Network Based Security
User authentication determines who can log in, while network-based security limits where they can log in from and when. Use network-based security to limit the window of opportunity for an attacker by restricting the origin of user logins. Network-based security can also make it more difficult for an attacker to use stolen credentials.
To enhance network-based security, Force.com includes the ability to restrict the hours during which users can log in and the range of IP addresses from which they can log in. If IP address restrictions are defined for a user's profile and a login originates from an unknown IP address, Force.com does not allow the login. This helps to protect your data from unauthorized access and “phishing” attacks.
You can provide the IP Addresses that are permitted to prevent the “activation authentication” email requirements from PCs that have not logged into Advologix before. To help protect your organization's data from unauthorized access, you can specify a list of IP addresses from which users can always log in without receiving a login challenge.
Navigate to Setup | Administration Setup | Security Controls | Network Access
View the list of designated IP ranges or click the New button to designate a list of IP ranges.
Trusted IP Range
The start and end addresses define the range of allowable IP addresses from which users can log in. If you want to allow logins from a single IP address, enter the same address in both fields. For example, to allow logins from only 22.214.171.124, enter 126.96.36.199 as both the start and end addresses.
The start and end IP addresses in an IPv4 range must include no more than 33,554,432 addresses (225, a /7 CIDR block). For example, the following ranges are valid:
0.0.0.0 to 188.8.131.52
184.108.40.206 to 220.127.116.11
18.104.22.168 to 22.214.171.124
However, ranges like 0.0.0.0 to 126.96.36.199 or 188.8.131.52 to 184.108.40.206 are too large.
The start and end IP addresses in an IPv6 range must include no more than 79,228,162,514,264,337,593,543,950,336 addresses (296, a /32 CIDR block). For example, the following range is valid: 2001:8000:: to 2001:8000:ffff:ffff:ffff:ffff:ffff:ffff. However, ranges like :: to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff or 2001:8000:: to 2001:8001:: are too large.