Network Based Security <Video>

User authentication determines who can log in, while network-based security limits where they can log in from and when.

Use network-based security to limit the window of opportunity for an attacker by restricting the origin of user logins. Network-based security can also make it more difficult for an attacker to use stolen credentials.

To enhance network-based security, Force.com includes the ability to restrict the hours during which users can log in and the range of IP addresses from which they can log in. If IP address restrictions are defined for a user's profile and a login originates from an unknown IP address, Force.com does not allow the login. This helps to protect your data from unauthorized access and “phishing” attacks.

You can provide the IP Addresses that are permitted to prevent the “activation authentication” email requirements from PCs that have not logged into Advologix before.

To help protect your organization's data from unauthorized access, you can specify a list of IP addresses from which users can always log in without receiving a login challenge.

Navigate to Setup

Click Your Name

Select Setup

Navigate to Network Access

Under Administration Setup

Choose Security Controls

Select Network Access

Network Access

Network Access

View the list of designated IP ranges

~ OR ~

Click NEW button to designate a list of IP ranges

Trusted IP Range

Trusted IP Range

The start and end addresses define the range of allowable IP addresses from which users can log in. If you want to allow logins from a single IP address, enter the same address in both fields. For example, to allow logins from only 125.12.3.0, enter 125.12.3.0 as both the start and end addresses.

The start and end IP addresses in an IPv4 range must include no more than 33,554,432 addresses (225, a /7 CIDR block). For example, the following ranges are valid:

0.0.0.0 to 1.255.255.255

132.0.0.0 to 132.255.255.255

132.0.0.0 to 133.255.255.255

However, ranges like 0.0.0.0 to 2.255.255.255 or 132.0.0.0 to 134.0.0.0 are too large.

The start and end IP addresses in an IPv6 range must include no more than 79,228,162,514,264,337,593,543,950,336 addresses (296, a /32 CIDR block). For example, the following range is valid: 2001:8000:: to 2001:8000:ffff:ffff:ffff:ffff:ffff:ffff. However, ranges like :: to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff or 2001:8000:: to 2001:8001:: are too large.

Force.com Additional details

Force.com Additional details

Security Overview User Authentication ~ Additional Information

To set the organization-wide list of trusted IP addresses from which users can always log in without a login challenge, see Force.com's Restricting Login IP Ranges for Your Organization

To restrict login hours by profile, or to restrict logins by IPaddresses for specific profiles, see Force.com's Setting Login Restrictions

Lesson Video ~ Network - Based Security