Duplicate Engine IDs

What is an SNMP Engine ID?

The SNMP Engine ID is a unique identification for every SNMP agent in your network. At the factory, SNMPv3 devices should be programmed to generate a unique SNMP Engine ID value that may be customized by the network administrator. Some SNMPv3 devices may be initialized at the factory with a fixed, non-unique SNMP Engine ID value, and this MUST be changed to a unique value by the network administrator.

Why is an SNMP Engine ID important?

The SNMP Engine ID is an important part of SNMPv3 security. The SNMP Engine ID value is included in the mathmatical computation that transforms an SNMPv3 user's pass phrase into a localized key. Because the SNMP Engine ID is unique on every device in the network, the localized keys are unique on every device in network. Thus, if an attacker is able to figure out the keys on one device and take over its functions, the other devices in the network are still secure.                                                                                 

What if the SNMP Engine IDs are not unique?

If the SNMP Engine ID is the same on two or more devices in your network, then the same set of keys can be used to access all of those devices with SNMPv3. An attacker might successfully discover the keys of one device by a variety of methods including brute force attack. That is a lot of work for just one device, but if successful, now the attacker also has control of all of the other devices that share the same SNMP Engine ID and user name. Having the same SNMP Engine ID on multiple devices is a serious vulnerability!

Read the Report and Take Action!

SNMP Security Analyzer finds the devices in your network that have the same SNMP Engine ID value. At the earliest opportunity, you should reconfigure all of the devices identified in this report. By changing the SNMP Engine ID in each device to a unique value, you remove the vulnerability before it is exploited by an attacker.


Next Topic: Clock Rollback