This is something like a firewall for the IIS. If the system is used as an intranet, specific IP addresses can come through. You can use masking to ensure that all the IP addresses inside your system get through. This is very useful, though, because most people signing onto the Internet from outside your system are assigned a temporary IP address. Therefore, you can lock out only users from a specific Internet access provider (IAP), not specific users. For example, you can prevent another company from signing onto your system, but an individual from that company can still sign in with a different IAP.