Security Considerations

The Cisco Provider Connectivity Assurance Sensor Control authentication mechanism prevents anybody from getting access without a secret (account credentials, session ID or API key) shared between the client (anyone requesting the PVLQ API, including the related sensor: control graphical interface) and the server.

However, the current authentication mechanism needs this secret to be embedded in clear-text in every authentication-needing request, and the uniqueness of each request is not verified.

This means that, if the communications between the client and the server are not properly encrypted, any eavesdropper can acquire this secret, forge valid requests and exploit the privileges it grants.

This is why Sensor Control's server forces the use of TLS (aka SSL).

To ensure optimal security, company-specific TLS certificates should be deployed on the server and used by the client to ensure the communications are encrypted and the server identity is verified.

At your own risk, on a testing installation, you could circumvent certificate verification. However, it is mostly system or tool dependent.

For example, with curl, this is done with the --insecure option:

curl --insecure 'https://<SERVER>/api/...'

And with Invoke-WebRequest, this is done with the -SkipCertificateCheck option:

Invoke-WebRequest -SkipCertificateCheck 'https://<SERVER>/api/...'