Securing Netsparker Cloud by Restricting IP Addresses

IP Address Restrictions is a feature that allows organizations to restrict from which IP Addresses users can access the Netsparker Cloud dashboard, which enhances the security of the solution. This feature is also included in the on-premises edition of the solution. Once it is enabled, anyone trying to log in to Netsparker Cloud from an IP Address not in the Trusted IP Addresses list will be denied access.

This IP Address restriction feature is disabled by default. This document explains how to enable and configure IP Address Restrictions.

IP Restrictions Configuration

Only account administrators can enable or disable IP restrictions in Netsparker Cloud.

How To Enable IP Restrictions
  1. From the Your Account menu, select IP Restrictions. The IP Address Restrictions window is displayed.
  2. Check the Enable IP Restrictions checkbox.

Check the Enable IP Restrictions checkbox.

Only one IP address should be added at a time. Ranges or wildcards are not supported.

  1. Click New. A new row is displayed.

Your IP address is shown at the sidebar. We highly recommend adding it in first, in order to avoid getting locked out.

Click New. A new row is displayed.

  1. In the Description field, enter a description for your restriction, such as Home IP Address, Office IP Address etc.
  2. In the IP Address field, enter the full IP address.
  3. Click Save.
  4. If your IP Address is not listed in the table, a warning dialog is displayed.

If your IP Address is not listed in the table, a warning dialog is displayed.

How To Delete a Trusted IP Address
  1. From the Your Account menu, select IP Restrictions.
  2. Next to the relevant IP Address, click x.

What Happens When Users Try to Login from a non Trusted IP Address?

When a user tries to login from an unlisted IP Address, the user will be redirected to the SIGN IN window, displaying an error message: ‘Your IP address is not allowed (Current IP Address: #address). Please contact your Account Administrator #admin-name (#admin-email)’.

What Happens When Users Try to Login from a non Trusted IP Address



*** This is a Security Bloggers Network syndicated blog from Netsparker, Web Application Security Scanner authored by Netsparker Security Team. Read the original post at: http://feedproxy.google.com/~r/netsparker/~3/TSCEwt2bPkA/