Network Based Security <Video>
User authentication determines who can log in, while network-based security limits where they can log in from and when.
Use network-based security to limit the window of opportunity for an attacker by restricting the origin of user logins. Network-based security can also make it more difficult for an attacker to use stolen credentials.
To enhance network-based security, Force.com includes the ability to restrict the hours during which users can log in and the range of IP addresses from which they can log in. If IP address restrictions are defined for a user's profile and a login originates from an unknown IP address, Force.com does not allow the login. This helps to protect your data from unauthorized access and “phishing” attacks.
You can provide the IP Addresses that are permitted to prevent the “activation authentication” email requirements from PCs that have not logged into Advologix before.
To help protect your organization's data from unauthorized access, you can specify a list of IP addresses from which users can always log in without receiving a login challenge.
Navigate to Network Access
Trusted IP Range
The start and end addresses define the range of allowable IP addresses from which users can log in. If you want to allow logins from a single IP address, enter the same address in both fields. For example, to allow logins from only 184.108.40.206, enter 220.127.116.11 as both the start and end addresses.
The start and end IP addresses in an IPv4 range must include no more than 33,554,432 addresses (225, a /7 CIDR block). For example, the following ranges are valid:
0.0.0.0 to 18.104.22.168
22.214.171.124 to 126.96.36.199
188.8.131.52 to 184.108.40.206
However, ranges like 0.0.0.0 to 220.127.116.11 or 18.104.22.168 to 22.214.171.124 are too large.
The start and end IP addresses in an IPv6 range must include no more than 79,228,162,514,264,337,593,543,950,336 addresses (296, a /32 CIDR block). For example, the following range is valid: 2001:8000:: to 2001:8000:ffff:ffff:ffff:ffff:ffff:ffff. However, ranges like :: to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff or 2001:8000:: to 2001:8001:: are too large.
Security Overview User Authentication ~ Additional Information
To set the organization-wide list of trusted IP addresses from which users can always log in without a login challenge, see Force.com's Restricting Login IP Ranges for Your Organization
To restrict login hours by profile, or to restrict logins by IPaddresses for specific profiles, see Force.com's Setting Login Restrictions