salesforce_security_impl_guide
salesforce_security_impl_guide
salesforce_security_impl_guide
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Security Overview<br />
CAPTCHA Security for Data Exports<br />
To enhance network-based <strong>security</strong>, Salesforce includes the ability to restrict the hours during which users can log in and the range of<br />
IP addresses from which they can log in. If IP address restrictions are defined for a user's profile and a login originates from an unknown<br />
IP address, Salesforce does not allow the login. This helps to protect your data from unauthorized access and “phishing” attacks.<br />
To set the organization-wide list of trusted IP addresses from which users can always log in without a login challenge, see Restricting<br />
Login To Trusted IP Ranges for Your Organization on page 81. To restrict login hours by profile, or to restrict logins by IP addresses for<br />
specific profiles, see Setting Login Restrictions on page 40.<br />
CAPTCHA Security for Data Exports<br />
By request, <strong>salesforce</strong>.com can also require users to pass a user verification test to export data from Salesforce. This s<strong>impl</strong>e, text-entry<br />
test helps prevent malicious programs from accessing your organization’s data, as well as reducing the risk of automated attacks. CAPTCHA<br />
is a type of network-based <strong>security</strong>. To pass the test, users must type two words displayed on an overlay into the overlay’s text box field,<br />
and click a Submit button. Salesforce uses CAPTCHA technology provided by reCaptcha to verify that a person, as opposed to an<br />
automated program, has correctly entered the text into the overlay. CAPTCHA stands for “Completely Automated Public Turing test to<br />
tell Computers and Humans Apart.”<br />
Session Security<br />
After logging in, a user establishes a session with the platform. Use session <strong>security</strong> to limit exposure to your network when a user leaves<br />
their computer unattended while still logged on. It also limits the risk of internal attacks, such as when one employee tries to use another<br />
employee’s session.<br />
You can control the session expiration time window for user logins. Session expiration allows you to select a timeout for user sessions.<br />
The default session timeout is two hours of inactivity. When the session timeout is reached, users are prompted with a dialog that allows<br />
them to log out or continue working. If they do not respond to this prompt, they are automatically logged out.<br />
Note: When a user closes a browser window or tab they are not automatically logged off from their Salesforce session. Please<br />
ensure that your users are aware of this, and that they end all sessions properly by clicking Your Name > Logout.<br />
By default, Salesforce uses SSL (Secure Sockets Layer) and requires secure connections (HTTPS) for all communication. The Require<br />
secure connections (HTTPS) setting determines whether SSL (HTTPS) is required for access to Salesforce, apart from<br />
Force.com sites, which can still be accessed using HTTP. If you ask <strong>salesforce</strong>.com to disable this setting and change the URL from<br />
https:// to http:// , you can still access the application. However, you should require all sessions to use SSL for added <strong>security</strong>.<br />
See Setting Session Security on page 83.<br />
You can restrict access to certain types of resources based on the level of <strong>security</strong> associated with the authentication (login) method for<br />
the user’s current session. By default, each login method has one of two <strong>security</strong> levels: Standard or High Assurance. You can change<br />
the session <strong>security</strong> level and define policies so specified resources are only available to users with a High Assurance level. For details,<br />
see Session-level Security on page 85.<br />
Securing Data Access<br />
Choosing the data set that each user or group of users can see is one of the key decisions that affects<br />
data <strong>security</strong>. You need to find a balance between limiting access to data, thereby limiting risk of<br />
stolen or misused data, versus the convenience of data access for your users.<br />
Note:<br />
Who Sees What: Overview<br />
Watch a demo on controlling access to and visibility of your data.<br />
EDITIONS<br />
The available data<br />
management options vary<br />
according to which<br />
Salesforce Edition you have.<br />
7