Here are some key recommendations for configuring your virtual Network on Oracle Cloud Infrastructure –
- Ensure no security lists or network security groups allow ingress from 0.0.0.0/0 to port 22 – Removing unfettered connectivity to remote console services, such as Secure Shell (SSH), reduces a server’s exposure to risk.
- Ensure no security lists or network security groups allow ingress from 0.0.0.0/0 to port 3389 – Removing unfettered connectivity to remote console services, such as Remote Desktop Protocol (RDP), reduces a server’s exposure to risk.
- Ensure the default security list of every VCN restricts all traffic except ICMP
- Ensure public facing Web Applications are front-ended by Load Balancers and Web Application Firewall
- Ensure all critical workloads are deployed on private subnets
- Ensure Bastion hosts have Virus and Malware protection deployed and regularly updated
- Ensure all traffic from the Internet is filtered through a firewall with IDS and IPS capabilities
Next article in the series – Best Practices on OCI Part 3: Logging & Monitoring