User authentication determines who can log in, while network-based security limits where they can log in from and when. Use network-based security to limit the window of opportunity for an attacker by restricting the origin of user logins. Network-based security can also make it more difficult for an attacker to use stolen credentials.
To enhance network-based security, Force.com includes the ability to restrict the hours during which users can log in and the range of IP addresses from which they can log in. If IP address restrictions are defined for a user's profile and a login originates from an unknown IP address, Force.com does not allow the login. This helps to protect your data from unauthorized access and “phishing” attacks.
You can provide the IP Addresses that are permitted to prevent the “activation authentication” email requirements from PCs that have not logged into Advologix before. To help protect your organization's data from unauthorized access, you can specify a list of IP addresses from which users can always log in without receiving a login challenge.
Navigate to Setup | Administration Setup | Security Controls | Network Access
View the list of designated IP ranges or click the New button to designate a list of IP ranges.
Trusted IP Range
The start and end addresses define the range of allowable IP addresses from which users can log in. If you want to allow logins from a single IP address, enter the same address in both fields. For example, to allow logins from only 126.96.36.199, enter 188.8.131.52 as both the start and end addresses.
The start and end IP addresses in an IPv4 range must include no more than 33,554,432 addresses (225, a /7 CIDR block). For example, the following ranges are valid:
0.0.0.0 to 184.108.40.206
220.127.116.11 to 18.104.22.168
22.214.171.124 to 126.96.36.199
However, ranges like 0.0.0.0 to 188.8.131.52 or 184.108.40.206 to 220.127.116.11 are too large.
The start and end IP addresses in an IPv6 range must include no more than 79,228,162,514,264,337,593,543,950,336 addresses (296, a /32 CIDR block). For example, the following range is valid: 2001:8000:: to 2001:8000:ffff:ffff:ffff:ffff:ffff:ffff. However, ranges like :: to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff or 2001:8000:: to 2001:8001:: are too large.
Add your comment