Prevent unauthorized access to systems

Cyberattacks and other forms of unauthorized access pose a constant threat to IT systems. Fortunately, many tools are available to counter these threats and shield your infrastructure.

Authenticate users and devices

Authentication is the process of verifying the identity of a user, device, or other entity before granting access to a system, application, or network.

TotalView uses a multilayer client/server architecture. Users can connect from a remote laptop to the TotalView core debugger by using the TotalView Remote Client. The TotalView Remote Client communicates over standard input/output channels, but the connection is established using SSH. This connection type ensures that the data sent between the TotalView Remote Client and the core debugger is encrypted. Further, standard SSH authentication controls include support for any two-factor authentication that is used to establish the connection. TotalView does not collect passwords or two-factor authentication codes. Any password or code input is handled directly by SSH.

The send tier of the TotalView multilayer architecture is between the TotalView core debugger and the remote TotalView debug servers. As with connections between the TotalView Remote Client to the TotalView debugger core, all connections to the TotalView debug servers are established over SSH. Any data sent between the TotalView core debugger and remote TotalView debug servers is encrypted by SSH. Authentication is controlled by SSH. TotalView does not collect any passwords, authentication codes, or keys. After the SSH connection is authenticated and established, TotalView communicates over it.

Grant access and permissions

The process of granting access rights and permissions is designed to ensure that only authorized users, user groups, devices, and other entities can access a system, application, or network.

TotalView is a user-installed application. Any restrictions on the application or network are controlled by the administrators of the system that TotalView is running on. TotalView does not manipulate or change any of the authorizations and operates within the permissions granted to the user. For example, if a user tries to access a file-based resource through TotalView but lacks permissions, TotalView is denied access.

Implement firewalls

Firewalls serve as a barrier between a trusted internal network and untrusted external networks, such as the internet.

TotalView does not have a built-in firewall functionality. However, you can implement a firewall on the system where TotalView runs.

The Reprise License Manager (RLM) and independent software vendor (ISV) server ports must be accessible to TotalView client systems. If the optional RLM web server interface is in use, its port also must be accessible. You can define these port values when you run the Perforce Configure_License server setup script. Define rules to restrict access to these ports to only the required machines or networks, based on your environment.

For more information, see Installation and Licensing or the RLM License Administration Manual (RLM_License_Administration.pdf) distributed with the Reprise License Server installation.

Implement logging

Logging can be implemented to gather operational and security data for a system, identify performance and security issues, and minimize the risk of data breaches.

By default, TotalView does not generate log data that is recorded to a file. However, TotalView displays library processing information as it loads the target programs that are part of a debugging session. This processing information does not include sensitive information from the running program or any user data.

If configured by the TotalView Support team, TotalView can generate internal debugging information that can be stored to a file. The textual information that is generated does not include internal data from the user's program. However, the logs reflect how TotalView processes information about the user's target program, such as libraries being loaded and debugging symbols being processed. You can examine and control access to the information.