Network Based Security

User authentication determines who can log in, while network-based security limits where they can log in from and when.  Use network-based security to limit the window of opportunity for an attacker by restricting the origin of user logins. Network-based security can also make it more difficult for an attacker to use stolen credentials.

To enhance network-based security, Force.com includes the ability to restrict the hours during which users can log in and the range of IP addresses from which they can log in. If IP address restrictions are defined for a user's profile and a login originates from an unknown IP address, Force.com does not allow the login. This helps to protect your data from unauthorized access and “phishing” attacks.

You can provide the IP Addresses that are permitted to prevent the “activation authentication” email requirements from PCs that have not logged into Advologix before.  To help protect your organization's data from unauthorized access, you can specify a list of IP addresses from which users can always log in without receiving a login challenge.

Network Access

Network Access

Navigate to Setup | Administration Setup | Security Controls | Network Access

View the list of designated IP ranges or click the New button to designate a list of IP ranges.

Trusted IP Range

Trusted IP Range

The start and end addresses define the range of allowable IP addresses from which users can log in. If you want to allow logins from a single IP address, enter the same address in both fields. For example, to allow logins from only 125.12.3.0, enter 125.12.3.0 as both the start and end addresses.

The start and end IP addresses in an IPv4 range must include no more than 33,554,432 addresses (225, a /7 CIDR block). For example, the following ranges are valid:

0.0.0.0 to 1.255.255.255

132.0.0.0 to 132.255.255.255

132.0.0.0 to 133.255.255.255

However, ranges like 0.0.0.0 to 2.255.255.255 or 132.0.0.0 to 134.0.0.0 are too large.

The start and end IP addresses in an IPv6 range must include no more than 79,228,162,514,264,337,593,543,950,336 addresses (296, a /32 CIDR block). For example, the following range is valid: 2001:8000:: to 2001:8000:ffff:ffff:ffff:ffff:ffff:ffff. However, ranges like :: to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff or 2001:8000:: to 2001:8001:: are too large.