May 4, 2015

Securing Your Perforce Helix Server (P4D)

IP Protection

Like they say, a chain is only as strong as its weakest link. Your versioning infrastructure is part of your application development lifecycle setup, and you will want to make sure that all security measures are in place to safeguard your precious digital assets from theft.

Perforce Helix offers several controls to fortify your intellectual property:

Network Security

Perforce communicates using standard TCP/IP protocols.  Many sites rely on traditional network security measures like firewalls and VPNs to secure the communication tunnels. If the network is unsecureor if you want an additional measure of security, enable SSL encryption for the server. If you use Perforce proxies, replicas, or brokers, employ service users and security level 4 to enforce authentication between these end points.

Authentication and Access Control

Use security level 4 to require the use of time-limited authentication tickets, enforce strong password policies, prevent the use of passwords stored in configuration files, the environment, or the Windows registry, and all service users employed for replication be authenticated. Perforce Helix  also supports native authentication with Active Directory or LDAP servers.  For implementing two-factor authentication, you can use external authentication triggers. Use IP address-specific access control rules to enforce access from only authorized locations, or to selectively grant access to users in different regions.  

Access Audit Logging

All Perforce servers should enable the access auditing feature.  This feature enables a dedicated Perforce server log, which tracks individual access to all digital assets in Perforce. 

Advanced Threat Detection

To safeguard against IP theft, consider using Perforce Helix Threat Detection, which enables security teams to identify high-risk anomalous behavior and potential threats by applying behavioral analytics on user interactions with your source code, product designs, and related assets managed in Perforce. 

IT Security

It goes without saying that in addition to applying the Perforce Helix-specific features briefly outlined above, you will always want to secure your server by ensuring only authorized staff have access to the machine, run Perforce Helix as non-privileged system account, and block all other ports except for the one used by Helix Server.

The options listed above are only some of the security features available to you; you will find several resources in Perforce Technical Documentation that delve into security features in greater details. You could also enlist the experts at Perforce Consulting to run a security audit for you. Our team is highly skilled at recommending and implementing Perforce Helix security features best suited for your environment.