Security Health Check
Security checks lets you to find the security vulnerabilities in the security settings and all from single page.
From Setup -> Quick Find Box -> Health Check
So the health check is classified into 3 levels
So the above tabular columns shows how the risk level is calculated based on the settings.
Below is the settings made in my org and the health check score is 69%
From Setup -> Quick Find Box -> Health Check
So the health check is classified into 3 levels
- High-Risk Security Settings
- Medium-Risk Security Settings
- Low-Risk Security Settings
Basically these settings for health check calculations is grouped into four types
- Login Access Policies
- Network Access Policies
- Password Policies
- Session Settings
SL No
|
Grouped By
|
Setting
|
Low Risk
|
Medium Risk
|
High Risk
|
1
|
Login Access Policies
|
Administrator can login as any user
|
Checkbox unchecked
|
Checkbox checked
|
N/A
|
2
|
Network Access
|
Trusted IP Ranges
|
One or more range set
|
No range set
|
N/A
|
3
|
Password Policies
|
Users password expires in
|
90 days or less
|
180 days
|
1year or never expires
|
4
|
Password Policies
|
Enforce password history
|
3 or more passwords remembered
|
1 or 2 passwords remembered
|
No passwords remembered
|
5
|
Password Policies
|
Minimum password length
|
8
|
6 or 7
|
5 or less than
|
6
|
Password Policies
|
Password complexity requirement
|
Must mix alpha, numeric, and special characters, or more complex
|
Must mix alpha and numeric characters
|
No restriction
|
7
|
Password Policies
|
Password question requirement
|
Cannot contain password
|
None
|
N/A
|
8
|
Password Policies
|
Maximum invalid login attempts
|
3
|
5
|
10 or no limit
|
9
|
Password Policies
|
Lockout effective period
|
15mins
|
30 or 60mins
|
Forever
|
10
|
Password Policies
|
Obscure secret answer for password resets
|
Checkbox checked
|
Checkbox unchecked
|
N/A
|
11
|
Password Policies
|
Require a minimum 1 day password lifetime
|
Checkbox checked
|
Checkbox unchecked
|
N/A
|
12
|
Remote Site Settings
|
Remote Site
|
No remote site created, or at least one site created with theDisable
Protocol Security option deselected.
|
N/A
|
At least one remote site created with theDisable Protocol
Security option selected.
|
13
|
Session Settings
|
Timeout Value
|
2 hours or less
|
4, 8, or 12 hours
|
N/A
|
14
|
Session Settings
|
Disable session timeout warning popup
|
Checkbox checked
|
Checkbox unchecked
|
N/A
|
15
|
Session Settings
|
Force logout on session timeout
|
Checkbox checked
|
Checkbox unchecked
|
N/A
|
16
|
Session Settings
|
Lock sessions to the IP address from which they originated (see
Note)
|
Checkbox checked
|
Checkbox unchecked
|
N/A
|
17
|
Session Settings
|
Lock sessions to the domain in which they were first used
|
Checkbox checked
|
N/A
|
Checkbox unchecked
|
18
|
Session Settings
|
Force relogin after Login-As-User
|
Checkbox checked
|
N/A
|
Checkbox unchecked
|
19
|
Session Settings
|
Enforce login IP ranges on every request
|
Checkbox checked
|
Checkbox unchecked
|
N/A
|
20
|
Session Settings
|
Enable caching and autocomplete on login page
|
Checkbox unchecked
|
Checkbox checked
|
N/A
|
21
|
Session Settings
|
Enable caching and autocomplete on login page
|
Checkbox unchecked
|
Checkbox checked
|
N/A
|
22
|
Session Settings
|
Enable the SMS method of identity confirmation
|
Checkbox checked
|
N/A
|
Checkbox unchecked
|
23
|
Session Settings
|
Enable clickjack protection for Setup pages
|
Checkbox checked
|
N/A
|
Checkbox unchecked
|
24
|
Session Settings
|
Enable clickjack protection for non-Setup Salesforce pages
|
Checkbox checked
|
N/A
|
Checkbox unchecked
|
25
|
Session Settings
|
Enable clickjack protection for customer Visualforce pages with
standard headers
|
Checkbox checked
|
N/A
|
Checkbox unchecked
|
26
|
Session Settings
|
Enable clickjack protection for customer Visualforce pages with
headers disabled
|
Checkbox checked
|
N/A
|
Checkbox unchecked
|
27
|
Session Settings
|
Enable CSRF protection on GET requests on non-setup pages
|
Checkbox checked
|
N/A
|
Checkbox unchecked
|
28
|
Session Settings
|
Enable CSRF protection on POST requests on non-setup pages
|
Checkbox checked
|
N/A
|
Checkbox unchecked
|
Below is the settings made in my org and the health check score is 69%
Configuring the settings as Salesforce suggested will lead to 100% health check score. Each changes made to the above settings will reflect the Health Check Score. Getting 100% health check score means your org is high in security settings.
Useful links:
Informative article on Salesforce technology!!! Your post helped me to understand the career prospects in cloud based CRM tool. Salesforce Training|Salesforce Training institutes in Chennai|Salesforce Course in Chennai
ReplyDeleteGreat and useful post.Keep sharing more like this.
ReplyDeleteRegards,
Salesforce Training Institutes in Chennai | Salesforce Training Chennai
Really it was an awesome article...very interesting to read..You have provided an nice article.
ReplyDeleteMat Lab Project Center in Chennai | IEEE Mat Lab Projects in Velachery