Security settings

Available in Classic and VPC

NAVER Cloud Platform provides additional security settings such as two-factor authentication and authentication keys for its members' personal information protection and safe service use.

Set two-factor authentication

When logging in to NAVER Cloud Platform, you can enter your ID and password and undergo a two-factor authentication to complete the login. Two-factor authentication is not a required item, but we recommend you setting two-factor authentication, which is an extra layer of security, to protect your account information. You can configure it as follows.

1. Connect to NAVER Cloud Platform portal.
2. Click Login at the upper right of NAVER Cloud Platform portal.
3. When the Login screen appears, enter your ID and password, then click the [Log-in] button.
4. Click the My page menu at the top center and then the Manage account menu.
5. Enter the current password one more time to protect your information, then click the [OK] button.
6. On the page to manage accounts, select the [Manage Two-factor Authentication] tab menu.
7. Click the [Set with Authentication Number] button for two-factor authentication based on the authentication number, and click the [Set with OTP] button for two-factor authentication based OTP.
   • Set with authentication number: Perform two-factor authentication by entering the authentication number sent to the registered mobile phone number or email address
   • Set with OTP: Perform two-factor authentication by entering one time password together with Google OTP app
8. On the two-factor authentication setting page, set the required items and click the [OK] button.

Authentication key management

NAVER Cloud Platform allows you to control the various features of the provided services with APIs. You can register, edit, delete, and search data after entering action-specific parameters. You can also utilize them to run services and automate operation tools. These APIs are issued to each member by organizing the API authentication key, which is a user identification tool, into a pair of access key and secret key so that only users with permissions can call them. Therefore, if the API authentication key is leaked to a third party, the resources can be arbitrarily changed or searched. That might cause serious security problems.
Therefore, we recommend issuing the API authentication key from the sub account, not the main account with all the permissions, and periodically replacing it to prevent leakage. If the API authentication key is not used or is suspected to be stolen, we recommend stopping or deleting the issued authentication key for security.
You can create, stop, or delete API authentication keys to minimize security threats as follows.

1. Access NAVER Cloud Platform portal.
2. Click Login at the upper right of NAVER Cloud Platform portal.
3. When the Login screen appears, enter your ID and password, then click the [Log-in] button.
4. Click the My page menu at the top center and then the Manage account menu.
5. Enter the current password one more time to protect your information, then click the [OK] button.
6. On the page to manage accounts, click the [Manage authentication keys] tab menu.
7. Click Create [new API authentication keys] button to issue an API authentication key.
8. Click the [View] button of the Secret Key to check the issued authentication key.
9. Click the [Disable] button in the management menu to disable the issued authentication key.
10. Click [Enable] button in the management menu to use the disabled authentication key again, and then click [Delete] button to delete it.

Set API access restrictions for the main account

Make it available only from specific IP bands to prevent access to the API Gateway from unauthorized locations.
The following describes how to configure API available only to specific IP bands.

1. Log in to NAVER Cloud Platform portal.
2. Go to My page > Manage account > Manage authentication menus.
3. In the [IP band] field of the API access restrictions menu, enter the IP band you want to specify.
   However, the 0.0.0.0-32 bands are not allowed for security reasons.
4. Click the [Save] button.

CIDR notation

IP Address indicates the IP bands to allow access in the format 192.168.0.1-192.168.0.255. NAVER Cloud Platform also supports input using CIDR (Classless Inter-Domain Routing) notation, which is commonly used in network management.

CIDR is a way of noting a range of contiguous IP addresses. CIDR notation can be expressed by separating IP addresses into Net IDs (Network IDs) and Host IDs, and grouping IP bands (Host ID categories) that fall under a Net ID. This is referred to as Address Aggregation / Supernetting.

Commonly used IP addresses consist of four octets.

CIDR notation consists of an IP band as an IP address of four octets, followed by a forward slash (/) and a range value. The range value can be between to 0~32, or 32 bits. In CIDR notation, this can be understood as meaning that any number of bits can follow the indicated range value. Therefore, the IP band is calculated as the range from the 4 octet value represented by the IP address to the number of bits that can come after the range value. At this time, the 4 octet value of the IP address~ counts the number of bits equal to the range value as a fixed region, the Net ID, and the remaining bits as available Host ID band.

The number of IP addresses in Host by range value is shown in the table below.