Set up the Artifactory repository authentication

To secure Artifactory repositories follow the steps below

  1. Log into Artifactory as an administrator
  2. On the left select Admin

Add users

  1. In the Security menu select Users
  2. In the upper right select New

  3. Create users for admin, writer, and reader (REPOSITORY-NAME_admin, REPOSITORY-NAME_writer, REPOSITORY-NAME_reader)

Create security groups and add the new users to the groups

  1. In the Admin menu select Security and Groups
  2. On the Group Management page select New
  3. Create groups for admins, writers, and readers (REPOSITORY-NAME_admins, REPOSITORY-NAME_writers, REPOSITORY-NAME_readers)
    1. In the Users section add the appropriate user to the group

Create permissions and add the security groups to the permissions

  1. In the Security menu select Permissions
  2. In the upper right corner select New
  3. Create permissions to administer, write, and read (REPOSITORY-NAME_administer, REPOSITORY-NAME_write, REPOSITORY-NAME_read)
    1. Select the repository, click the green arrow to add the repository to the Selected Repositories list, and click Next
    2. Click the arrow next to the name of the group to add it to the list of groups
    3. Select the appropriate check boxes
      1. For writers select Delete/Overwrite, Deploy/Cache, Annotate, and Read
    4. Click the Save & Finish button.

To allow anonymous read access to the repository

To allow anyone to read the repository without authentication, add the anonymous user to the REPOSITORY-NAME_readers security group with Read permission.

Secure passwords in TeamCity

When a TeamCity build step needs to use a password, there is a secure way to store it.

  1. In the TeamCity web interface navigate to the project,
  2. On the project page open the Parameters page,
  3. Click the Add new parameter button,
  4. Enter the name of the parameter, the password value, and click the Edit button to set the special settings,
  5. Set the Display to Hidden, and the Type to Password to hide the value from the user interface. Click the Save button on this window and the on the parent window to save the parameter.
  6. To use the parameter in a build step, surround it with % signs.

How to secure Jenkins

When you install Jenkins, the default settings allow anyone to sign up and administer it. There are many ways to secure Jenkins, the simplest is to disable the user sign up and require login to administer the server.

  1. Click sign up in the upper right corner and create an account for yourself
  2. On the Jenkins Dashboard select Manage Jenkins
  3. On the Manage Jenkins page select Configure Global Security
  4. Make sure the circled items are set according to the picture below.

How to configure the domain password expiration policy in the Microsoft Active Directory

The Microsoft Active Directory is a great system to manage the security of servers and workstations. One of the fundamental security tools is the password expiration policy.

To set the password expiration policy in an Active Directory domain follow the steps below

  • Remote desktop into the domain controller
  • Start the Active Directory Users and Computers snap in
  • Right click the root domain name and select Properties
  • Select the Group Policy tab
  • In the middle select the Default Domain Policy Group Policy Object Link
  • Click the Edit button
  • On the left side expand Computer Configuration > Windows Settings > Security Settings > Account Policies
  • Select the Password Policy and Account Lockout Policy keys to set the desired values

active directory password policy

 

Warning!

All new and existing user accounts will inherit these settings, and the password of existing user accounts will immediately expire where the “Password never expires” option is not set.