; see
the RFC itself for full legal notices."