This section describes the initial configuration of a SNMPv2 entity that supports the Digest Authentication Protocol or both the Digest Authentication Protocol and the Symmetric Privacy Protocol.
When a network device is first installed, its initial, secure configuration must be done manually, i.e., a person must physically visit the device and enter the initial secret values for at least its first secure SNMPv2 party. This requirement suggests that the person will have knowledge of the initial secret values.
In general, the security of a system is enhanced as the number of entities that know a secret is reduced. Requiring a person to physically visit a device every time a SNMPv2 party is configured not only exposes the secrets unnecessarily but is administratively prohibitive. In particular, when MD5 is used, the initial authentication secret is 128 bits long and when DES is used an additional 128 bits are needed - 64 bits each for the key and initialization vector. Clearly, these values will need to be recorded on a medium in order to be transported between a responsible management station and a managed agent. The recommended procedure is to configure a small set of initial SNMPv2 parties for each SNMPv2 entity, one pair of which may be used initially to configure all other SNMPv2 parties.
In fact, there is a minimal, useful set of SNMPv2 parties that could be configured between each responsible management station and managed agent. This minimal set includes one of each of the following for both the responsible management station and the managed agent:
The last of these SNMPv2 parties in both the responsible management station and the managed agent could be used to create all other SNMPv2 parties.
Configuring one pair of SNMPv2 parties to be used to configure all other parties has the advantage of exposing only one pair of secrets - the secrets used to configure the minimal, useful set identified above. To limit this exposure, the responsible management station should change these values as its first operation upon completion of the initial configuration. In this way, secrets are known only to the peers requiring knowledge of them in order to communicate.
The Management Information Base (MIB) document [4] supporting these security protocols specifies 6 initial party identities and initial values, which, by convention, are assigned to the parties and their associated parameters.
These 6 initial parties are required to exist as part of the configuration of implementations when first installed, with the exception that implementations not providing support for a privacy protocol only need the 4 initial parties for which the privacy protocol is noPriv. When installing a managed agent, these parties need to be configured with their initial secrets, etc., both in the responsible management station and in the new agent.
If the responsible management station is configured first, it can be used to generate the initial secrets and provide them to a person, on a suitable medium, for distribution to the managed agent. The following sequence of steps describes the initial configuration of a managed agent and its responsible management station.
If the managed agent does not support a protocol that protects messages from disclosure, e.g., the Symmetric Privacy Protocol (see section 5.4), then the distribution of new secrets, after the compromise of existing secrets, is not possible. In this case, the new secrets can only be distributed by a physical visit to the device.
If there are other SNMPv2 protocol entities requiring knowledge of the secrets, the responsible management station must distribute the information upon completion of the initial configuration. The considerations, mentioned above, concerning the protection of secrets from disclosure, also apply in this case.